• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to loading policy file with signed Applet

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Everyone!

I have an Applet which tries to open a file in the client machine. For this to work the jar file (in which the Applet class reside) is signed using the keytool and jarsigner. I have also created a policy file for enabling access to the Applet. The policy reads as below:

grant {
permission java.security.AllPermission;
};

The following works fine:
appletviewer -J-Djava.security.policy=mypolicy test.html
Without the '-J-Djava.security.policy=mypolicy' in the above, the Applet would not work!

But if I try to open the html file in a browser (MacOS) then Access is denied.

I think the browser JVM is using the default policy file. One way to make this work is by modifying the JRE policy file. But I dont think my clients would be looking to do that.

My question is... how should I bundle the custom policy file into the jar so that client side there are no changes? Any idea?

NOTE: I have already seen some articles for the same. Would appreciate if anyone provides a very simple working example.

Thanks and Regards,
Mahesh.
 
Rancher
Posts: 5008
38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A comment:
> bundle the custom policy file into the jar
This can't be allowed. If it were possible for an applet to set its own permissions then there wouldn't be any security.

>I think the browser JVM is using the default policy file
Yes I think so to. It is up to each client to change his policy file to control what he will allow applets to do on his machine.

On Win98 there is a file: .java.policy where the policytool writes when it is used to update permissions. This file is linked to from another policy file in the JVMs folders.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

grant {
permission java.security.AllPermission;
};



Ouch. You have just allowed any applet out there to read all files on your hard disk and to transmit them somewhere on the web.

Something like


grant codeBase "http://www.xyz.com/directory/applet.jar" {
permission java.security.AllPermission;
};


seems more appropriate. Even better, replace AllPermission with a more specific FilePermission.
[ October 24, 2005: Message edited by: Ulf Dittmer ]
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ulf Dittmer or anyone else can help,

I need to allow the client to connect to hosts rather than the one it downloaded the applet from. Also I need the applet to have right to have read and write permission.

How should I set the permission file to allow it do so?

Thanks very much.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Lin Shen: You would need a java.io.FilePermission and a java.net.SocketPermission. They can be combined in one grant statement, which, as in my earlier post, should also specify the URL the applet comes from. Reading the javadocs for those two classes will give you a start in what to do. The Applet FAQ, which is linked in my signature, has further links on using policy files with applets.
 
Life just hasn't been the same since the volcano erupted and now the air is full of tiny ads.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic