Hi, i need some help with my japplet. after running from a browser i get this error>
I made a change to the applets policy file as follows:
This code remains in the same directory as the .jar the applet and html page are running from.
my question is regarding to a server side java.security edit, on the server do i need to go to program files/java/jre/lib/security/java.security and add
the directory of the applet and the website pointing to the policy file above?
any other input on the matter is appreciated
thanks for reading
The policy change needs to be made on the client, not on the server. There is no special policy file for applets - it uses whichever one is set up for the JRE that the Java Plugin uses.
Seeing that you're connecting to localhost, it might well be that both the server JRE and the applet JRE use the same policy file (because it's the same Java installation), which would confuse the issue.
i follow you to the point of the client side. Inside the folder where my src / build/dist/ ...etc folders are from the original IDE's files an applet.policy file is automatically created with any applet. Are you referring to this as the client policy file?
On any server hosting a java applet that accesses other nodes or needs to establish connect's and resolve's it can be done in the java.security file in the program files folder...
what im saying i altered was the file that accompanies the Japplet.jar and classes known as applet.policy, i also had a change of mysql engines, my testing WAMP server is on my local laptop, but i will be hosting the japplet and html @ http://fantasybaseball.dnsdojo.com/. I know i sound redundant, but i'm not understanding the location of the error, i need to reach my applet just on a different server through the above url..what changes....could a mysql connection string with incorrect username or password cause the socket permission...
No, the applet environment checks the socket permission before it lets the applet use the socket. So obviously incorrect connection parameters wouldn't cause that.
The rest of your question I don't follow at all. If you are asserting that you can do something on the server side to fix the applet's policy file on the client, that's wrong if you think about it. If that were the case then any malware-writer could write an applet which asserts that it is permitted to scan the file system of the client.
If you're going to use a policy file to provide extra permissions to your applet, you will have to install that policy file on each client where the applet will run before the applet can do anything outside its normal permissions. The applet cannot install its own policy file because it doesn't have access to the client's file system, somebody physically located at the client must do it.
Ok, now i am getting somewhere, If my clients cannot talk to the applet with the policy files they have and i probably would be better off not having to install a policy file on each user who tries to access, what is the alternative to allowing clients to use the applet...signed java applet?
I don't know about Netbeans, but there's an Ant "signjar" task which will sign a jar for you. I suggest you read through the part of the applet tutorial which discusses signing of jars.
Also I should mention that it appears you plan to access your database from places across the Internet. (Or is this just a local intranet application?) People tend to consider that as insecure, as once you expose your database to the world, anybody in the world can access it, with or without your applet. Generally it's recommended to have a server application which accesses the database, and then the applet would communicate using your own protocol with that server application.
When a user first runs a signed applet in their browser, they get a popup which tells them the applet wants to do insecure things and asks them to approve that. They are free to say no, in which case the errors will occur.
But you would have seen that popup in your testing. If you didn't ever see it then you aren't downloading a signed applet.
Thanks, the signed cert trust confirm dialog did show, and any jar's there after signed with that keystore no longer needed confirmed, but the jar acception did not remedy all errors, i receieved a connect refusal first, solved that, now i get a connection time out error when i try to connect from any client outside of the LAN. its close. thanks again
Patrick Martz wrote:now i get a connection time out error when i try to connect from any client outside of the LAN.
Well, yeah, you will need your server to be visible outside the LAN if you want clients outside the LAN to be able to connect to it. That's just network configuration though, you seem to have the applet problems cleaned up now.