• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

applet socketpermissions

 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, i need some help with my japplet. after running from a browser i get this error>



I made a change to the applets policy file as follows:


This code remains in the same directory as the .jar the applet and html page are running from.

my question is regarding to a server side java.security edit, on the server do i need to go to program files/java/jre/lib/security/java.security and add
the directory of the applet and the website pointing to the policy file above?

any other input on the matter is appreciated
thanks for reading

pat
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The policy change needs to be made on the client, not on the server. There is no special policy file for applets - it uses whichever one is set up for the JRE that the Java Plugin uses.

Seeing that you're connecting to localhost, it might well be that both the server JRE and the applet JRE use the same policy file (because it's the same Java installation), which would confuse the issue.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i follow you to the point of the client side. Inside the folder where my src / build/dist/ ...etc folders are from the original IDE's files an applet.policy file is automatically created with any applet. Are you referring to this as the client policy file?

On any server hosting a java applet that accesses other nodes or needs to establish connect's and resolve's it can be done in the java.security file in the program files folder...

what im saying i altered was the file that accompanies the Japplet.jar and classes known as applet.policy, i also had a change of mysql engines, my testing WAMP server is on my local laptop, but i will be hosting the japplet and html @ http://fantasybaseball.dnsdojo.com/. I know i sound redundant, but i'm not understanding the location of the error, i need to reach my applet just on a different server through the above url..what changes....could a mysql connection string with incorrect username or password cause the socket permission...
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, the applet environment checks the socket permission before it lets the applet use the socket. So obviously incorrect connection parameters wouldn't cause that.

The rest of your question I don't follow at all. If you are asserting that you can do something on the server side to fix the applet's policy file on the client, that's wrong if you think about it. If that were the case then any malware-writer could write an applet which asserts that it is permitted to scan the file system of the client.

If you're going to use a policy file to provide extra permissions to your applet, you will have to install that policy file on each client where the applet will run before the applet can do anything outside its normal permissions. The applet cannot install its own policy file because it doesn't have access to the client's file system, somebody physically located at the client must do it.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, now i am getting somewhere, If my clients cannot talk to the applet with the policy files they have and i probably would be better off not having to install a policy file on each user who tries to access, what is the alternative to allowing clients to use the applet...signed java applet?

thanks, im learning
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

what is the alternative to allowing clients to use the applet...signed java applet?


Yes.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Best way to do this in NetBeans?....project properties?
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know about Netbeans, but there's an Ant "signjar" task which will sign a jar for you. I suggest you read through the part of the applet tutorial which discusses signing of jars.

Also I should mention that it appears you plan to access your database from places across the Internet. (Or is this just a local intranet application?) People tend to consider that as insecure, as once you expose your database to the world, anybody in the world can access it, with or without your applet. Generally it's recommended to have a server application which accesses the database, and then the applet would communicate using your own protocol with that server application.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Signing the jar did nothing for the clients.. they still receive socket permission access denied
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Be aware that ALL involved jar files need to be signed - the applet jar and the driver jar (and any others that may perform restricted operations).
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
all class files inside the website are signed, including any .jar file...any outside pc over the internet receives SocketPermission access denial.
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When a user first runs a signed applet in their browser, they get a popup which tells them the applet wants to do insecure things and asks them to approve that. They are free to say no, in which case the errors will occur.

But you would have seen that popup in your testing. If you didn't ever see it then you aren't downloading a signed applet.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, the signed cert trust confirm dialog did show, and any jar's there after signed with that keystore no longer needed confirmed, but the jar acception did not remedy all errors, i receieved a connect refusal first, solved that, now i get a connection time out error when i try to connect from any client outside of the LAN. its close. thanks again
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Patrick Martz wrote:now i get a connection time out error when i try to connect from any client outside of the LAN.



Well, yeah, you will need your server to be visible outside the LAN if you want clients outside the LAN to be able to connect to it. That's just network configuration though, you seem to have the applet problems cleaned up now.
 
Patrick Martz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
the driver manager needed some easily accessible host names and it passed, thanks for your assistance
 
I am Arthur, King of the Britons. And this is a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic