aspose file tools*
The moose likes Applets and the fly likes Access problem with applet - why is a POST to a servlet not allowed via applet? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Access problem with applet - why is a POST to a servlet not allowed via applet?" Watch "Access problem with applet - why is a POST to a servlet not allowed via applet?" New topic
Author

Access problem with applet - why is a POST to a servlet not allowed via applet?

Angus Comber
Ranch Hand

Joined: Jul 16, 2011
Posts: 90
I have a written a servlet, pretty standard, which provides a jsp file.

I have an applet embedded in the jsp file with applet which performs this code on a button press:



This code works fine if in a standard Java program but if in the applet I get this error:

appletviewer chat.jsp
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:8080" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:456)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:203)
at sun.net.www.http.HttpClient.New(HttpClient.java:290)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:995)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:931)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:849)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at cubaapplet.DoIt(cubaapplet.java:92)
at cubaapplet.actionPerformed(cubaapplet.java:27)
at java.awt.Button.processActionEvent(Button.java:409)
at java.awt.Button.processEvent(Button.java:377)
at java.awt.Component.dispatchEventImpl(Component.java:4861)
at java.awt.Component.dispatchEvent(Component.java:4687)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:723)
at java.awt.EventQueue.access$200(EventQueue.java:103)
at java.awt.EventQueue$3.run(EventQueue.java:682)
at java.awt.EventQueue$3.run(EventQueue.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
at java.awt.EventQueue$4.run(EventQueue.java:696)
at java.awt.EventQueue$4.run(EventQueue.java:694)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:693)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:244)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:147)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:139)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:97)

Do I have to perform the POST differently in an applet?

Is there any way I can POST data to the servlet using an applet?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.
Angus Comber
Ranch Hand

Joined: Jul 16, 2011
Posts: 90
Paul Clapham wrote:Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.


The servlet is running on localhost - so it is the host that the applet came from.

Do you think if I get the url from getDocumentBase() I might get different behaviour?

If I change code to this:



I get in console printed:
url2: file:/C:/Users/angus/workspace/TestApplet/bin/cubaapplet1350599669053.html

I think eclipse generates this html file. But why file:// and not http:// - maybe I should try in a real browser - might be different?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.
Angus Comber
Ranch Hand

Joined: Jul 16, 2011
Posts: 90
Paul Clapham wrote:Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.


Yes of course. This is test code. I hope that as long as I POST to the web server which hosted the applet then I should not get security problems. After all if I was to do this in Javascript instead it would surely work?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

I don't see what Javascript has to do with anything. The applet security model doesn't apply to Javascript.

(There are rules against cross-site scripting for Javascript, too, but as I said that's irrelevant to your present problem.)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Access problem with applet - why is a POST to a servlet not allowed via applet?