Loading ...
Sorry, an error occurred while loading the content.

Applet Security

Expand Messages
  • Scott Wilson
    This is not exactly a JSyn Question, but I m hoping someone out there can help me. I ve built a JSyn applet which loads in mp3s (using javalayer) from external
    Message 1 of 9 , Jan 2, 2003
    • 0 Attachment
      This is not exactly a JSyn Question, but I'm hoping someone out there
      can help me.

      I've built a JSyn applet which loads in mp3s (using javalayer) from
      external URLs. Works fine when I run it as an application from a
      command line, but if I run it as an applet in a browser or AppletViewer
      I get this error:

      java.security.AccessControlException: access denied
      (java.net.SocketPermission www.pacdv.com resolve)
      at
      java.security.AccessControlContext.checkPermission(AccessControlContext.
      java:267)
      at
      ...

      I know that applets aren't allowed to access the local file system, but
      is this also a problem for external URLs? This seems a little severe...
      Is there a way around this?

      Any advice would be appreciated.

      Thanks,

      Scott
    • Phil Burk
      ... You re right.... ... Applets can access URLs on the same server that hosts the Applet. But they cannot access other random servers. The server can be
      Message 2 of 9 , Jan 2, 2003
      • 0 Attachment
        > This is not exactly a JSyn Question,

        You're right....

        > I know that applets aren't allowed to access the local file system, but
        > is this also a problem for external URLs?

        Applets can access URLs on the same server that hosts the Applet. But they
        cannot access other random servers. The server can be referenced using
        getCodeBase(). This will work in an Applet:

        URL sampleURL = new URL( getCodeBase(), fileName);
        stream = sampleURL.openConnection().getInputStream();

        The only way around this is to digitally sign the Applet. The technique
        varies depending on which browser will be used, which is a problem.

        For more info see:

        http://developer.java.sun.com/developer/onlineTraining/Security/Fundamentals
        /abstract.html

        Phil Burk
      • Scott Wilson
        Thanks Phil! S.
        Message 3 of 9 , Jan 2, 2003
        • 0 Attachment
          Thanks Phil!

          S.

          On Thursday, January 2, 2003, at 02:20 PM, Phil Burk wrote:

          >> This is not exactly a JSyn Question,
          >
          > You're right....
          >
          >> I know that applets aren't allowed to access the local file system,
          >> but
          >> is this also a problem for external URLs?
          >
          > Applets can access URLs on the same server that hosts the Applet. But
          > they
          > cannot access other random servers. The server can be referenced using
          > getCodeBase(). This will work in an Applet:
          >
          > URL sampleURL = new URL( getCodeBase(), fileName);
          > stream = sampleURL.openConnection().getInputStream();
          >
          > The only way around this is to digitally sign the Applet. The technique
          > varies depending on which browser will be used, which is a problem.
          >
          > For more info see:
          >
          > http://developer.java.sun.com/developer/onlineTraining/Security/
          > Fundamentals
          > /abstract.html
          >
          > Phil Burk
          >
          >
          > JSyn home at: http://www.softsynth.com/jsyn/
          > List home at: http://groups.yahoo.com/group/jsyn/
          > To unsubscribe, send an email to: jsyn-unsubscribe@yahoogroups.com
          >
          >
          > Your use of Yahoo! Groups is subject to
          > http://docs.yahoo.com/info/terms/
          >
          >
          >
        • Scott Wilson
          ... Wow. After spending the evening wading through this I have to say that this looks like a colossal pain in the ass. Sorry to keep harping off topic, but am
          Message 4 of 9 , Jan 2, 2003
          • 0 Attachment
            On Thursday, January 2, 2003, at 02:20 PM, Phil Burk wrote:
            > The only way around this is to digitally sign the Applet. The technique
            > varies depending on which browser will be used, which is a problem.
            >
            > For more info see:
            >
            > http://developer.java.sun.com/developer/onlineTraining/Security/
            > Fundamentals
            > /abstract.html

            Wow. After spending the evening wading through this I have to say that
            this looks like a colossal pain in the ass. Sorry to keep harping off
            topic, but am I correct in understanding that I:

            a) will need to purchase a rather expensive certificate from Verisign
            or something similar

            b) will need to develop under Windows using Microsoft's Java SDK if I
            want this stuff to work under Internet Explorer? (I'm currently working
            with Project Builder in Mac OSX).

            Your continuing tolerance and help is appreciated. :-) Thanks.

            S.
          • Phil Burk
            Hello, ... Yes. Code Signing and convincing browsers to accept signed material is one of the most arcane, confusing, and unrewarding computer tasks I have ever
            Message 5 of 9 , Jan 3, 2003
            • 0 Attachment
              Hello,

              > Wow. After spending the evening wading through this I have to say that
              > this looks like a colossal pain in the ass.

              Yes. Code Signing and convincing browsers to accept signed material is one
              of the most arcane, confusing, and unrewarding computer tasks I have ever
              attempted. Do I sound jaded?

              > a) will need to purchase a rather expensive certificate from Verisign
              > or something similar

              Thawte's multi-purpose code-signing certificate is $200.

              http://www.thawte.com/html/RETAIL/devel/index.html

              Also you can generate a "test certificate" for your own experimenting.

              > b) will need to develop under Windows using Microsoft's Java SDK if I
              > want this stuff to work under Internet Explorer? (I'm currently working
              > with Project Builder in Mac OSX).

              You may have to do a final build under MS SDK. But you can still develop it
              on Mac.

              Here are some links with more info then you would ever want to know, but
              less than you actually need:

              keytool docs at Sun
              http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

              jarsigner docs at Sun
              http://java.sun.com/j2se/1.3/docs/tooldocs/win32/jarsigner.html

              Use PKCS12 as a Keystore
              http://www.jguru.com/faq/view.jsp?EID=532461

              Extension Example
              http://java.sun.com/j2se/1.4/docs/guide/plugin/developer_guide/extensions_ex
              ample.html

              Guidelines for writing secure code. Priveledged extensions and unsigned
              Applets. http://java.sun.com/security/seccodeguide.html

              IE packaging
              http://msdn.microsoft.com/library/default.asp?url=/workshop/delivery/downloa
              d/tutorials/button_download.asp

              We should probably wind up this off-topic thread. This isn't JSyn.

              Phil Burk
            Your message has been successfully submitted and would be delivered to recipients shortly.