11 Replies Latest reply: Apr 26, 2010 2:30 AM by 793415 RSS

    Java 3D and Security

    794459
      I'm new to Java 3D, and I see that Java3D installs native code libraries when it installs. This raises the question of how Java 3D can possibly run in a browser. Is it possible to run Java 3D in a browser (or starting from a browser, I suppose) without having the user have to accept some dangerous-looking security dialog? If so, how, and why is that possible? Couldn't DLLs and the like contain arbitrary code?
        • 1. Re: Java 3D and Security
          793415
          cronosprime1 wrote:
          ..Is it possible to run Java 3D in a browser (or starting from a browser, I suppose)..
          Sure.
          1) Embedded JNLP applet.
          2) Free floating JWS app.
          .. without having the user have to accept some dangerous-looking security dialog?..
          Define 'dangerous looking'.
          ..If so, how, and why is that possible? Couldn't DLLs and the like contain arbitrary code?
          Sand-boxed apps. can contain 'arbitrary' code.
          • 2. Re: Java 3D and Security
            794459
            Could you explain to me how sandboxed apps can contain arbitrary code? How does that make them sandboxed? How is it possible for an app to be secure without having restrictions on what code can be run?

            And so it isn't possible to run Java 3D from a browser without the user (assuming the user already has Java Web Start) having to click Accept on some security dialog?
            • 3. Re: Java 3D and Security
              793415
              cronosprime1 wrote:
              Could you explain to me how sandboxed apps can contain arbitrary code?
              Taking the meaning of arbitrary as: "Determined by chance, whim, or impulse, and not by necessity, reason, or principle". In this sense, 'arbitrary' does not mean 'insecure' or 'virus' or anything like that, but something much more benign. ;)
              • 4. Re: Java 3D and Security
                794459
                OK, I suppose what I really meant to ask is: how can users of a JNLP application be guaranteed (or ensured to any extent) that what they run through JNLP is malware free? When I said arbitrary code, I meant "any code that the JNLP application author wishes whatsoever." Isn't it true that DLLs could contain malicious code? If a DLL can contain malicious code and JNLP applications can launch DLLs, how can JNLP be secure?
                • 5. Re: Java 3D and Security
                  793415
                  - DLLs require a trusted app.
                  - A trusted app. can contain viruses, whether or not it uses DLLs
                  - Trusted apps. prompt the user with what you referred to as the 'scary dialog'.
                  - The security dialog is more scary for a 'self-signed' app.
                  - I do not believe that the typical user is very phased by the security dialog, given that most OSs will prompt the user when the user wants to 'burp, or scratch themselves'. Security dialogs are becoming a way of life.
                  - If you wish to use Java3D in an applet or webstart app., it is up to you to explain to the user that the rendering engine requires trust.
                  - As an aside, although Java 3D requires trust, an app. using it can be sand-boxed. (So the user would see only one security prompt for Java 3D, rather than two).
                  • 6. Re: Java 3D and Security
                    794459
                    I'm digging around for ways to have users run my Java3D application from their web browser with as little hindrance as possible. I want as many users as possible to use my app, and I don't want users to be discouraged from using my app by security dialogs. I want to lose as few users as possible on security warnings and the like. I'm sure this kind of concern pops up all the time, so could anyone point me to any existing resources on this matter? Does anyone, from past experience or otherwise, have any suggestions on how a Java 3D applet could be deployed with as little trust as possible from the users (which means losing as few potential users as possible)?

                    Can a regular applet check what operating system is in use? Can it manipulate the page it's on? Maybe I could use an applet to change a JavaScript variable that would then cause my web page to display a message pointing the user of my application to their OS-specific download link for Java3D? If I do go the security dialog route, is there a way for my program to check whether permission has been granted and display a message if permission has been denied?

                    Thanks for all your help. You've been very helpful so far.
                    • 7. Re: Java 3D and Security
                      793415
                      cronosprime1 wrote:
                      ..Can a regular applet check what operating system is in use?
                      [http://pscode.org/prop/?prop=os.name%2Cos.arch]
                      .. Can it manipulate the page it's on?..
                      Yes, but I doubt that is necessary for what you want to achieve.
                      ..Maybe I could use an applet to change a JavaScript variable that would then cause my web page to display a message pointing the user of my application to their OS-specific download link for Java3D?
                      The applet itself could display a link/button to the OS-specific download.
                      ..If I do go the security dialog route, is there a way for my program to check whether permission has been granted and display a message if permission has been denied?
                      try {
                        // anything that requires trust
                      } catch(Throwable) {
                        displaySandoxedMessage();
                      }
                      Here is a [demo.|http://pscode.org/test/docload/] I threw together of loading trusted applets in a 'defensive' way.
                      • 8. Re: Java 3D and Security
                        794459
                        Thanks a lot! That sounds like a very reasonable approach to solving my problem. I can have a security dialog for the typical folks and an explanation page with alternate installation instructions for the security-paranoid.

                        I think I have everything I absolutely needed to know, but if you don't mind giving me the source for the DocumentLoader example, that would be very useful. If there's some reason you want to keep that private, however, I'm sure I can figure things out myself.

                        Thanks again!
                        • 9. Re: Java 3D and Security
                          793415
                          cronosprime1 wrote:
                          Thanks a lot! That sounds like a very reasonable approach to solving my problem. I can have a security dialog for the typical folks and an explanation page with alternate installation instructions for the security-paranoid.
                          :-) You would not believe how many people just don't get it.
                          I think I have everything I absolutely needed to know, but if you don't mind giving me the source for the DocumentLoader example, that would be very useful. If there's some reason you want to keep that private, however, I'm sure I can figure things out myself.
                          Sure. I'm not sure why I did not upload it as well. I might do that soon, but in the mean-time..
                          package org.pscode.eg.docload;
                          
                          import java.awt.*;
                          import java.awt.event.*;
                          import javax.swing.*;
                          import java.net.*;
                          import java.io.*;
                          import java.security.*;
                          
                          /** An applet to display documents that are JEditorPane compatible. */
                          public class DocumentLoader extends JApplet {
                          
                              JEditorPane document;
                          
                              @Override
                              public void init() {
                                  System.out.println("init()");
                          
                                  JPanel main = new JPanel();
                                  main.setLayout( new BorderLayout() );
                                  getContentPane().add(main);
                                  try {
                                      // It might seem odd that a sandboxed applet can /instantiate/
                                      // a File object, but until it goes to do anything with it, the
                                      // JVM considers it 'OK'.  Until we go to do anything with a
                                      // 'File' object, it is really just a filename.
                                      File f = new File(".");
                          
                                      // set up the green 'sandboxed page', as a precaution..
                                      URL sandboxed = new URL(getDocumentBase(), "sandbox.html");
                                      document = new JEditorPane(sandboxed);
                          
                                      main.add( new JScrollPane(document), BorderLayout.CENTER );
                                      // Everything above here is possible for a sandboxed applet
                          
                                      // *test* if this applet is sandboxed
                                      final JFileChooser jfc =
                                          new JFileChooser(f); // invokes security check
                                      jfc.setFileSelectionMode(JFileChooser.FILES_ONLY);
                                      jfc.setMultiSelectionEnabled(false);
                          
                                      JButton button = new JButton("Load Document");
                                      button.addActionListener( new ActionListener(){
                                              public void actionPerformed(ActionEvent ae) {
                                                  int result = jfc.showOpenDialog(
                                                      DocumentLoader.this);
                                                  if ( result==JFileChooser.APPROVE_OPTION ) {
                                                      File temp = jfc.getSelectedFile();
                                                      try {
                                                          URL page = temp.toURI().toURL();
                                                          document.setPage( page );
                                                      } catch(Exception e) {
                                                          e.printStackTrace();
                                                      }
                                                  }
                                              }
                                          } );
                                      main.add( button, BorderLayout.SOUTH );
                          
                                      // the applet is trusted, change to the red 'welcome page'
                                      URL trusted = new URL(getDocumentBase(), "trusted.html");
                                      document.setPage(trusted);
                                  } catch (MalformedURLException murle) {
                                      murle.printStackTrace();
                                  } catch (IOException ioe) {
                                      ioe.printStackTrace();
                                  } catch (AccessControlException ace) {
                                      ace.printStackTrace();
                                  }
                              }
                          
                              @Override
                              public void start() {
                                  System.out.println("start()");
                              }
                          
                              @Override
                              public void stop() {
                                  System.out.println("stop()");
                              }
                          
                              @Override
                              public void destroy() {
                                  System.out.println("destroy()");
                              }
                          }
                          • 10. Re: Java 3D and Security
                            794459
                            Thanks for the code! By the way, how is it that an applet can be sandboxed and use DLLs that are already installed? For instance, it seems that people who already have Java 3D installed can use one of my sandboxed applets without any kind of security warning. This seems odd. On one hand, it makes sense that a DLL that has already been downloaded by the user can be trusted. On the other hand, it doesn't make sense that an untrusted, sandboxed applet can be trusted to not misuse a trusted DLL. Suppose you installed a Java extension that helped you manipulate files and that this extension was implemented in part by a DLL. The extension itself just performs whatever file operations it is told to perform. It is not malicious in and of itself. It makes sense to trust that extension and that DLL because you, the user, installed it. However, I wouldn't trust an applet with access to any of that DLL's functions. If the applet could call the DLL's functions, it could bypass the Java security manager's file system access security checks. So why can my applet call the Java 3D functions that are in the Java 3D DLLs?
                            • 11. Re: Java 3D and Security
                              793415
                              cronosprime1 wrote:
                              ..So why can my applet call the Java 3D functions that are in the Java 3D DLLs?
                              I cannot immediately say why. Perhaps that is a question better suited to a dedicated post on one of the [Security forums|http://forums.sun.com/category.jspa?categoryID=15].