Jonathan Doe

thank you to both for much more detailed answer's than i found elsewhere

im not sure i understand the signing purpose completely
does ca signing only validate that an existing person spent money to get a signature?
which also means that the user is asked to accept the applet independent of self signed or ca signed?
what is the real advantage of a ca signature if the way to get it is simply sending money to a company which returns the signature i can use?
i tought trust means that i can trust the code of the applet!?


@Joseph Macer
yeah thats pretty much what i try to achive, but for testing and faster expirience on applets i created a simple javascript which calls the applet's functions as the server based on the network interaction would do

@Ulf Dittmer

The standard policy forbids any use of the java.io package. If it is signed, everything is possible, regardless of who created the certificate. Signing is an all-or-nothing approach. If you want the restrictions to be somewhere in the middle you'll need to use a custom security policy.

i didnt say that i was using javascript which calls my applets functions - my bad
what you said seems not fully correct

the interesting thing which is that only a few people out there know that it is not valid if a Javascript function calls a signed applet function which trys to write to the filesystem!
thats a big exception you can find related posts here:
same problem
alternative solution

i cant find the original post which helped me on this but i created a thread in my applet
public void init()
function which gets a notification when the file should be written
thus my javascript function calls an applet function which enqueues the action which should be taken and the thread writes the file

just to be clear: its not true that you can do everything with just a signed applet - writing a file doesnt seem working if the applet function is public AND/OR called from javascript

hi all

what i try to achieve:
reading/(re)writing a file on a client host

why i try to achieve:
i tought about using a pendrive for authentication purpose for my own purpose and thus i try to store metadata which will be modified on the drive

the questions:
i have written a little applet and self signed it
using appletviewer and self defined java policy (which currently doesnt work - anybody knows a grant all rule just for testing - i dont get it work again?) everything worked
using firefox i got a security exception

what im currently really missing is not a solution for my problem but understanding it
i already searched a lot on this topic and i only find a few pieces of the puzzle - much speculative interpretations - some say it works but not how - others say it doesn work - others suggest using java web start without any further help - i also read it will work if the applet provides a security manager
with the right policy file it seemed working - although i know the client wont have them but its a valid working solution

with the following questions im asking more for an answer than an interpretation
Q1: is it possible to write a java applet/webstart app loaded from a webserver for current mainstream browser which can modify the filesystem on the client side (either hard drive or pen drives)
Q2: if yes - what would be easier to use for the user - an applet or webstart? (i dont really know webstart and thus cant decide where the direction should go)
Q2.0: what is the advantage if any on webstart for this topic?
Q2.1: which conditions have to be met to get the applet running without any filesystem restrictions on client side? (self signed - policy file modifications on client side - signed by a CA or just accepting the applet by the user?)
Q3: if no - are there any know alternatives to write/modify files like actionscript or something?
Q4: with standard browser policy for applets what file i/o can be achieved under which conditions? with i/o i mean reading/writing/deleting/... files/directories. with conditions i mean something like: "reading is always possible IF the applet is self-signed OR CA signed AND the applet has been accepted by the user" (i dont know if this is correct ^^)
Q5: if i run a CA applet does the user have to accept it too like a self signed applet? if yes why do i need a certified authority? how do i get CA signature? do i have to provide the source code which will be signed or only checksums

any technical valid hints for helping understanding the limits on this would be great
thanks in advance

The output from your code doesn't match the print statement you show

changed code to fit your needs

How do you know that something is stuck?

i don't know 100%
that's why i'm asking ;-)
but the application's don't continue with their work, seems that both remote and win app are waiting for something

Looks like there's something remote that has written about 4 kb to you, and something local that has written about 502 b to the remote machine. Do you know if the data has been received at the other end?

i'm sure the data is received by the remote server and my host receives sent data
but this doesn't mean my port mapper receives/sends it what comes from the application on my windows box

Also you say you think something happens around 2 kb, but I don't see anything special in the output there. What's special about 2 kb?

afaik 2kb (i think it was 1500 incl. packet overhead) is standard ethernet MTU on unix systems
that's why i think it could have something to do with 2k (maybe it's the same on win32 box)

maybe my questions weren't clear
Q1: do nio sockets buffer internally?
Q2: is there a buggier bug in my code than missing correct System.out.println's?
i'm not asking for a code correction, but maybe someone is a better java hacker than me and spot's a problem within minutes (something like not flipping ByteBuffer)
would be great
Q3: any tips or hints (maybe there is an java open source port mapper, altough i didn't find one)

thanks sheriff
[ October 23, 2006: Message edited by: Jonathan Doe ]

hy people

i try to write something like a portmapper

class NIOProxy extends Thread{ SocketChannel srcChannel = null; // src and dst nio sockets SocketChannel dstChannel = null; InetSocketAddress source = null; // src and dst address InetSocketAddress destination = null; public void run(){ try{ long datasize = 0; Selector selector = Selector.open(); // Recording server to selector (type OP_READ) this.srcChannel.register(selector,SelectionKey.OP_READ); boolean end = false; // Infinite server loop for(;!end :wink: { // Waiting for events selector.select(); // Get keys Set keys = selector.selectedKeys(); Iterator i = keys.iterator(); // For each keys... while(i.hasNext()) { SelectionKey key = (SelectionKey) i.next(); // Remove the current key i.remove(); if (key.isReadable()) { SocketChannel client = (SocketChannel) key.channel(); int BUFFER_SIZE = 32; ByteBuffer buffer = ByteBuffer.allocate(BUFFER_SIZE); int count = 0; try { // read incoming data while((count=client.read(buffer))>0){ datasize += count; buffer.flip(); while (buffer.hasRemaining()) { this.dstChannel.write(buffer); } System.out.println("i got "+datasize+"bytes something from " +this.srcChannel.socket().getRemoteSocketAddress().toString() +" to "+this.dstChannel.socket().getRemoteSocketAddress().toString()); buffer.clear(); } if (count < 0) { // close channel on EOF, invalidates the key this.dstChannel.close(); this.srcChannel.close(); } } catch (Exception e) { // client is no longer active e.printStackTrace(); end = true; break; } } } } try{ this.srcChannel.close(); } catch(IOException ioe){} try{ this.dstChannel.close(); } catch(IOException ioe){} } catch(Exception e){ e.printStackTrace(); System.out.println(e.getMessage()); } } public NIOProxy(InetAddress srcHost, int srcPort, InetAddress ideAddr, int idePort,String session) throws IOException { // first we connect to source and dest SocketChannel src = SocketChannel.open(); SocketChannel dst = SocketChannel.open(); // nonblocking I/O src.configureBlocking(false); dst.configureBlocking(false); // Connection to host port 8000 src.connect(new InetSocketAddress(srcHost,srcPort)); dst.connect(new InetSocketAddress(ideAddr,idePort)); // Create selector Selector srcselector = Selector.open(); Selector dstselector = Selector.open(); // Record to selector (OP_CONNECT type) SelectionKey srcclientKey = src.register(srcselector, SelectionKey.OP_CONNECT); SelectionKey dstclientKey = dst.register(dstselector, SelectionKey.OP_CONNECT); SocketChannel srcconchan = this.finishConnection(srcselector,srcclientKey); SocketChannel dstconchan =this.finishConnection(dstselector,dstclientKey); // now write some information that we can start port mapping ByteBuffer buffer = null; buffer = ByteBuffer.wrap(new String("conn: "+session+"\n").getBytes()); buffer.flip(); srcconchan.write(buffer); buffer.clear(); // start the mapper for both Channels new NIOProxy(srcconchan,dstconchan); new NIOProxy(dstconchan,srcconchan); } private NIOProxy(SocketChannel src,SocketChannel ide) { this.srcChannel = src; this.dstChannel = ide; this.start(); } private SocketChannel finishConnection(Selector selector,SelectionKey clientKey) throws IOException{ // Waiting for the connection while (selector.select(500)> 0) { // Get keys Set keys = selector.selectedKeys(); Iterator i = keys.iterator(); // For each key... while (i.hasNext()) { SelectionKey key = (SelectionKey)i.next(); // Remove the current key i.remove(); // Get the socket channel held by the key SocketChannel channel = (SocketChannel)key.channel(); // Attempt a connection if (key.isConnectable()) { // Connection OK System.out.println("Server Found"); // Close pendent connections if (channel.isConnectionPending()) channel.finishConnect(); return channel; } } } return null; } }

the code is mostly from example code
it works as following:
1. an NIOProxy object is created
2. the constructor connects to tcp addresses
3. it sends a connection string with a sessionid to one of the 2 hosts
4. it creates 2 threads both just reading data and forward it to the other socket

the problem i have:
the portmapper above is a workaround for some firewall rules on the remote host
everything works great, but after some bytes of data (i think it may be around 2kb) it get's stuck
the two apps which want to communicate through this port mapper, send some data to each other

what i think the problem is:
my question is, if nio sockets buffer data internally?
cause i think i read and write the data correctly, BUT the data isn't sent if it was too few data to send
so is it possible to flush() the sockets?
maybe the code is not right?
the interesting thing about it is, none of the connections get closed
it seems that both applications (local and remote) are waiting for some data
and i think the data hangs in an internal buffer in the socket api
but that's hard to verify
but maybe i got the threads wrong? can there be a problem in my code?

the output looks like this:
Server Found
Server Found

i got 264bytes something from remote.host/192.168.11.61:23453 to localhost/127.0.0.1:10001
i got 422bytes something from localhost/127.0.0.1:10001 to remote.host/192.168.11.61:23453
i got 1232bytes something from remote.host/192.168.11.61:23453 to localhost/127.0.0.1:10001
i got 486bytes something from localhost/127.0.0.1:10001 to remote.host/192.168.11.61:23453
i got 1264bytes something from remote.host/192.168.11.61:23453 to localhost/127.0.0.1:10001
i got 3624bytes something from remote.host/192.168.11.61:23453 to localhost/127.0.0.1:10001
i got 502bytes something from localhost/127.0.0.1:10001 to remote.host/192.168.11.61:23453
i got 4120bytes something from remote.host/192.168.11.61:23453 to localhost/127.0.0.1:10001

many thanks

[ October 23, 2006: Message edited by: Jonathan Doe ]
[EDIT: altered code and striped output]

[...and I inserted some line breaks into the print statement, so it doesn't force the whole window to be unnecessarily wide - Jim]
[ October 23, 2006: Message edited by: Jim Yingst ]