This discussion is archived
14 Replies Latest reply: Nov 1, 2011 3:36 AM by 896918 RSS

To write a file on client side using signed applets.

896918 Newbie
Currently Being Moderated
Hi guys,
I am a working professional and my task is to create a java applet which can create a file at client side according to client's mentioned directory on windows.
I work on it and found that applets doesn't have permissions to do this.
Then I work on it and found that using signed applets it can be done, but I signed my applet using self certificates, but even the applet at client side showing the error : "Access Denied".
I work on it and found that it can be solved using policies.
The problem here is I am not able to bundle policy file with signed applet, in such a way that no client has to change his policy file manually on his local computer.
I know that the solution is possible as on this site:
"http://www.javaworld.com/javaworld/jw-12-2000/security/writeFile.html"
which I got from oracle tutorial.
But I don't know how to make it work. I have gone through various forums, but no one is having the solution.
Please help me to solve this issue.
Any reply will be helpful.
Thanking you in advance.

Regards,
Lovelesh Saxena.
  • 1. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    893915 wrote:
    Hi guys,
    I am a working professional and my task is to create a java applet which can create a file at client side according to client's mentioned directory on windows.
    I work on it and found that applets doesn't have permissions to do this.
    Then I work on it and found that using signed applets it can be done, but I signed my applet using self certificates, but even the applet at client side showing the error :
    "Access Denied".

    Then you are doing something wrong but since we can't see your code and we don't know which version of Windows and we don't know which JDK you are using it is difficult to say what is likely to be wrong. Self signing does allow one to write to files on Windows though there are OS restrictions on Windows 7 and Vista.
    I work on it and found that it can be solved using policies.
    Applet security problems are rarely solved using 'policies' . It would defeat the object of Applet security if one could circumvent Applet security restrictions by having the Applet define the 'policies'.
    The problem here is I am not able to bundle policy file with signed applet, in such a way that no client has to change his policy file manually on his local computer.
    I know that the solution is possible as on this site:
    "http://www.javaworld.com/javaworld/jw-12-2000/security/writeFile.html"
    which I got from oracle tutorial.
    But I don't know how to make it work. I have gone through various forums, but no one is having the solution.
    Please help me to solve this issue.
    Any reply will be helpful.
    Thanking you in advance.

    Regards,
    Lovelesh Saxena.
  • 2. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    thanks for such a quick reply.
    My OS is MS Windows 7.
    My jdk is 1.6.26
    And my applet code is simple as it create a file and write a message into that text file.
    The problem is, applets are not having permissions to do such actions.
    I have read that for making them work we have to sign them, but after even self signing the applet, it is not working.
    I have the example on : "http://www.javaworld.com/javaworld/jw-12-2000/security/writeFile.html" on which there applet is working fine.
    Please found out where I am going wrong.

    Thanking you once again.

    Regards
    Lovelesh
  • 3. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    I'm at a loss as to what you think I can do! You have found online an example of an Applet that writes files that works OK. Your own Applet generates a security exception trying to write a file. The implication is that your Applet is either not signed or you are trying to write to a file that Windows 7 does not allow. I can't see your code, I don't have access to your build system to see if the Applet was signed OK and I don't know which file you are trying to write to or where it is located.
  • 4. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    Thanks for showing interest in this topic.
    My thinking is that I am not having the right way to create a self signed applet.
    My another question is that, If I self sign an applet, then it does not needed to have the corresponding permissions in the client's policy file?
    And is it always required to sign the applet by any Signing Authority like Thawte?
    If you have done it, can you please tell me a step wise tutorial for doing this.....please please please.
    I know that I am making a very small mistake.
    Please help me.

    The Applet code is:
    import java.applet.Applet;
    import java.awt.Graphics;
    import java.io.*;
    import java.awt.Color;
    public class SignedAppletDemo extends Applet {

    public String test() {

    setBackground(Color.white);

         String fileName = "c:/ok.txt";
         String msg = "This message was written by a signed applet!!!\n";
         String s ;
                        
         try {

         FileWriter fos = new FileWriter(fileName);
         fos.write(msg, 0, msg.length());
         fos.close();
         s = new String("Successfully created file :" + fileName);

         } catch (Exception e) {
         System.out.println("Exception e = " + e);
         e.printStackTrace();
         s = new String("Unable to create file : " + fileName);
         }
         return s;

    }     

    public void paint(Graphics g) {

    g.setColor(Color.blue);
    g.drawString("Signed Applet Demo", 120, 50);
    g.setColor(Color.magenta);
    g.drawString(test(), 50, 100);

    }

    }


    Regards
    Lovelesh Saxena
  • 5. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    893915 wrote:
         String fileName = "c:/ok.txt";
    Windows 7 security does not allow a standard user to write to "c:\" . The only safe places to write to are the user's home directory (System.getProperty("user.home")) and the 'tmp' directory (System.getProperty("java.io.tmpdir")) . To test this, specify the file as
    String fileName = System.getProperty("user.home") +  "/ok.txt";
    Also, Applets are meant to work on just about any system but specifying "c:\" means your Applet could only work on Windows and then only on Windows where there is a "c" drive.
  • 6. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    Thanxxxxx once again.
    I will do modifications as suggested by you and will let you know the results.
    But I am having some questions:
    1) If user wants to create the file in c: or d: drive then , will it be possible to create the files.
    2) Only self signing the applet will jump from the need of permissions or the policy file.

    Thanking you for your interest.

    Regards,
    Lovelesh Saxena
  • 7. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    893915 wrote:
    But I am having some questions:
    1) If user wants to create the file in c: or d: drive then , will it be possible to create the files.
    Only by getting the signed Applet run as Administrator. This is normally a bad idea and normally indicates a design flaw. Why do you think you need to write to the root of the 'c' drive?
    2) Only self signing the applet will jump from the need of permissions or the policy file.
    Forget changing the permissions file since that may open a security hole. A signed Applet is the only sensible way to go and then you are likely to have trouble with OS restrictions. Stick to using only the user's home directory or the 'tmp' directory.
  • 8. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    Thank you so much...... it is working now perfectly........ hurrahhhh

    Now I am having some more questions related to the same issue:

    1) How can I force the applet working against the OS level security, such as creation of file in c: drive of Windows 7?
    I think that user can give the destination path to save the file to any of the available drive or folder, including c: drive.

    2) How can I change the applet class code to create the file as given by client or end user?
    Because in the example done, I put the file creation path into the code statically, which is a poor practice practically. I want to change it dynamically according to client.

    3) Is it possible to launch the applet on Internet, with self signed certificates, or it is necessary to make it signed by an Signing Authority?

    Once again thanking you for giving this discussion, such a quick solution.

    Regards,
    Lovelesh Saxena.
  • 9. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    893915 wrote:
    Now I am having some more questions related to the same issue:

    1) How can I force the applet working against the OS level security, such as creation of file in c: drive of Windows 7?
    I think that user can give the destination path to save the file to any of the available drive or folder, including c: drive.
    Correct but Windows 7 will not let him actually write to the file unless he runs the Applet with Administration privileges; not a good idea. The unrestricted access to a computer given by web applications in earlier Windows versions is one of the main security holes in Windows.

    >
    2) How can I change the applet class code to create the file as given by client or end user?
    Because in the example done, I put the file creation path into the code statically, which is a poor practice practically. I want to change it dynamically according to client.
    Sounds like a job for JFileChooser! It is easy to restrict the navigation allowed by JFileChooser to a particular directory to stop the user from trying to write directly to "c" .

    >
    3) Is it possible to launch the applet on Internet, with self signed certificates, or it is necessary to make it signed by an Signing Authority?
    You can use a self signed certificate over the Internet but it proves very very little to the user so is not very useful. For example, any terrorist group could have an Applet that was self signed so as to look like it belonged to the US government. A signing authority will only issue a certificate if it knows that the person submitting the CSR is who they say they are; the submitter has to prove his identity.

    A "Signing Authority" only vouches for the identity and does not vouch for the person being trustworthy. For example, if he had been alive today, Al Capone could get a CA signed certificate confirming that he is/was Al Capone but would you trust him?
  • 10. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    Thanks for answering my questions. I am satisfied with answer of 3rd question, but not with answers of 1st and 2nd question.
    Please give me the method to solve the issues of 1st and 2nd question. Like how to run the Applet with Administration privileges?
    Thanking you once again.

    Regards,
    Lovelesh Saxena.
  • 11. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    893915 wrote:
    Thanks for answering my questions. I am satisfied with answer of 3rd question, but not with answers of 1st and 2nd question.
    Please give me the method to solve the issues of 1st and 2nd question. Like how to run the Applet with Administration privileges?
    I don't understand!

    You don't want to give an Applet unrestricted access to your computer and as far as I am aware under Windows 7 you can't without the user being an Administrator. What do you not understand about that!

    You can select a directory in which to write a file using JFileChooser (or it's AWT equivalent). What don't you understand about that?

    You still haven't said why you need to give the Applet unrestricted access to the file system. As a client of your Applet I would be most unhappy if it could do this.

    I don't think this thread is going any further so best if I bow out.
  • 12. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    Thanks for solving the real issue.
    I now understand that you are right about the c: drive issue of writing a file in that drive, with user of administrative rights.
    But I am saying that I have put the code to create and write to a file on server sided signed jar, which consist of the applet class code as:


         String fileName = "d:/ok.txt";
         String msg  = "This message was written by a signed applet!!!\n";
         String s ;
                        
         try {

         FileWriter fos = new FileWriter(fileName);
         fos.write(msg, 0, msg.length());
         fos.close();
         s = new String("Successfully created file :" + fileName);

         }



    and then compile it, and make a signed jar with the statically created class file. How can I create an applet which can use path given by client? As suggested by you, if I will use JFileChooser, it will give the path, but how can I insert that path in the applet code , and create a compiled and signed jar which reside on the server side, so that it will run on the client side.
    Please help me in this too..... please please please.
    Thanking you once again.

    Regards,
    Lovelesh Saxena.
  • 13. Re: To write a file on client side using signed applets.
    sabre150 Expert
    Currently Being Moderated
    In your original post you say "I am a working professional and my task is to create a java applet" and I assumed that you meant that you are a professional programmer but this can't be the case because you have basic misunderstandings with regards Java , Java Applets and Windows 7 security. If you were a professional programmer you would know that you have to write an Applet that has a GUI and embeds a file chooser (Swing or AWT makes no difference to this fact). You would also know that the use of constructs such as
    s = new String("Successfully created file :" + fileName);
    is just plain silly. You really need to spend a lot of time going though the Java tutorials. You need to look at basic Java, Swing or AWT, Applets, JApplet or Applet, security etc etc. In other word you need to learn Java.

    I did not solve the real issue. The real issue is why you need to write the file on the root directory of a Windows 7. I understand perfectly your task but you seem determined to ignore the fact that under a standard Windows 7 installation writing to the root directory cannot be done as a non-administrator. One of the major feature of Windows 7 is the ability to restrict what a standard user can do. Now there may be a way round this since MS have a history of leaving such security holes but I am not aware of it. You might want to post in a more MS aligned forum.

    You still have not explained WHY you have to create this file on the root directory of a Windows 7 and seem determined not to do so. If it's specified by your boss then ask him because it is a nonsense requirement. If it is a home project then your design is flawed and needs to be revised. If, as I suspect, it is a School/College/University project then go back to your supervisor and ask him.

    Bye.
  • 14. Re: To write a file on client side using signed applets.
    896918 Newbie
    Currently Being Moderated
    Hi Sabre,
    I am sorry to be such misconceptual concepts and for so stupidity, but now applet is working fine dynamically with JFileChooser.
    I will look to you for my further questions.
    Thanking you.

    Regards,
    Lovelesh Saxena

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points