This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Access problem with applet - why is a POST to a servlet not allowed via applet?

 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a written a servlet, pretty standard, which provides a jsp file.

I have an applet embedded in the jsp file with applet which performs this code on a button press:



This code works fine if in a standard Java program but if in the applet I get this error:

appletviewer chat.jsp
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:8080" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:456)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:203)
at sun.net.www.http.HttpClient.New(HttpClient.java:290)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:995)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:931)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:849)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at cubaapplet.DoIt(cubaapplet.java:92)
at cubaapplet.actionPerformed(cubaapplet.java:27)
at java.awt.Button.processActionEvent(Button.java:409)
at java.awt.Button.processEvent(Button.java:377)
at java.awt.Component.dispatchEventImpl(Component.java:4861)
at java.awt.Component.dispatchEvent(Component.java:4687)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:723)
at java.awt.EventQueue.access$200(EventQueue.java:103)
at java.awt.EventQueue$3.run(EventQueue.java:682)
at java.awt.EventQueue$3.run(EventQueue.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
at java.awt.EventQueue$4.run(EventQueue.java:696)
at java.awt.EventQueue$4.run(EventQueue.java:694)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:693)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:244)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:147)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:139)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:97)

Do I have to perform the POST differently in an applet?

Is there any way I can POST data to the servlet using an applet?
 
Paul Clapham
Sheriff
Pie
Posts: 20750
30
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.
 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.


The servlet is running on localhost - so it is the host that the applet came from.

Do you think if I get the url from getDocumentBase() I might get different behaviour?

If I change code to this:



I get in console printed:
url2: file:/C:/Users/angus/workspace/TestApplet/bin/cubaapplet1350599669053.html

I think eclipse generates this html file. But why file:// and not http:// - maybe I should try in a real browser - might be different?
 
Paul Clapham
Sheriff
Pie
Posts: 20750
30
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.
 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.


Yes of course. This is test code. I hope that as long as I POST to the web server which hosted the applet then I should not get security problems. After all if I was to do this in Javascript instead it would surely work?
 
Paul Clapham
Sheriff
Pie
Posts: 20750
30
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see what Javascript has to do with anything. The applet security model doesn't apply to Javascript.

(There are rules against cross-site scripting for Javascript, too, but as I said that's irrelevant to your present problem.)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic