11 Replies Latest reply: Apr 13, 2011 6:20 AM by baftos RSS

    java.security.AccessControlException

    854755
      Hi,

      I'm aware, that java security blocks network access to sites who's domain different from the domain of the page that contains the applet.

      However, I have an applet that is trying to access the same site it was loaded from.
      And the operation fails:
      -----------------
      class java.security.AccessControlException
      access denied (java.net.SocketPermission 194.126.100.76:80 connect,resolve)
      ----------------

      Whats even more weird: during initialization the applet sends a HTTP POST to the same site many times and these operations do not fail.
      But if I later initiate a connection to the same site (and the same URL), I get the error.

      And there is more: if the browser is set to use a proxy and the java is set to use the same network connection settings as browser, everything works fine.

      Is this a bug or a feature?
      How do I get my applet working without a proxy?
        • 1. Re: java.security.AccessControlException
          baftos
          Is the host name you use exactly the same as the one in the page URL?
          They must be the same as per String.equals().
          For instance, using the DNS name in one and and the IP address in the other does not qualify as 'exactly the same'.

          Edit: Although you posted in 'Signed applets', I assume your applet is not signed and this is ok if you connect back to the host from where the applet was downloaded, the way I described.

          Edited by: baftos on Apr 12, 2011 11:10 AM
          • 2. Re: java.security.AccessControlException
            854755
            Hi,

            Yes, the URL's are exatly the same.

            It has to be correct since some POST operations work.
            To be sure I created one global static variable for this URL which I use. I even use the same class and method for all post operations.

            But I realized what's the difference between working and non working HTTP POSTs -- the operations that fail are those which are initiated by javascript from web page:
            document.MyApplet.SaveMyWork()

            I still dont understand why java behaves like this -- if its a security measure, it's not working for clients who use proxy
            • 3. Re: java.security.AccessControlException
              EJP
              the operations that fail are those which are initiated by javascript
              So it is a Javascript problem.
              I still dont understand why Java behaves like this
              It doesn't. Javascript* behaves like this. They are not the same thing.
              • 4. Re: java.security.AccessControlException
                854755
                Hi,

                EJP, your post doesn't make sence -- why do you blame javascript because it initiates an operation?

                The facts are:
                1. The error appears on java console and it is a java error
                2. When the browser (and java applet) is set up to use a proxy everything works.

                Please explain, what makes you say that this is a javascript problem?
                • 5. Re: java.security.AccessControlException
                  854755
                  Hi baftos,

                  I apologize for posting here, I knew the section is for signed applets, but I didn't know where else to post and since these areas are quite close I assumed the people reading this have also an expertise to answer my question.

                  I do not want to sign an applet and all I need is to connect back to the server it was downloaded from.
                  • 6. Re: java.security.AccessControlException
                    EJP
                    EJP, your post doesn't make sence
                    But it does make sense
                    why do you blame javascript because it initiates an operation?
                    Because it initiates an operation.

                    Why do you blame Java when it executes the same operation perfectly?
                    • 7. Re: java.security.AccessControlException
                      854755
                      Hi EJB,

                      The error
                      -----
                      class java.security.AccessControlException
                      access denied (java.net.SocketPermission 194.126.100.76:80 connect,resolve)
                      -----
                      Isn't exactly what I would call a perfect execution.
                      BTW, 194.126.100.76 is servers IP, not clients.

                      If you are sugesting that applets doesn't support calls from browser (or javascript) any more, pleas say so.
                      • 8. Re: java.security.AccessControlException
                        EJP
                        You said everything works fine except when invoked via javascript. If you are now suggesting something else please clarify.
                        If you are suggesting
                        No I'm not ... I don't 'suggest' things: I would say so explicitly.
                        • 9. Re: java.security.AccessControlException
                          854755
                          Hi, EJB


                          I did present the facts.

                          One fact is that the same operatiion fails when it is initiated by javascript.

                          I just do not see how this fact leads to the conclusion that the javascript is to be blamed.
                          Especially when taking into account other facts.
                          • 10. Re: java.security.AccessControlException
                            baftos
                            Try AccessController.doPrivileged() (search the forum for discussions about this), although I am not sure at all it will help. Usually this is needed for calls coming from javascript into signed applets. Also the proxy thing, I don't know...
                            • 11. Re: java.security.AccessControlException
                              baftos
                              Try AccessController.doPrivileged() (search the forum for discussions about this), although I am not sure at all it will help. Usually this is needed for calls coming from javascript into signed applets. Also the proxy thing sounds strange...