Having looked through all the search responses for 'applet security' and not finding the answer I need, I am posting my question. I am developing a proof of concept applet for an intranet application. It is downloaded from one server, but requires resources from another. I have signed the applet and used the PolicyEngine.assertPermission(PermissionId.SYSTEM) statement as the first statement in the applet's init() method. Later on, in a different method, I create a URL object that ultimately connects to the other server so I can get it's resources, but the Java Console still shows a SecurityExceptionEx being thrown when I try to connect to the second server. What is the solution? Do I need to make it socket-based communication, or does Java and/or IE not allow this, regardless of asserted permissions and signing?
posted 16 years ago
I have an answer to my question now. Apparently, because the domain name is not exactly the same for the second server, IE considers the domains to be different. So regardless of the permissions I've asserted or the applet signature, the browser considers this absolutely forbidden and won't allow it. So I'll just call a servlet resource on the source server and let it access the other server. Not optimal, but it will work.