• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Applet security issues

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a self signed applet - I verified that its self signed with jarsigner -verify, so it is without a doubt signed.

Its running on a Tomcat 6.0 server on localhost, and I'm trying it with both Firefox and IE, with the same result.

I'm trying to access the filesystem, and it simply will not do it, giving me AccessControlExceptions when I try that look like this :-

java.security.AccessControlException: access denied (java.io.FilePermission C:\ read)

(it makes no difference where I attempt to read on the filesystem, I've already fiddled around with that).

The root of it all is to use a file chooser to save a .png to the hard drive. The above error is caused by it attempting to set a default path to save the .pngs too, but if I take that out it still falls over, just on writing the file instead of reading. All the (many) tutorials I've read just talk about the requirement to sign the applet, but it is signed and the certificate accepted, still no joy. There is some talk about Java Web Start and bugs I noticed after rooting through Google, but that doesn't apply to me.


public void doSaveAs() throws IOException {

JFileChooser fileChooser = new JFileChooser();
fileChooser.setCurrentDirectory(this.defaultDirectoryForSaveAs);
ExtensionFileFilter filter = new ExtensionFileFilter(
localizationResources.getString("PNG_Image_Files"), ".png");
fileChooser.addChoosableFileFilter(filter);

int option = fileChooser.showSaveDialog(this);
if (option == JFileChooser.APPROVE_OPTION) {
String filename = fileChooser.getSelectedFile().getPath();
if (isEnforceFileExtensions()) {
if (!filename.endsWith(".png")) {
filename = filename + ".png";
}
}
ChartUtilities.saveChartAsPNG(new File(filename), this.chart,
getWidth(), getHeight());
}

}

Thats the code for sake of completeness - its actually open source and well tested so I doubt theres anything to see there. The issue isnt really a codey one but some sort of signing/sandbox issue.

Any takers?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

One thing to try is to run the code as privileged code; I've read reports that sometimes that's necessary even if the applet is signed. See the end of the "Signing an applet" section in http://faq.javaranch.com/java/HowCanAnAppletReadFilesOnTheLocalFileSystem for details.
 
Rob Fry
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks. I been here a while actually, just not on the forums. Learning for the SCJP ages ago.

I was hoping to avoid policy files but it looks like I'll have to delve into them after all...
 
Rob Fry
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Looks like this was the solution, putting in a policy file fixed it.

Thanks!
 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Apologies if I'm stirring up this thread again, but I have a very similar issue on hand.

I had an applet which captured a screenshot of the client's workstation and saved it onto a predetermined location on the client's file system, from where my application picked it up for an e-mail attachment.

I had modified the code using the Java Swing API such that the applet prompts the user with a save file dialog as to where he/she wants to save the screenshot on their file system.

I am attempting to return the full path of the saved file from the applet onto a javascript function and then call on a VBScript function within the javascript such that it uses this full path (retrieved using the getAbsolutePath() method within the applet) of the screeshot to pick it up as an attachment.

My predicament is elaborated in my latest post HERE.

I want to give my applet full read rights to the client's file system without the client having to manually configure an appropriate policy to this effect at his end.

I have self-signed my applet and it is able to write the screenshot onto the client's file system inside a privileged code block. I have put the other code which requires read rights within the same block, but it doesn't appear to be working.

How do I achieve this?

Thank you for your time.
[ July 02, 2008: Message edited by: Sridhar Venkataraman ]
 
Sridhar Venkataraman
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
UPDATE:

Solved the object expected issue, but still in the dark about how to make the file save dialog stay in focus immediately upon being fired.

UPDATE:

I managed to bypass the security restriction (It surprised me because I did not explicity do anything in the code which dealt with security).

I now have a new problem. When I fire up the java applet using the javascript, it throws the file save dialog and then appears to freeze (the dialog is not immediately in focus and I have to alt-tab around to bring it into focus).

Upon typing a file name, the javascript throws up an "object expected" error.

[ July 02, 2008: Message edited by: Sridhar Venkataraman ]
[ July 02, 2008: Message edited by: Sridhar Venkataraman ]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic