This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

HELP : SocketPermission proxy-iap...  RSS feed

 
achana chan
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
I use j2sdk1.4.0_01 on RedHat7.1 accessing Ora9i.
I have an applet which access tomcat servlets via http-tunnel (input/output stream etc). Up til now, MS98, NT4 and W-XP clients have been able to access it successfully.
However, one client using 1.3.1_03 with a strict firewall policy cannot access it, the java console throws the following error messages :

Is this a problem with their firewall ???
Is this a problem between incompatible versions (I use 1.4.0_01 whereas they use 1.3.1_03) ???
How to approach this problem ??? What needs to be done on the client's side ???

Further researches on the net :
Seems like I have to change my java.policy to
grant codeBase "http://<mydomain>.com/-" {
permission java.security.AllPermission;
};
However I don't see how that will help if the remote NT machine is throwing access denied (java.nt.SocketPermission proxy-iap resolve)
, can anyone help ?

[ January 07, 2003: Message edited by: achana chan ]
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're looking at problems with the client-side Java sandbox. It's the inbuilt Java security that is denying permission to perform a DNS lookup on the proxy-iap hostname. The point at which this happens appears to be during proxy authentication.
The suggestion to change the security policy applies to the client security policy, not the server security policy. Does this client have the Java plug-in installed?
I wish I could give you a canned answer, but unfortunately I can't; I know a bit about Java security, but I don't have an awful lot of experience with applets or applet security issues (except that I know they are plentiful).
- Peter
 
achana chan
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter.
No they do not have a plug-in, they are still on 1.3.1 (no, the administrator can't upgrade) whereas I wrote the code in 1.4.0
So, what plug-in do we need ???

TIA
***********
Further research and answers from SUN forum suggest that it is indeed a client-side issue that the server cannot do anything about (unless I misunderstood).
I can do following :

But this will only work on my side trying to get out.
This is like a Catch-22
[ January 08, 2003: Message edited by: achana chan ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!