File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Applets and the fly likes policytool Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "policytool" Watch "policytool" New topic
Author

policytool

Tom Griffith
Ranch Hand

Joined: Aug 06, 2004
Posts: 257
Hello. If somebody has a minute, I've been kinda messing around with this. What I am trying to do is deploy an applet that will display the contents of a rtf file in a jtexteditor. The rtf file is located in the root directory (along with jsp's, html's, etc) of a war inside an ear deployed on the server. I am trying to stream the contents of the rtf stored on the server into an inputstream based on the URL of the rtf file...and eventually read a bytearray of the stream into the jtexteditor. This avoids all "contact" with the local drive and any security problems.

However, I am now receiving CheckPermsission errors when I try to test the applet with the appletviewer. I've been tinkering with policytool but i'm stil kinda confused about it. In this situation, does a policy file have to exist on the server for the particular applet class (or a directory of classes, ie the codebase) giving permission to read, write, whatever to this rtf file? Is creating the policy file on the server sufficient enough to get the applet to run on clients?

I am running the applet class locally with appletviewer but trying to pull the rtf file from the server. Maybe that is the problem...does the codebase in the policyfile indicate the applet class(es) before they are downloaded to clients? That is the plan I guess, to deploy this on the server. Maybe I need to get the applet class on the server as opposed to local in order to test this with the server's rtf file.

Thank you for reading this, just kinda thinking out loud and trying to get this straight. Any help is appreciated...I'm going to try to put the applet class up inside the ear on the server and see what happens.
[ October 17, 2005: Message edited by: Tom Griffith ]
Norm Radder
Ranch Hand

Joined: Aug 10, 2005
Posts: 685
Not sure where you are getting the Permission problem? Connecting to the server, reading a disk file or what ?
What is the full text of the message?

Since the applet's codebase is on the local machine, it would need permission to connect to a server off site. Moving the applet to the site should solve that problem.
You should have a test server like Apache that you can use with localhost (127.0.0.1) for testing. That shortens the test loop but I think gives a good test.

The policy file is on the client with the browser where the applet is to be executed. That makes it awkward to distribute. It's probably better to go with a signed applet.
Tom Griffith
Ranch Hand

Joined: Aug 06, 2004
Posts: 257
Hi. Yeah, I don't really know why I didn't try testing this on my local server as opposed to trying an appletviewer. I guess I was anxious to see if I could remotely snag the contents of the rtf located on the server. Thank you for the information, you did clear up the main confusion i was having with policy files and their distribution. I was just hoping the file would have to be deployed on the server without the clients knowledge. I'll have to look into signed applets, but I still don't get the major applet security feature, i.e. I understand why local files can't be messed with but if the server is hosting the applet, why can't clients read the files the server hosts, in this case the rtf, since the server distributes the code anyway?

Oh, well here is the first line of the error I'm getting...

java.security.AccessCOntrolException: access denied (java.net.SocketPermission test_server.com.8080 connect, resolve)
at java.security.AccessControlCOntext.checkPermission...

hmm, as I type that, it's kinda looking more like a server/firewall access problem. Maybe that's it. I was kinda focused on that checkPermission part. This may explain my ponderance above. Thank you again...
[ October 17, 2005: Message edited by: Tom Griffith ]
Norm Radder
Ranch Hand

Joined: Aug 10, 2005
Posts: 685
Here's a sample entry from my .java.policy file.
Your error message impies you need something like this in your policy file.

grant codeBase "http://somewhere.com" {
permission java.net.SocketPermission "8013", "accept, connect, listen, resolve";
};
Norm Radder
Ranch Hand

Joined: Aug 10, 2005
Posts: 685
>the major applet security feature, i.e. I understand why local files can't be messed with but if the server is hosting the applet, why can't clients read the files the server hosts

I thought you got the error when trying to have an applet loaded from one codebase (your local system) connect to another codebase (your server)?

There wouldn't be a problem if the applet came from the server, ie had the same codebase. Different codebase's is considered a security problem.
Tom Griffith
Ranch Hand

Joined: Aug 06, 2004
Posts: 257
Hi. You were right, I was getting the permission error when loading the applet from my local server and connecting via url to the rtf file on the server os. I moved the applet junk (html, applet and nested classes, etc) inside a war deployed on the server and after some tinkering it seems to be doing ok now. It's not throwing any fits about permissions when it's accessing the rtf. I guess it was a matter of where the applet class is loaded from on the browser. Thank you again for allowing me to bounce this off you.
[ October 19, 2005: Message edited by: Tom Griffith ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: policytool
 
Similar Threads
EJB, log4j, and access denied to log4.properties
ClassNotFoundException
How to get a File object from a InputStream or BufferedReader?
Applet Security
can Applets read/write to Access?