• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

How to loading policy file with signed Applet

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone!

I have an Applet which tries to open a file in the client machine. For this to work the jar file (in which the Applet class reside) is signed using the keytool and jarsigner. I have also created a policy file for enabling access to the Applet. The policy reads as below:

grant {
permission java.security.AllPermission;
};

The following works fine:
appletviewer -J-Djava.security.policy=mypolicy test.html
Without the '-J-Djava.security.policy=mypolicy' in the above, the Applet would not work!

But if I try to open the html file in a browser (MacOS) then Access is denied.

I think the browser JVM is using the default policy file. One way to make this work is by modifying the JRE policy file. But I dont think my clients would be looking to do that.

My question is... how should I bundle the custom policy file into the jar so that client side there are no changes? Any idea?

NOTE: I have already seen some articles for the same. Would appreciate if anyone provides a very simple working example.

Thanks and Regards,
Mahesh.
 
Master Rancher
Posts: 3876
35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A comment:
> bundle the custom policy file into the jar
This can't be allowed. If it were possible for an applet to set its own permissions then there wouldn't be any security.

>I think the browser JVM is using the default policy file
Yes I think so to. It is up to each client to change his policy file to control what he will allow applets to do on his machine.

On Win98 there is a file: .java.policy where the policytool writes when it is used to update permissions. This file is linked to from another policy file in the JVMs folders.
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

grant {
permission java.security.AllPermission;
};



Ouch. You have just allowed any applet out there to read all files on your hard disk and to transmit them somewhere on the web.

Something like


grant codeBase "http://www.xyz.com/directory/applet.jar"; {
permission java.security.AllPermission;
};


seems more appropriate. Even better, replace AllPermission with a more specific FilePermission.
[ October 24, 2005: Message edited by: Ulf Dittmer ]
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf Dittmer or anyone else can help,

I need to allow the client to connect to hosts rather than the one it downloaded the applet from. Also I need the applet to have right to have read and write permission.

How should I set the permission file to allow it do so?

Thanks very much.
 
Ulf Dittmer
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Lin Shen: You would need a java.io.FilePermission and a java.net.SocketPermission. They can be combined in one grant statement, which, as in my earlier post, should also specify the URL the applet comes from. Reading the javadocs for those two classes will give you a start in what to do. The Applet FAQ, which is linked in my signature, has further links on using policy files with applets.
 
I don't always make ads but when I do they're tiny
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic