Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Applet reading/writing to text files

 
Yash Sharma
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
This is my first post here. So forgive me if somebody answered this already. I have a website at geocities and I was trying to have an applet that reads/writes to a text file. While searching I came across this thread
http://forum.java.sun.com/thread.jsp?thread=324906&forum=63&message=1318134
Unfortunately no body has replied to the question by sapna_java. She found a similar applet running at http://www.geocities.com/wahjava/dctester.html for a java mock exam.
I wrote to the author of site and he said that he has not used *any* security file and has used java IO API. How is it possible? Is it because the applet class file and text files are in the same directory that you don't need any security file to read from a text file or what?
Can any body help me out?
 
Yash Sharma
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This was my first query on javaranch. I heard a lot of this forum but it seems people are only interested to answer easy/theoritical questions here. I can say so seeing such threads swelling by every minute and my question still remaining unanswered.
 
Jim Yingst
Wanderer
Sheriff
Posts: 18671
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well the other issue is, many of us just don't use Applets. Those who do, tend to read the Applets forum, so I'll move this there in hopes someone will be able to help. Good luck.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, what do you expect with a self-signed certificate? The idea is that certificates provide some degree of authentication; if a self-signed certificate would be accepted as the genuine article there's no meaningful security left.
In any case, the thing to do is to make yourself a Certificate Authority. The JRE stores its CA certificates in jre/lib/security/cacerts; any valid certificate chain that can be tracked down to an authority in cacerts will be accepted. I am not sure whether the Sun Java plugin uses this file as well; it probably says in the plugin documentation. If it does, then use keytool -import to import your certificate into cacerts. Presto, you're a Certificate Authority (but obviously only recognised as such on your own machine, so you'll still need to get a "real" certificate for deployment in the field).
- Peter
 
Debashish Chakrabarty
Ranch Hand
Posts: 231
Firefox Browser Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,Yash,
Unfortunately Peter I was not able to understand your reply. What is this self-signed certificate?
Before I go ahead let me mention that I maintain the site Wah Java! (refered above) and before Yash had emailed me it hardly occurred to me that the text applet made by me was indeed reading from a text file kept at geocities server. As I told him I have used simple IO to read the text file containing questions and answers and have not used any applet security certificate. I hope ranchers will explain how applet works fine on geocities.
Thanks and awaiting responses..
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah, from the server. That's different. By default, any applet is able to access the server it was loaded from. The easiest way to access files on the server is simply by HTTP (java.net.URL) or, if the files are in the applet jar, using getClass().getResource()/getResourceAsStream(). Writing files is most easily accomplished using an HTTP POST request to a servlet (or PHP or CGI page or...) on the server. If the server will take PUT requests then you won't even need servlets -- but it'd be a security hole.
If you want to read or write files on the client machine that the applets is running on, you need two ingredients: (1) a signed jar using a bona fide certificate and (2) a security policy for that jar which allows reading and writing of local files. The java.sun.com thread you referred to was started by someone who'd used a self-signed certificate; that's why I started talking about that. There's another problem with applets doing local filesystem I/O though. The Sun Java plug-in, Microsoft's Java applet implementation and Netscape all use different ways of escalating a applet's privileges. It's a minefield and one of the reasons why applets never took off. If you really need to do this, consider Java Web Start which has a far better delivery and security model. But from the sound of it you don't want to do this at all.
- Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic