1 Reply Latest reply on Sep 30, 2002 9:10 PM by 843811

    Basic security problem..

      Yesterday, I started a project to do (a very small, very simplified) IRC-client as applet. I just wanted to learn some basics.
      But almost instantly I encountered a problem when trying to form a socket to the server.
      I'm really not well aware of applet's security restrictions, so I was hoping that you could enlighten me a bit.

      So when I try to create the socket to the server like this (server in this case is "irc.quakenet.eu.org" and port 6667):
      IRCsocket = new Socket(SERV_ADDRESS, SERV_PORT);
      catch (IOException ioe) { }
      catch (SecurityException se) { System.out.println("Security error");}
      .. I get this:
      java.security.AccessControlException: access denied (java.net.SocketPermission irc.quakenet.eu.org resolve)
           at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
           at java.security.AccessController.checkPermission(AccessController.java:401)
           at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
           at java.lang.SecurityManager.checkConnect(SecurityManager.java:1042)
           at java.net.InetAddress.getAllByName0(InetAddress.java:909)
           at java.net.InetAddress.getAllByName0(InetAddress.java:890)
           at java.net.InetAddress.getAllByName(InetAddress.java:884)
           at java.net.InetAddress.getByName(InetAddress.java:814)
           at java.net.InetSocketAddress.<init>(InetSocketAddress.java:109)
           at java.net.Socket.<init>(Socket.java:118)
           at sun.applet.AppletPanel.run(AppletPanel.java:341)
           at java.lang.Thread.run(Thread.java:536)
      Security error

      I also studied the SocketPermission-class and tried to create a new SocketPermission, but it didn't work.
      I really would appreciate if someone could help me with this.
      (Links or anything are fine.)
        • 1. Re: Basic security problem..
          Applets can't talk to anybody other than the host machine without being given special permission to do so. I think that involves signing the applet and having it request permissions from the user, but I've never done that--maybe somebody else can enlighten us. So that's one option. Another option would be to have the applet talk to a servlet on the host machine, and then have the servlet talk to your IRC server. The servlet won't be bound by the same restriction.