• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

File Permission Error

 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am getting the following error:
java.security.AccessControlException: access denied (java.io.FilePermission C:\Users\Philip DePalo\Documents\_TricksTrade\kumarphil.jpg read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.isFile(Unknown Source)
at org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:67)
at org.apache.commons.httpclient.methods.multipart.FilePart.<init>(FilePart.java:129)
at ThumbnailHandler$UploadImage.actionPerformed(ThumbnailHandler.java:363)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at java.awt.Window.setVisible(Unknown Source)
at java.awt.Dialog.setVisible(Unknown Source)
at ThumbnailHandler$UploadImage.<init>(ThumbnailHandler.java:347)
at ThumbnailHandler$1.actionPerformed(ThumbnailHandler.java:105)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at SessionClient$MenuItemListener.actionPerformed(SessionClient.java:495)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)


I have set all my policy files to allow all permissions for right now. My policy files I have found are the java.policy files in the jre and jdk directories under java, my tomcat directory, I have also set a special policy file that is loaded from the catalina properties file...I don't know what else I can do...I also don't understand why I can't read a file from my own directory.

The applet allows for a file upload and you pick one of you machine to upload...why is that a read error? I mean I know its the developer machine...but with all permissions set it should allow it...what am I missing? Any other place to check?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

Tomcat has nothing to do with this, so whatever you changed in the catalina properties/policy file has no bearing on this.

It sounds as if you have several JREs installed ("...jre and jdk directories...") - make sure that whichever one is used by the Java Plugin (you can check which one that is in the Java Plugin control panel) uses the altered policy file.

Also make sure that the policy file you're changing is being used at all - maybe by removing all permissions, and checking that all kinds of stuff now breaks.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well when you install the JDK it installs a JRE and a seperate JRE directory as well.

So my directories are .../java/jre6
and
.../java/jdk1.6.0_16
now in the second directory there is a sub directory labeled JRE as well...

that is how it installed when you download it.

I have changed the policy file in all the directories...what would you suggest I put into the policy file to allow ALL permissions?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I see. Well, applets wouldn't use the JDK; they'd be using the JRE. But like I said, check which one actually gets used. You may have more JREs installed than you realize.

You can use an AllPermission; see http://mindprod.com/jgloss/policyfile.html for an example. But, again, make sure the policy file is actually used.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
how do I make sure it is actually used...and how can i confirm which JRE is being used, the console that comes up refers to the directory I mentioned...
java.security.policy: error parsing file:/C:/Program%20Files/Java/jre6/lib/security/java.policy:
line 52: expected [;], found [permission]
so I put an error in the line so it must be reading that file...but I have already made the permission in the file as such:
grant codeBase "file:${catalina.home}/webapps/-" {
permission java.security.AllPermission;
permission org.apache.naming.JndiPermission "jndi://localhost:8080/vcei_s/*";
};

is that right? I do use jndi...i just added that line too...from a website suggestion...
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Introducing a syntax error to induce an error message is a good way of finding out which JRE is used

"file:${catalina.home}/webapps/-


That's wrong - the codebase should start with "http://localhost....", not with "file:///".

The JNDI stuff only makes sense if your applet specifially does something with JNDI - by themselves, applets don't use that.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok I am away from my computer, so I will try that new codebase when I return. Also I am pretty sure I use JNDI because I was receiving errors reading the files until I loaded the jndi.jar file into the directory and all those errors went away. If I do use it, what should I add in reference to JNDI?

Also why does it need to refer to localhost as opposed to the directory where the files are running? I am just curious, I don't understand. Isn't localhost and the file:// directory both pointing to the same files?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

If I do use it, what should I add in reference to JNDI?


Searching for that permission, I find references to Tomcat. Unless the applet uses some Apache library that also uses it, I'd say this would only be needed for whatever the web app part of your application does, but not for the applet.

Also why does it need to refer to localhost as opposed to the directory where the files are running? I am just curious, I don't understand. Isn't localhost and the file:// directory both pointing to the same files?


Yes, it's the same physical file, but it's not the same URL. And applets are loaded through http:// URLs, not through file:/// URLs. A file:/// URL would only be used if you double-clicked the HTML page containing the applet on your local machine (check the URL that's shown in the browser), but not if the applet is run off a web server.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Still haven't returned to my computer, but I will try the change. All I know is that I am running the applet from the tomcat server logging into to it using http://localhost:8080/vcei_s

A part of the applet is to upload a picture...when I click the jdom upload button the standard upload a file window appears and I navigate to some file on my computer, same computer as the tomcat server and select a file and click add, then the file permission error happens in the consol saying read error.

Do you think this is related at all to why the other images that the xml file refers to are not appearing...i mean the size of the image appears in the scroll bars and the consol says the image has been loaded, but not actual image. The program allows you to comment on an image and those comments and markings appear, but I know they are seperate from the image itself...but it would give an error if it couldn't load the image, its just the actual picture is missing...

anyhow, let me try the stuff first...and yes there is a server side applet and a client side applet...
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok I added this instead....

grant codeBase "http://localhost:8080/-" {
permission java.security.AllPermission;
permission org.apache.naming.JndiPermission "jndi://localhost:8080/*";
};

still the same error...
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Success, I was also loading a specific policy file in the java.security file so I removed the reference and now it worked just fine....so thank you for the change for the http://localhost

I still can not show the image though. I was able to upload the image and it did upload and it appears in the "list" but still no actual image displayed...i am very confused about this....in the java console it says this about the images:
Loaded image: http://localhost:8080/vcei_s/online/images\-1\0-1.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\3-CT.3007.1.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\5-area_photo.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\9-Photo_012607_003.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\10-temp054.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\11-5.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\16-Creek.jpg
Loaded image: http://localhost:8080/vcei_s/online/images\-1\17-kumarphil.jpg

So the only thing that seems odd about those lines is that the "/" turns into a "\" backslash through the url...yet it says its loading them....why is it even saying its loading them, did I have to send an out to even get that message?
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I increased the trace level to 5 and here is the additional information:

Loaded image: http://localhost:8080/vcei_s/online/images\-1\0-1.jpg
network: Cache entry not found [url: http://localhost:8080/vcei_s/online/images%5C-1%5C0-1.jpg, version: null]
network: Connecting http://localhost:8080/vcei_s/online/images%5C-1%5C0-1.jpg with proxy=DIRECT
network: Connecting http://localhost:8080/ with proxy=DIRECT
network: Connecting http://localhost:8080/vcei_s/online/images%5C-1%5C0-1.jpg with cookie "JSESSIONID=B94E5BAA18845A030EE76AE9CBE21BA7"
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How are you trying to load and display those images? Post a relevant code excerpt.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wow, let me find it, its a big program that I am working on for my doctorate...I didn't build the program, but I am fixing it...so maybe so, think one of these two files is the code:

ScaleImage



or

TopicManager



or

DynamicTree


or

ServerSession ThumbnailHandler

 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what does it mean when it says cache entry not found?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's way too much code to try to understand. But I notice that the code uses AppletContext.getImage. From its javadocs: "This method always returns immediately, whether or not the image exists." YOu may have to use an ImageObserver that tells you when the image is actually available. That's just a guess, though, I haven't looked at the code in detail.

what does it mean when it says cache entry not found?


Applets and their resources (jar files, image files etc.) are cached by the Java Plugin. This message just means that the image wasn't cached (most likely because it hasn't been used before), and the applet will now attempt to download it from the server.
 
philip depalo
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So I discovered the issue with displaying the images



So I commented out the line that used File.separator to create the \ in between the directories and physically entered a "/" to denote the directories. This was all that was necessary. It seems that when the URL encodes the actual address it changes the File.separator \ to %5C which is the url code, but not when its supposed to show a directory. This also happened in one other place:



So that was the answer...
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

I'm bumping this topic because I encountered exactly the same security issue as described in the first post of this topic. I am also developping an applet which enables to upload image files from a local machine to a Struts application.

I don't quite understand why I should change the permissions in the policy files. When I am going to deploy this applet to our users, do they have to change their policy files on their local machines too ? Is there no other solution ?
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeroen De Schutter wrote:I don't quite understand why I should change the permissions in the policy files. When I am going to deploy this applet to our users, do they have to change their policy files on their local machines too ? Is there no other solution ?



Well, you shouldn't. Expecting all of the users to change their policy files would be absurd, as you say. The discussion about policy files in this thread appears to me to be about some policy file on the Tomcat server. No, you just have to sign the applet if it needs to access the file system on the users' machines.
 
Jeroen De Schutter
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, id did sign the applet. I was able to write a (temporary) file to the disk of the client machine but when I tried to upload the file using Apache HttpClient, i did get an AccessControlException.



This is an excerpt of my code

 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In addition to signing the applet, you may have to run the code as privileged; se HowCanAnAppletReadFilesOnTheLocalFileSystem for details.
 
Paul Clapham
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeroen De Schutter wrote:Well, id did sign the applet. I was able to write a (temporary) file to the disk of the client machine but when I tried to upload the file using Apache HttpClient, i did get an AccessControlException.



And did you sign the jar containing HttpClient the same way as you signed your applet? Notice from the stack trace
that it's the HttpClient code which is getting the exception.
 
reply
    Bookmark Topic Watch Topic
  • New Topic