This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Five Lines of Code and have Christian Clausen on-line!
See this thread for details.
Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

HELP : SocketPermission proxy-iap...

 
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
I use j2sdk1.4.0_01 on RedHat7.1 accessing Ora9i.
I have an applet which access tomcat servlets via http-tunnel (input/output stream etc). Up til now, MS98, NT4 and W-XP clients have been able to access it successfully.
However, one client using 1.3.1_03 with a strict firewall policy cannot access it, the java console throws the following error messages :

Is this a problem with their firewall ???
Is this a problem between incompatible versions (I use 1.4.0_01 whereas they use 1.3.1_03) ???
How to approach this problem ??? What needs to be done on the client's side ???

Further researches on the net :
Seems like I have to change my java.policy to
grant codeBase "http://<mydomain>.com/-"; {
permission java.security.AllPermission;
};
However I don't see how that will help if the remote NT machine is throwing access denied (java.nt.SocketPermission proxy-iap resolve)
, can anyone help ?

[ January 07, 2003: Message edited by: achana chan ]
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're looking at problems with the client-side Java sandbox. It's the inbuilt Java security that is denying permission to perform a DNS lookup on the proxy-iap hostname. The point at which this happens appears to be during proxy authentication.
The suggestion to change the security policy applies to the client security policy, not the server security policy. Does this client have the Java plug-in installed?
I wish I could give you a canned answer, but unfortunately I can't; I know a bit about Java security, but I don't have an awful lot of experience with applets or applet security issues (except that I know they are plentiful).
- Peter
 
achana chan
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter.
No they do not have a plug-in, they are still on 1.3.1 (no, the administrator can't upgrade) whereas I wrote the code in 1.4.0
So, what plug-in do we need ???

TIA
***********
Further research and answers from SUN forum suggest that it is indeed a client-side issue that the server cannot do anything about (unless I misunderstood).
I can do following :

But this will only work on my side trying to get out.
This is like a Catch-22
[ January 08, 2003: Message edited by: achana chan ]
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic