FilePermission in an Applet

[dbaldes]

Hello,

i have a strange thing here with FilePermission in an Applet. To my
understanding an Applet is allowed to access files on the host where it
is loaded from via http, for example; escpecially the applet should be
able to load files included in jars which are given in the
"archive"-attribute of its applet tag (making up its classpath).

I use kodo (a JDO OR-mapping library) in the applet to access a
database. Kodo now tries to read some metadata from a file included in
a jar, which leads to the following exception:

java.security.AccessControlException: access denied
(java.io.FilePermission
http:\gosling:9180\swing-editor\lib\dbobjects.jar!\com\open\mss\db\stop\package.jdo
read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
at
com.solarmetric.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:296)
at
com.solarmetric.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:279)
[...]

(note the strange http-url)

When i grant FilePermission in the client's policy file, all works
well.

Can somebody tell me what's wrong here? Is it due to the method how
kodo accesses the file?

Thanks in advance,
Daniel

 

[Robert Klemme]

Hello,

i have a strange thing here with FilePermission in an Applet. To my
understanding an Applet is allowed to access files on the host where
it is loaded from via http, for example; escpecially the applet
should be able to load files included in jars which are given in the
"archive"-attribute of its applet tag (making up its classpath).

Normal applets do not have permissions to access files - they are only
allowed to open a network connectio to the host they were loaded from.

I use kodo (a JDO OR-mapping library) in the applet to access a
database. Kodo now tries to read some metadata from a file included in
a jar, which leads to the following exception:

java.security.AccessControlException: access denied
(java.io.FilePermission
http:\gosling:9180\swing-editor\lib\dbobjects.jar!\com\open\mss\db\stop\package.jdo
read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
at
com.solarmetric.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:296)
at
com.solarmetric.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:279)
[...]

(note the strange http-url)

When i grant FilePermission in the client's policy file, all works
well.

Can somebody tell me what's wrong here? Is it due to the method how
kodo accesses the file?

Thanks in advance,
Daniel

Your problem is that the code tries to access the File through the File
interface while you want to do it via the ClassLoader (try to use
getResourceAsStream()). You should hand XMLMetaDataParser.parse() a
stream obtained from the ClassLoader instead of using a file name. This
file name is most likely interpreted as local file (i.e. on the browser's
machine).

Kind regards

robert

 

[Roedy Green]

i have a strange thing here with FilePermission in an Applet. To my
understanding an Applet is allowed to access files on the host where it
is loaded from via http, for example; escpecially the applet should be
able to load files included in jars which are given in the
"archive"-attribute of its applet tag (making up its classpath).

I have found they have to be "downstream". See
http://mindprod.com/jgloss/applet.html
for what I mean by that