This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Applets and the fly likes applet socketpermissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Applets
Bookmark "applet socketpermissions" Watch "applet socketpermissions" New topic
Author

applet socketpermissions

Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
Hi, i need some help with my japplet. after running from a browser i get this error>



I made a change to the applets policy file as follows:


This code remains in the same directory as the .jar the applet and html page are running from.

my question is regarding to a server side java.security edit, on the server do i need to go to program files/java/jre/lib/security/java.security and add
the directory of the applet and the website pointing to the policy file above?

any other input on the matter is appreciated
thanks for reading

pat
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41180
    
  45
The policy change needs to be made on the client, not on the server. There is no special policy file for applets - it uses whichever one is set up for the JRE that the Java Plugin uses.

Seeing that you're connecting to localhost, it might well be that both the server JRE and the applet JRE use the same policy file (because it's the same Java installation), which would confuse the issue.


Ping & DNS - my free Android networking tools app
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
i follow you to the point of the client side. Inside the folder where my src / build/dist/ ...etc folders are from the original IDE's files an applet.policy file is automatically created with any applet. Are you referring to this as the client policy file?

On any server hosting a java applet that accesses other nodes or needs to establish connect's and resolve's it can be done in the java.security file in the program files folder...

what im saying i altered was the file that accompanies the Japplet.jar and classes known as applet.policy, i also had a change of mysql engines, my testing WAMP server is on my local laptop, but i will be hosting the japplet and html @ http://fantasybaseball.dnsdojo.com/. I know i sound redundant, but i'm not understanding the location of the error, i need to reach my applet just on a different server through the above url..what changes....could a mysql connection string with incorrect username or password cause the socket permission...
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

No, the applet environment checks the socket permission before it lets the applet use the socket. So obviously incorrect connection parameters wouldn't cause that.

The rest of your question I don't follow at all. If you are asserting that you can do something on the server side to fix the applet's policy file on the client, that's wrong if you think about it. If that were the case then any malware-writer could write an applet which asserts that it is permitted to scan the file system of the client.

If you're going to use a policy file to provide extra permissions to your applet, you will have to install that policy file on each client where the applet will run before the applet can do anything outside its normal permissions. The applet cannot install its own policy file because it doesn't have access to the client's file system, somebody physically located at the client must do it.
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
Ok, now i am getting somewhere, If my clients cannot talk to the applet with the policy files they have and i probably would be better off not having to install a policy file on each user who tries to access, what is the alternative to allowing clients to use the applet...signed java applet?

thanks, im learning
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41180
    
  45
what is the alternative to allowing clients to use the applet...signed java applet?

Yes.
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
Best way to do this in NetBeans?....project properties?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

I don't know about Netbeans, but there's an Ant "signjar" task which will sign a jar for you. I suggest you read through the part of the applet tutorial which discusses signing of jars.

Also I should mention that it appears you plan to access your database from places across the Internet. (Or is this just a local intranet application?) People tend to consider that as insecure, as once you expose your database to the world, anybody in the world can access it, with or without your applet. Generally it's recommended to have a server application which accesses the database, and then the applet would communicate using your own protocol with that server application.
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
Signing the jar did nothing for the clients.. they still receive socket permission access denied
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41180
    
  45
Be aware that ALL involved jar files need to be signed - the applet jar and the driver jar (and any others that may perform restricted operations).
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
all class files inside the website are signed, including any .jar file...any outside pc over the internet receives SocketPermission access denial.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

When a user first runs a signed applet in their browser, they get a popup which tells them the applet wants to do insecure things and asks them to approve that. They are free to say no, in which case the errors will occur.

But you would have seen that popup in your testing. If you didn't ever see it then you aren't downloading a signed applet.
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
Thanks, the signed cert trust confirm dialog did show, and any jar's there after signed with that keystore no longer needed confirmed, but the jar acception did not remedy all errors, i receieved a connect refusal first, solved that, now i get a connection time out error when i try to connect from any client outside of the LAN. its close. thanks again
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Patrick Martz wrote:now i get a connection time out error when i try to connect from any client outside of the LAN.


Well, yeah, you will need your server to be visible outside the LAN if you want clients outside the LAN to be able to connect to it. That's just network configuration though, you seem to have the applet problems cleaned up now.
Patrick Martz
Greenhorn

Joined: Dec 12, 2009
Posts: 18
the driver manager needed some easily accessible host names and it passed, thanks for your assistance
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: applet socketpermissions
 
Similar Threads
Removing Eclipse Ganymede
my applet can't connect to database
applet Mysql connection
new to applet deployment
Error connecting on MySQL