Skip to Main Content
Forums

Java SE (Java Platform, Standard Edition)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Java 7: Problems launching applets with jars on "file://" location

joan_esteveJun 2 2014 — edited Jun 14 2014

Hi,

We are experiencing a problem when updating our client's JRE from Java6 U 21 up to Java7 U 55.

We have developed an Applet which is composed by several JAR files. Some of those JARs must be stored in local drive, and the JAR with the main Java class is stored on server.

Let's supose we have a similar scenario like this:

https://blahblahbah/bar.jar

https://blahblahbah/test.html

C:/foo.jar

The code of test.html:

<embed

  archive="file:///C:/foo.jar"

  cache_archive="bar.jar"

  ...

/>

This code works fine on Java 6 and Applet is correctly loaded.

However, with Java 7 a security exception is raised when trying to load JAR files from "file:///" location during Applet launch:

java.lang.SecurityException: Permission denied: file:/C:/foo.jar

    at sun.plugin2.applet.Applet2Manager._loadJarFiles(Unknown Source)

We have tried several tests using a java.policy file which grants all possible permisions:

grant codeBase "file:/C:/foo.jar" {

    permission java.security.AllPermission;

};

grant {

  permission java.security.AllPermission;

};

We also tried to low Java's security level to "MEDIUM", with no success.

We finally only managed to run the Applet if we explicity disable the "Next-Generation Plugin" with Internet Explorer 8. However, that's not a suitable solution, and still does not work with Mozilla family browsers.

Eventhought with Mozilla browsers is still not working.

Is there any restrictions in Java 7 that prevents to read jars from being loaded from local drive when launching Applets?

Thanks in advance,

Comments

baftos

https://community.oracle.com/thread/2594401 may contain answers for you.

joan_esteve

Thank you baftos.

I had read the whole message before posting mine. It's not the same problem. I'm able to run the sample signed applet always having the jar in the same location than the HTML page serving the applet via JNLP:

<jar href="SignedAppletTest.jar" main="true"/>

However, the security exception raises when trying to read that jar from local drive:

<jar href="file://C:/SignedAppletTest.jar" main="true"/>

ExitException[ 3]java.lang.SecurityException: Permission denied: file://C:/SignedAppletTest.jar

    at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)

I have even tried to decompile JNLP2Manager class, without seeing anything useful on that loadJarFiles method

The only way I managed to avoid the problem is unchecking the New Generation Plugin and running the Applet with IE. Not a suitable solution for me at all..

baftos

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7020285

I think your situation is similar to the above.

1 person found this helpful
joan_esteve

Yes, It describes the same scenario: loading an HTML page from a server, which launches an Applet stored on a local jar file.

I have decompiled the loadJarFiles() method from Applet2Manager and JNLP2Manager classes from plugin.jar libraries from JRE 6 release (applet works) and JRE 7 release (permission denied) without finding any appreciable difference between the two versions which could explain that different behaviour.


It seems that stronger restriction policies in the New Generation Plugin Manager are applied on loading Applets from Java 7, ignoring my java.policy configuration (where I tried to set enough permisssion privileges...)


Thanks for your support

baftos

Just curious. Did you solve your problem? How? And why did you need that jar to be local in the first place?

1 - 5
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Jul 12 2014
Added on Jun 2 2014
#applet, #java, #java-applet-development
5 comments
7,453 views