• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Access problem with applet - why is a POST to a servlet not allowed via applet?

 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a written a servlet, pretty standard, which provides a jsp file.

I have an applet embedded in the jsp file with applet which performs this code on a button press:



This code works fine if in a standard Java program but if in the applet I get this error:

appletviewer chat.jsp
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:8080" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:456)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:203)
at sun.net.www.http.HttpClient.New(HttpClient.java:290)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:995)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:931)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:849)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at cubaapplet.DoIt(cubaapplet.java:92)
at cubaapplet.actionPerformed(cubaapplet.java:27)
at java.awt.Button.processActionEvent(Button.java:409)
at java.awt.Button.processEvent(Button.java:377)
at java.awt.Component.dispatchEventImpl(Component.java:4861)
at java.awt.Component.dispatchEvent(Component.java:4687)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:723)
at java.awt.EventQueue.access$200(EventQueue.java:103)
at java.awt.EventQueue$3.run(EventQueue.java:682)
at java.awt.EventQueue$3.run(EventQueue.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
at java.awt.EventQueue$4.run(EventQueue.java:696)
at java.awt.EventQueue$4.run(EventQueue.java:694)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:693)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:244)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:147)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:139)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:97)

Do I have to perform the POST differently in an applet?

Is there any way I can POST data to the servlet using an applet?
 
Paul Clapham
Sheriff
Posts: 20998
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.
 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Applet security only allows unsigned applets to connect to the server where the applet was downloaded from.

Your code doesn't do that, it tries to post to a server running on localhost. You can find out the applet's host by starting with the URL returned from the getDocumentBase() method.


The servlet is running on localhost - so it is the host that the applet came from.

Do you think if I get the url from getDocumentBase() I might get different behaviour?

If I change code to this:



I get in console printed:
url2: file:/C:/Users/angus/workspace/TestApplet/bin/cubaapplet1350599669053.html

I think eclipse generates this html file. But why file:// and not http:// - maybe I should try in a real browser - might be different?
 
Paul Clapham
Sheriff
Posts: 20998
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.
 
Angus Comber
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Yes, I do. And I don't think you want "localhost" to be hard-coded in your applet anyway, in real life the applet is going to be loaded from some other machine.


Yes of course. This is test code. I hope that as long as I POST to the web server which hosted the applet then I should not get security problems. After all if I was to do this in Javascript instead it would surely work?
 
Paul Clapham
Sheriff
Posts: 20998
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see what Javascript has to do with anything. The applet security model doesn't apply to Javascript.

(There are rules against cross-site scripting for Javascript, too, but as I said that's irrelevant to your present problem.)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic