This week's book giveaways are in the Cloud and AI/ML forums.
We're giving away four copies each of Cloud Native Patterns and Natural Language Processing and have the authors on-line!
See this thread and this one for details.
Win a copy of Cloud Native PatternsE this week in the Cloud forum
or Natural Language Processing in the AI/ML forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

How to loading policy file with signed Applet

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone!

I have an Applet which tries to open a file in the client machine. For this to work the jar file (in which the Applet class reside) is signed using the keytool and jarsigner. I have also created a policy file for enabling access to the Applet. The policy reads as below:

grant {
permission java.security.AllPermission;
};

The following works fine:
appletviewer -J-Djava.security.policy=mypolicy test.html
Without the '-J-Djava.security.policy=mypolicy' in the above, the Applet would not work!

But if I try to open the html file in a browser (MacOS) then Access is denied.

I think the browser JVM is using the default policy file. One way to make this work is by modifying the JRE policy file. But I dont think my clients would be looking to do that.

My question is... how should I bundle the custom policy file into the jar so that client side there are no changes? Any idea?

NOTE: I have already seen some articles for the same. Would appreciate if anyone provides a very simple working example.

Thanks and Regards,
Mahesh.
 
Rancher
Posts: 3409
33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A comment:
> bundle the custom policy file into the jar
This can't be allowed. If it were possible for an applet to set its own permissions then there wouldn't be any security.

>I think the browser JVM is using the default policy file
Yes I think so to. It is up to each client to change his policy file to control what he will allow applets to do on his machine.

On Win98 there is a file: .java.policy where the policytool writes when it is used to update permissions. This file is linked to from another policy file in the JVMs folders.
 
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

grant {
permission java.security.AllPermission;
};



Ouch. You have just allowed any applet out there to read all files on your hard disk and to transmit them somewhere on the web.

Something like


grant codeBase "http://www.xyz.com/directory/applet.jar" {
permission java.security.AllPermission;
};


seems more appropriate. Even better, replace AllPermission with a more specific FilePermission.
[ October 24, 2005: Message edited by: Ulf Dittmer ]
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf Dittmer or anyone else can help,

I need to allow the client to connect to hosts rather than the one it downloaded the applet from. Also I need the applet to have right to have read and write permission.

How should I set the permission file to allow it do so?

Thanks very much.
 
Ulf Dittmer
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Lin Shen: You would need a java.io.FilePermission and a java.net.SocketPermission. They can be combined in one grant statement, which, as in my earlier post, should also specify the URL the applet comes from. Reading the javadocs for those two classes will give you a start in what to do. The Applet FAQ, which is linked in my signature, has further links on using policy files with applets.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!