Forum Stats

  • 3,838,230 Users
  • 2,262,342 Discussions
  • 7,900,547 Comments

Discussions

Permission + Policy File + Java Applet

844235
844235 Member Posts: 13
edited Sep 12, 2011 4:16PM in Java Applet Development
Hi everyone,

I developped a small Java applet for testing purposes.
The aim of the applet is getting data from a MySql database and displayed it into a JLabel.
I use a MySql jdbc layer contained in a Jar file.

I tested the applet locally via Eclipse and it works fine.
Then, I packaged my ".class" files into a Jar file.
I uploaded the resulting Jar file to the server as well as the jdbc Jar file.

I tried to launch the applet located on the server from my web browser (IE9).
An error occured.
I analysed the results in the Java console.
The reason of the problem follows :
I miss a permission grant in my policy file.
The missing line is : permission java.util.PropertyPermission "file.encoding", "read";

For information, the policy file is located at : jre7|lib|security

I do no want to ask the users of my future applet to modify their policy file.
So, I am wondering if there is a way to consider a custom policy file when executing a Java applet.
The custom policy file would be located on the same server as the applet is.

Thanks in advance for your help.

Best Answer

  • DrClap
    DrClap Member Posts: 25,479
    Answer ✓
    841232 wrote:
    But, at the same time I met another problem.
    My applet does not receive any packets from the MySQL server.
    I wonder if my two self-signed applets can not communicate with a remote machine because it is not the machine where the Jars are located.
    I know that sand-boxed applets can not.
    It's equally possible that there is no network path from wherever the applet is running to the MySQL server. (Which in general would be a good thing, because exposing a database server to the Internet can lead to data security problems.)
«1

Answers

  • 793415
    793415 Member Posts: 7,279 Bronze Badge
    Digitally sign the code and instruct the end user to OK the trust dialog when prompted. That will get around all the hassles of using a policy file.
    793415
  • 844235
    844235 Member Posts: 13
    Andrew Thompson wrote:
    Digitally sign the code and instruct the end user to OK the trust dialog when prompted. That will get around all the hassles of using a policy file.
    Thank you for your answer.

    I do not have a rich experience in Java.
    I do not know what you mean by signing digitally the code.
    Could you give me further explanations ? It would be very helpful.
  • 793415
    793415 Member Posts: 7,279 Bronze Badge
    edited Sep 11, 2011 5:53AM
    841232 wrote:
    ..Thank you for your answer.
    Thanks is well expressed by marking posts helpful or correct.

    BTW - do you use an IDE?

    Edited by: Andrew Thompson on Sep 11, 2011 7:53 PM
  • EJP
    EJP Member Posts: 32,920 Gold Crown
    I do not know what you mean by signing digitally the code.
    See the Javadoc for the jarsigner tool.
  • 844235
    844235 Member Posts: 13
    I read some articles found on the web.
    I got information about self-signed applets.
    I learned the necessary steps to create a self-signed applet.

    Converting my applet to a self-signing one seemed to be a good way.
    But, the process includes constraints I can not accept.
    End-users have to perform some tasks manually on their own computer according to the "End Users" section at : [http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html#enduser]

    The only constraint I was ready to accept was prompting a dialog to let the user trust my applet.

    Now, I think about an other technology to achieve my application.
  • 793415
    793415 Member Posts: 7,279 Bronze Badge
    841232 wrote:
    ..Converting my applet to a self-signing one seemed to be a good way.
    But, the process includes constraints I can not accept.
    You don't follow my prompts, you don't answer my questions, I suspect that trying to help you is a waste of my time. OTOH, I will give one (last) chance.

    1) Visit the sand-boxed form of this properties applet. You might see something like this:

    ||Name||Value||
    |os.arch|x86|
    |os.name|Windows 7|
    |user.home|unknown|
    |user.name|unknown|

    The last two values read <tt>unknown</tt> because that is the applet's way of saying that those last two properties either don't exist or (in this case) are not available to a sand-boxed applet (the applet has no way to distinguish between the two possibilities).

    2) Now visit the signed form of the same applet. Click OK when prompted. You might see something more like this:

    ||Name||Value||
    |os.arch|x86|
    |os.name|Windows 7|
    |user.home|C:\Users\Andrew|
    |user.name|Andrew|

    All the values (including the two trusted properties) are returned as values.

    Now, was that hard for the end user? I don't know what that article was going on about, the author should check their medications. In any case, all the user needs to do is 'OK the signed code when prompted' and the applet is trusted.

    If you want me to continue with this thread, attend to the matters I mentioned earlier.
    793415
  • 844235
    844235 Member Posts: 13
    I followed your advice concerning signed applets.
    I just searched information by myself.

    I agree to the fact that clicking OK to trust the applet is acceptable.
    It is a constraint I was ready to accept and I still do.

    In my previous post I mentionned several constraints coming with self-signed applets.
    I do not want to pay for a certification.
    The constraints concern the end-user and are the following ones :
    -> Import Certificate as a Trusted Certificate
    -> Create the Policy File
    This information comes from an official webpage located at : [http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html#enduser]

    On the other hand, I tested the sand-boxed applet and the signed one you mentionned in your post.
    The results are the ones expected.

    I am quite confused.
    The following questions arised in my mind :
    -> Is the signed applet you mentionned a self-signed one ?
    -> Does my policy file allow a signed applet to get information about user.home and user.name ?
    -> Is the information from the Java webpage wrong ?

    Again, I appreciate your past help and I thank you in advance for your future help.
  • EJP
    EJP Member Posts: 32,920 Gold Crown
    edited Sep 11, 2011 6:17PM
    End-users have to perform some tasks manually on their own computer according to the "End Users" section at : [http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html#enduser]
    The article is incorrect, or at best misleading. It is not necessapy for Ray to import the certificate if it is signed by a CA, or if you don't mind Ray having to press OK in a trust dialog when the applet runs. And he doesn't have to create a .policy file either unless he wants different security constraints on the applet than the default.
    The only constraint I was ready to accept was prompting a dialog to let the user trust my applet.
    Thats all he has to do.
    Now, I think about an other technology to achieve my application
    Unnecessary.
    EJP
  • 793415
    793415 Member Posts: 7,279 Bronze Badge
    >

    Before it gets lost in the excitement, I'll ask you again. Do you use an IDE?
    I am quite confused.
    The following questions arised in my mind :
    -> Is the signed applet you mentionned a self-signed one ?
    Yes. It is my applet, and I cannot afford the price that is charged for a properly verified digital certificate from VeriSign.
    -> Does my policy file allow a signed applet to get information about user.home and user.name ?
    Don't use them, don't know, don't care.
    -> Is the information from the Java webpage wrong ?
    I would say 'yes it is wrong'. The information in that page is ludicrous. If it took that much effort to get a signed app. working, it would not be worth it, nor would it be practical.
    793415
  • 844235
    844235 Member Posts: 13
    First, I thank both of you for your answers.
    Before it gets lost in the excitement, I'll ask you again. Do you use an IDE?
    Yes I use Eclipse Indigo 3.7

    Now I think I have got enough information to perform a new test.
    I will sign the Jar which needs the following line in the policy file : permission java.util.PropertyPermission "file.encoding", "read";
    But, I will not add the line to the policy file because you told me that is unnecessary.
    I forgot to add that the Jar I will sign is not the Jar which contains my Applet class.
    The Jar I will sign contains MySQL jdbc class.

    As soon as I get results from my new test I will post back to the thread.
This discussion has been closed.