 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / December 2007Applets, JAXB and security policy
Hello, I have an applet using JAXB. I was able to overcome the security restriction using appletviewer by specifying a java.policy that grants all permissions on the command line: appletviewer -J-Djava.security.policy=java.policy index.html Now, I need to deploy that applet on the web. How can I specify this policy encoded in the file named java.policy on the APPLET tag of index.html? TIA  Signaturemyriam ... >I have an applet using JAXB. I was able to overcome the security >restriction What 'security restriction'? Applets should be able to access documents relative to their own codebase while *sandboxed.* Resources from the same server are a little harder to get an URL to, but still accessible to the sandboxed applet. >..using appletviewer by specifying a java.policy that grants >all permissions on the command line: > >appletviewer -J-Djava.security.policy=java.policy index.html That is extremely non-optimal. It is impractical to go editing the java.policy file on user machines, and they certainly would not gain from having all applets allowed to do anything. SignatureAndrew Thompson http://www.physci.org/ I get this message without a java.policy granting all permissions. Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.util.PropertyPermission javax.xml.bind.JAXBContext read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) JAXB tries to read something so it becomes a security issue for the applet if I understand it correctly? > "Andrew Thompson" <u32984@uwe> wrote: > .. [quoted text clipped - 15 lines] > certainly would not gain from having all applets allowed > to do anything. Signaturemyriam Please refrain from top-posting. I find it most confusing. >I get this message without a java.policy granting all permissions. No. You get that message.. 1) When the code is running with a security manager and 2) Lacks 'full trust', when 3) Attempting things that require full trust. The situation you describe is *one* way to get around that trust issue, but not a very good one. >Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.util.PropertyPermission javax.xml.bind.JAXBContext read) OK - how exactly is the applet attempting to read the JAXBContext? Is it something done directly in your code (URL or File, perhaps) or is it invoked by other (e.g. JAXB) code over which you have no control? An URL should be able to work sandboxed, whereas the File will *not* be practical for an applet reading data off a remote server. >JAXB tries to read something .. That is sounding more like 'invoked from code beyond your control', but I'd be interested to hear how the initial connection is formeD (URL or File) as that might influence other later decisions between using Files or URLs. >..so it becomes a security issue for the >applet if I understand it correctly? It is not entirely clear to me yet, some 'read's will be allowed, but it seems (from the scant evidence so far) that this applet is trying to establish File objects, which makes little sense in an applet (ever). Can you provide a self contained code example that shows the same effect? SignatureAndrew Thompson http://www.physci.org/ Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.