This discussion is archived
1 Reply Latest reply: Oct 6, 2010 12:37 AM by 803365 RSS

Self signed applet

802933 Newbie
Currently Being Moderated
Hi,

I am writting an applet and one of the functionality is that it opens up socket connection to the server url.

I signed the applet jar files using self signed certificate and I packaged as Web project. The web project is running on another app server.

When applet get invoked to make socket connection, it throws following error:


network: Cache entry not found [url: http://<hostname>/crossdomain.xml, version: null]
network: Connecting http://<hostname>/crossdomain.xml with proxy=HTTP @ localhost/127.0.0.1:8888
java.security.PrivilegedActionException: java.io.IOException: Server returned HTTP response code: 502 for URL: http://<hostname>/crossdomain.xml
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
     at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
     at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.net.www.http.HttpClient.New(Unknown Source)
     at sun.net.www.http.HttpClient.New(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
     at com.avaya.ic.client.sdk.core.impl.HttpURLConnectionWrapper.connect(HttpURLConnectionWrapper.java:48)
     at com.avaya.ic.client.sdk.core.impl.LoginClientImpl.login(LoginClientImpl.java:66)
     at com.avaya.ic.client.sdk.core.impl.ApplicationImpl.login(ApplicationImpl.java:87)
     at com.avaya.ic.client.sdk.core.impl.ApplicationImpl.login(ApplicationImpl.java:69)

Caused by: java.io.IOException: Server returned HTTP response code: 502 for URL: http:<host>/crossdomain.xml
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
     at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
     ... 41 more

java.security.AccessControlException: access denied (java.net.SocketPermission <hostname:port> connect,resolve)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkConnect(Unknown Source)
     at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.net.www.http.HttpClient.New(Unknown Source)
     at sun.net.www.http.HttpClient.New(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)


I thought by signing the applet, the program would have full access and would be able to open up socket connection and it should not use crossdomain.xml from the server.

How to fix this issue? I don't want to buy the CA certificate right now. Your suggestions greatly appriciated.

Thanks
  • 1. Re: Self signed applet
    803365 Newbie
    Currently Being Moderated
    Do not do this! You do not need a signed applet just to connect to the originating server, from where the applet has been downloaded. Also unsigned applet is allowed to talk with the server of origin. Also, there is no any need to open a low level socket for the purpose as trivial as to get the file. Security may require for the requested file to be in exactly the same folder where the applet .jar is located.

    Do not self-sign any applets in production as this creates "insecure" image on otherwise maybe excellent software. See here for the source code of the unsigned applet that takes a file name as parameter and then loads this file from the originating server (and then it runs, for instance, here ).

    Edited by: 800362 on Oct 6, 2010 12:34 AM

    Edited by: 800362 on Oct 6, 2010 12:36 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points