893915 wrote:"Access Denied".
I am a working professional and my task is to create a java applet which can create a file at client side according to client's mentioned directory on windows.
I work on it and found that applets doesn't have permissions to do this.
Then I work on it and found that using signed applets it can be done, but I signed my applet using self certificates, but even the applet at client side showing the error :
I work on it and found that it can be solved using policies.Applet security problems are rarely solved using 'policies' . It would defeat the object of Applet security if one could circumvent Applet security restrictions by having the Applet define the 'policies'.
The problem here is I am not able to bundle policy file with signed applet, in such a way that no client has to change his policy file manually on his local computer.
I know that the solution is possible as on this site:
which I got from oracle tutorial.
But I don't know how to make it work. I have gone through various forums, but no one is having the solution.
Please help me to solve this issue.
Any reply will be helpful.
Thanking you in advance.
893915 wrote:Windows 7 security does not allow a standard user to write to "c:\" . The only safe places to write to are the user's home directory (System.getProperty("user.home")) and the 'tmp' directory (System.getProperty("java.io.tmpdir")) . To test this, specify the file as
String fileName = "c:/ok.txt";
Also, Applets are meant to work on just about any system but specifying "c:\" means your Applet could only work on Windows and then only on Windows where there is a "c" drive.
String fileName = System.getProperty("user.home") + "/ok.txt";
893915 wrote:Only by getting the signed Applet run as Administrator. This is normally a bad idea and normally indicates a design flaw. Why do you think you need to write to the root of the 'c' drive?
But I am having some questions:
1) If user wants to create the file in c: or d: drive then , will it be possible to create the files.
2) Only self signing the applet will jump from the need of permissions or the policy file.Forget changing the permissions file since that may open a security hole. A signed Applet is the only sensible way to go and then you are likely to have trouble with OS restrictions. Stick to using only the user's home directory or the 'tmp' directory.
893915 wrote:Correct but Windows 7 will not let him actually write to the file unless he runs the Applet with Administration privileges; not a good idea. The unrestricted access to a computer given by web applications in earlier Windows versions is one of the main security holes in Windows.
Now I am having some more questions related to the same issue:
1) How can I force the applet working against the OS level security, such as creation of file in c: drive of Windows 7?
I think that user can give the destination path to save the file to any of the available drive or folder, including c: drive.
2) How can I change the applet class code to create the file as given by client or end user?Sounds like a job for JFileChooser! It is easy to restrict the navigation allowed by JFileChooser to a particular directory to stop the user from trying to write directly to "c" .
Because in the example done, I put the file creation path into the code statically, which is a poor practice practically. I want to change it dynamically according to client.
3) Is it possible to launch the applet on Internet, with self signed certificates, or it is necessary to make it signed by an Signing Authority?You can use a self signed certificate over the Internet but it proves very very little to the user so is not very useful. For example, any terrorist group could have an Applet that was self signed so as to look like it belonged to the US government. A signing authority will only issue a certificate if it knows that the person submitting the CSR is who they say they are; the submitter has to prove his identity.
893915 wrote:I don't understand!
Thanks for answering my questions. I am satisfied with answer of 3rd question, but not with answers of 1st and 2nd question.
Please give me the method to solve the issues of 1st and 2nd question. Like how to run the Applet with Administration privileges?
is just plain silly. You really need to spend a lot of time going though the Java tutorials. You need to look at basic Java, Swing or AWT, Applets, JApplet or Applet, security etc etc. In other word you need to learn Java.
s = new String("Successfully created file :" + fileName);