File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Applets and the fly likes Signed applet getting access denied Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Signed applet getting access denied" Watch "Signed applet getting access denied" New topic
Author

Signed applet getting access denied

Denise Flinchbaugh
Greenhorn

Joined: Apr 27, 2009
Posts: 3
Don't groan - this is not a "typical" "I don't know why I'm getting access is denied" question

I am testing a prototype applet on my local system - all it does is try to execute notepad.exe on my system. (Just as an FYI, the end result applet will be used in a web based application distributed to our users who want the capability of being able to execute scripts/executables on the local system from our web based app.)

I am using 1.6.0_13 JRE (and JDK).

I have signed the applet, I have set up everything as if I were the recepient (i.e. using policy tool to grant permissions, gave FileIoPermission for WINDOWS directory with execute, read, and write, set ALLPermissions, etc.), and have even modified java.security to point to my policy file (note I modified all files on all JREs just to be sure). I have waded through tons of documentation on sun and elsewhere to see what is up and how to set it up and what I might be doing wrong to no avail. Am I desperate? YES!

I am thinking that perhaps I am specifying the various file names incorrectly (some of the documents show setting the paths in the various places as file:/C:/WINDOWS/, some as /WINDOWS/, some as file://C:/WINDOWS/, some as C\:\\WINDOWS\\) and I have tried changing all the various permutations in all the various places with no success. Or perhaps missing an entry somewhere? At this point I am just plain confused.

So if you can give me some pointers and/or definitive answers on how the paths etc should be typed, or some insight into what I am not doing correctly it would greatly be appreciated.

Here is the code and the error:

I'm catching the exception:

Exception: access denied (java.io.FilePermission C:/WINDOWS/notepad.exe execute)

Here is the HTML to launch the applet:



And here is the java code:



Thanks in advance for anything anyone can do for my spinning head!
Denise
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42951
    
  72
Welcome to JavaRanch.

I have signed the applet, I have set up everything as if I were the recepient (i.e. using policy tool to grant permissions, gave FileIoPermission for WINDOWS directory with execute, read, and write, set ALLPermissions, etc.), and have even modified java.security to point to my policy file (note I modified all files on all JREs just to be sure).

If the applet is signed, then there's no need to modify any of the security policy files - a signed applet has all the permissions it could have.

Under some circumstances that's not sufficient, though, and the code needing the additional permissions needs to run as privileged code. See the last paragraphs of the "Signing an applet" section in http://faq.javaranch.com/java/HowCanAnAppletReadFilesOnTheLocalFileSystem for more detail on that.
Denise Flinchbaugh
Greenhorn

Joined: Apr 27, 2009
Posts: 3
Thanks for the response.

I tried granting the permission in the java.policy file. I granted it just to the signer as I know down the road we may have multiple applets:

grant signedBy "profitool" {
permission java.io.FilePermission "<<ALL FILES>>", "execute";
};

"profitool" was the alias I assigned when I was setting up the keystore and policy stuff as the "end user". These were the instructions I originally followed for signing, setting up the policy file as the "end user", etc:

Javadocs Tutorial Security

FYI, Went this route because I was getting the "access denied" thing right off the bat and checking the documentation led me there as a solution.

Granting the permissions in java.policy didn't solve my issue - I am still getting the same error message.

1. If I change it to use the codebase, what should I put in since I do not have a URL? Do I enter the full path (i.e. C:\MyDir\com\profitool\applet? What would be the correct syntax?

2. Again, right now I am just testing the "prototype" so I am just launching the html file directly (using appletviewer and/or just double clicking on the html file to launch in browser window). Should I be doing this differently?

3. I have never received a dialog box asking me to "trust it" - is that because I am not launching the applet from an actual web site page? I am using both Firefox 3.0 and IE 7.0 to test with.

At any rate, I am now trying the privileged mode - I am going to wipe out all of the policy stuff since I have to resign etc and see where that takes me.

Thanks,
Denise


Denise Flinchbaugh
Greenhorn

Joined: Apr 27, 2009
Posts: 3
Update at 1:57 PM MDT

So I tried the privileged method and still get access denied. I even modified java.policy to have :

grant {
permission java.io.FilePermission "<<ALL FILES>>", "execute";
};


Update at 2:45 PM MDT

Had and executed a thought - using policytool I added a policy permission to the policy I had created previously that had the following entries:

codeBase = left blank
signedBy = denise (this was alias I gave when I imported the certificate via keytool)
Permission = selected FilePermission
Target = <<ALL FILES>>
Action = execute

saved it and it ran perfectly.

Still would like answers though to my questions.....
Denise
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Signed applet getting access denied