Unable to establish a socket connection

[S J Rulison]

Can somebody please give me a clue as to what I'm doing wrong here? I
have a JAVA Applet and Server application written in JAVA version
1.4.2_05 running on a Windows XP platform. I use the socket(String
host, int port) class on the applet side to establish a connection
with the Server and the ServerSocket(int port) class on the server
side. When I run both the Server and Applet on the same workstation,
everything works fine but if I move the Server portion onto another
machine, I am unable to establish a connection with that Server. I've
tried using the IP address of the server, the name of the client, and
the fully qualified name (client.domain_name). All of these methods
worked fine when I ran them on the same machine. For whatever its
worth, I tried feeding the server a fetishes IP Address and machine ID
when I was running both programs from the same machine to see if it
would run anyway and it did not. So the server program is doing
something with that parameter.

So, is it a rights issue that I'm dealing with or is it something
else? Any help would be greatly appreciated.

Thank you.

 

[Ann]

Can somebody please give me a clue as to what I'm doing wrong here? I
have a JAVA Applet and Server application written in JAVA version
1.4.2_05 running on a Windows XP platform. I use the socket(String
host, int port) class on the applet side to establish a connection
with the Server and the ServerSocket(int port) class on the server
side. When I run both the Server and Applet on the same workstation,
everything works fine but if I move the Server portion onto another
machine, I am unable to establish a connection with that Server. I've
tried using the IP address of the server, the name of the client, and
the fully qualified name (client.domain_name). All of these methods
worked fine when I ran them on the same machine. For whatever its
worth, I tried feeding the server a fetishes IP Address and machine ID
when I was running both programs from the same machine to see if it
would run anyway and it did not. So the server program is doing
something with that parameter.

What is a 'fetishes IP address'

 

[S J Rulison]

What is a 'fetishes IP address'

How about Factitious? Does that make a little more since?

 

[Thomas Schodt]

I use the socket(String
host, int port) class on the applet side to establish a connection
with the Server and the ServerSocket(int port) class on the server
side. When I run both the Server and Applet on the same workstation,
everything works fine but if I move the Server portion onto another
machine, I am unable to establish a connection with that Server.

With the default security settings, I believe
an Applet can only establish a socket connection to
the domain the applet was fetched from.

 

[Filip Larsen]

S J Rulison wrote

Can somebody please give me a clue as to what I'm doing wrong here? I
have a JAVA Applet and Server application written in JAVA version
1.4.2_05 running on a Windows XP platform. I use the socket(String
host, int port) class on the applet side to establish a connection
with the Server and the ServerSocket(int port) class on the server
side. When I run both the Server and Applet on the same workstation,
everything works fine but if I move the Server portion onto another
machine, I am unable to establish a connection with that Server.

You do not write what exception you get, but a guess would be that your
experience the security manager denying your applet to connect to any
other host than the host from where the applet came. If that is the
case, try use Applet.getCodeBase() in the applet to check that the host
really is the one you think. In fact, you can use the code base URL
directly to ensure you always connect to the originating host by using
getCodeBase().getHost() as the hostname when you create your sockets.


Regards,

 

[S J Rulison]

With the default security settings, I believe
an Applet can only establish a socket connection to
the domain the applet was fetched from.

Well, I'm not sure exactly what you mean but I can tell you that both
the server and the client reside on the same domain. The domain
controller for our netwrok is a Windows 2000 Adv. server.

 

[S J Rulison]

S J Rulison wrote


You do not write what exception you get, but a guess would be that your
experience the security manager denying your applet to connect to any
other host than the host from where the applet came. If that is the
case, try use Applet.getCodeBase() in the applet to check that the host
really is the one you think. In fact, you can use the code base URL
directly to ensure you always connect to the originating host by using
getCodeBase().getHost() as the hostname when you create your sockets.


Regards,

Actually, I didn't get any exceptions. And I guess I should have
mentioned that in my original post. Thnak you for the headsup on the
getCodeBase() & getHost() methods. I will look into that and see if
that fixes the problem.

Thanks again.


Sincerely,
Steve Rulison.

 

[Steve Horsley]

Actually, I didn't get any exceptions. And I guess I should have
mentioned that in my original post.

In that case you are connecting succesfully. There are only two
possible outcomes to calling new Socket(), and that is either
a connected socket, or an exception thrown.

Maybe you are catching and ignoring the exception?

Steve

 

[S J Rulison]

In that case you are connecting succesfully. There are only two
possible outcomes to calling new Socket(), and that is either
a connected socket, or an exception thrown.

Maybe you are catching and ignoring the exception?

Steve

Dear Mr. Horsley:
You were correct in your reply to my post when you stated that I might
be catching and ignoring the exception. Upon further review of my
code, I noticed that I had the e.printstackTrace(System.err) commented
out. I have printed out the exceptions that were thrown below. It
appears that I need to go threw the java security manager and grant
permission to the applet to open a socket connection to the server
application but I'm not exactly sure how that's done. Do you know of
any examples I can look at to see what code needs to be added to the
applet and the application? The closest I came to finding an example
was a snippet of code for granting permissions:
grant{java.security.AllPermissions;}. I wasn't able to figure out
where this fits into the scheme of things.


I would really appreciate any help you could give me on this.

Thanks.


EXCEPTIONS:
java.security.AccessControlException: access denied
(java.net.SocketPermission 10.44.250 resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.InetSocketAddress.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at PTABLookup.createSocket(PTABLookup.java:110)
at PTABLookup.init(PTABLookup.java:87)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

 

[Steve Horsley]

Dear Mr. Horsley:
You were correct in your reply to my post when you stated that I might
be catching and ignoring the exception. Upon further review of my
code, I noticed that I had the e.printstackTrace(System.err) commented
out. I have printed out the exceptions that were thrown below. It
appears that I need to go threw the java security manager and grant
permission to the applet to open a socket connection to the server
application but I'm not exactly sure how that's done. Do you know of
any examples I can look at to see what code needs to be added to the
applet and the application? The closest I came to finding an example
was a snippet of code for granting permissions:
grant{java.security.AllPermissions;}. I wasn't able to figure out
where this fits into the scheme of things.


I would really appreciate any help you could give me on this.

Thanks.


EXCEPTIONS:
java.security.AccessControlException: access denied
(java.net.SocketPermission 10.44.250 resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.InetSocketAddress.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at PTABLookup.createSocket(PTABLookup.java:110)
at PTABLookup.init(PTABLookup.java:87)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Now you've caught me out. I've never messed around with security managers,
so I can't help you. But now you know what the problem is, maybe someone else
can chip in. Or maybe you can google for something like "applet socket
securityexception". This has been discussed many times before.

Steve

 

[Andrew Thompson]

...

There are various options.

Adjust the security settings of each individual browser/box
using the security tool (no experience - only suitable for testing)

Sign the applet. Roll your own security certificate (at
least for testing purposes), then jar ..
<http://www.physci.org/codes/javafaq.jsp#jar>
...and sign the applet using the security certificate.

This is more trouble, but it then allows you to deploy
the applet with full permissions using Java Webstart,
and is a breeze for the user.
<http://www.physci.org/codes/javafaq.jsp#jws>

HTH

 

[S J Rulison]

Now you've caught me out. I've never messed around with security managers,
so I can't help you. But now you know what the problem is, maybe someone else
can chip in. Or maybe you can google for something like "applet socket
securityexception". This has been discussed many times before.

Steve

Okay I will do that. Thanks again for yur help.

Steve R.

 

[S J Rulison]

I have been doing some research for signing JAVA applets and I feel I
have been making some good progress this area. I imagine that there
will be some real benefits to learning this topic and I believe that
it is time well spent but, AND YOU KNEW THERE HAD TO BE A BUT, I still
have a question regarding this whole signing subject. As you'll
recall this all got started because I wasn't able to connect the
applet to a server when I started running the server application on a
different PC. Thomas Schodt suggested in one of his responses that I
look into signing the applets, which I am now doing.

Here's what I don't understand. I don't ever recall having to
download a digital signature when accessing my bank account on-line.
I logon to that site, view all of my banking transactions, and
transfer money, etc. and I THINK anyway that I never had to download a
digital ID. Maybe I wrong or maybe it happens behind the scenes and I
just don't se it but I don't ever recall doing that. When I set up a
web page on Yahoo I don't believe I ever downloaded a digital
signature. There again, maybe it is occurring behind the scenes. Is
it because these sites aren'JAVA driven? What am I missing here? I
think this has been the single sticking point with me regarding the
digital signature solution. I know that you need to sign applets if
you are trying to do something like write to the local hard-drive or
send something to a local printer but I never have been able to
understand why it is that these applets have to be signed just so I
can access a server over the network when it at least APPEARS that I
am able to access all of these other sites over the Internet that are
doing so much more w/o a digital signature.

Is there some place that teaches a class specifically addressing this
topic?

 

[Andrew Thompson]

Here's what I don't understand. I don't ever recall having to
download a digital signature when accessing my bank account on-line.

If the applet is attempting to communicate with the *same* server
from which it originated, a signature is unnecessary. But, to quote
you..

..When I run both the Server and Applet on the same workstation,
everything works fine

That does not require a signed applet, since the applet
is attempting to communicate back to the *same* host that
served it.

..but if I move the Server portion onto another
machine, I am unable to establish a connection with that Server.

Now the applet is served from one place, but is attempting to
connect to a different one. Code signature required.

If you also move the *applet* to that server on 'another machine',
and access it via network or internet, it should again work fine
without a signature.

An unsigned applet can 'phone home' to it's own server, but
a signed applet can communicate with *any* server.

HTH

 

[S J Rulison]

Applet Originate

I'm not exactly sure what you mean when you say, "the applet is
attempting to communicate with the same server from which it
originated".

Lets say you have a java application file called Server1.class, a java
applet called Applet1.class, and an file html called TestApplet.html
all
stored in designated shared folder on the hard-drive of a PC running
Windows XP. The host name for this PC will be JServer.

You physically go to the JServer PC, open a command window, CD into
the
shared folder where the Server1.class resides and start the
application
from the command line, java Server1 <Enter>. Now you go over to
another
PC on the network, which is also running Windows XP and logon to the
network. We will call this machine JClient. After you logon you map
a
drive to the shared folder on JServer. You then launch IE and then
point to and open the TestApplet.html file in the shared directory on
JServer. The TestApplet.html file automatically calls the
Applet1.class
when it is opened and the Applet1.class then attempts to create a
socket
connection to the server process that is running on JServer.

Here's what I believe is occurring at this point. While the
Applet1.class file is stored on the same machine as the Server1.class,
I
do not believe that is where Applet1 will originat. I believe
that the term originate refers to the machine that actually launched
the
applet, which in this case is the JClient machine. Assuming I am
correct with these assumptions, how would you go about getting
the Applet1.class to instantiate (originate) itself on the JServer
machine from the JClient PC?


I have included all of the source code below for this example. I have
also
included the output that occurs when the applet is called from Jserver
and
when it is called from JClient below to illustrate this example.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

<HTML>
<HEAD>
<TITLE>Test Applet Lookup Applet</Title>
<CENTER><H1>Test Applet</H1></CENTER>
</HEAD>
<BODY>
<APPLET CODE=Applet1.class WIDTH=760 HEIGHT=500></APPLET>
</BODY>
</HTML>


/* Program Name: Applet.java

Author: Steven J. Rulison

Date: November, 18 2004

Purpose: Demonstrate a socket connection over the network.

*/

import java.applet.*;
import java.net.*;

public class Applet1 extends Applet
{
//Constructor
public Applet1()
{
try
{
Socket s = new Socket("JServer", 1427);


/*
Flip Larsen suggested that I use the
Applet.getCodeBase().getHost() method. I didn't have
much luck with it. I think I need to see an actual
example of how it's used. This is what I tried:

Socket s = new Socket(Applet.getCodeBase().getHost(),
1427);

I also tried printing to the command console and a null value
returned.

System.out.println(Applet.getCodeBase().getHost());
*/

System.out.print("Socket connection successful.");
}
catch(Exception e)
{
e.printStackTrace();
System.out.print("Socket connection unsuccessful.");
}//End of catch block.
}//Constructor
}//End of class Applet1.


/* Class name: Server1

Author: Steven Rulison

Date: November, 18 2004

Purpose: Demonstrate a socket connection over the network. This is
the Server portion.
*/

import java.net.*;
import java.io.*;

public class Server1 extends Thread
{
public static void main(String[] Args)
{
try
{
ServerSocket ss = new ServerSocket(1427);
Socket s = ss.accept();
}catch(IOException e)
{
e.printStackTrace(System.err);
}
}//End of main.

}//End of class Server1



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-


Applet console output when the applet is launched from from the
Client:

Java Plug-in 1.5.0
Using JRE version 1.5.0 Java HotSpot(TM) Client VM
User home directory = E:\Documents and Settings\sruliso

----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

java.security.AccessControlException: access denied
(java.net.SocketPermission JServer resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.InetSocketAddress.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at Applet1.<init>(Applet1.java:21)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)






Applet console output when the applet is launched from the server:

Java(TM) Plug-in: Version 1.4.2_03
Using JRE version 1.4.2_03 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\ADMINISTRATOR
Proxy Configuration: Automatic Proxy Configuration
URL: http://webt1resv.ilptab.il.us:8080/array.dll?Get.Routing.Script

----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

 

[Andrew Thompson]

Applet Originate

I'm not exactly sure what you mean when you say, "the applet is
attempting to communicate with the same server from which it
originated".

That's what it basically comes down to, yes.

Lets say you have a java application file called Server1.class, a java
applet called Applet1.class, and an file html called TestApplet.html
all
stored in designated shared folder on the hard-drive of a PC running
Windows XP. The host name for this PC will be JServer.

I don't have a host name of JServer, but 'localhost',
so I changed your applet code slightly. Consider this
variant of your 'Applet1'.

<snippet>
public class Applet1 extends Applet
{
public void init() {
System.out.println("getCodeBase(): '" +
getCodeBase() + "'" );
System.out.println("getCodeBase().getHost(): '" +
getCodeBase().getHost() + "'" );

connect(getCodeBase().getHost());
}

public static void connect(String host)
{
try
{
Socket s = new Socket(host, 1427);
</snippet>

I noticed below that how you commented that you tried
the getCodeBase().getHost() method but "I didn't have
much luck with it."

That is the point at which you should be asking questions,
which I answered quickly with the above lines and loading
the HTML off the local hard disk, or by using the apache
server.

That code works when loading off the 'localhost', but throws
the SecurityException when loaded from disk. (Check the
output closely, when loaded off a network or hard disk)

Applets can 'phone home' to the *host* that served them
to the client, but they need to ne *signed* to communicate
with any other server. That is what is tripping you up.

.. Assuming I am
correct with these assumptions, how would you go about getting
the Applet1.class to instantiate (originate) itself on the JServer
machine from the JClient PC?

No, you are way off with this. Applets never run on the server.

They may need to be signed to make a connection though.

 

[Andrew Thompson]

On 22 Nov 2004 09:48:23 -0800, S J Rulison wrote:

No, you are way off with this. Applets never run on the server.

They are *delivered* from a server to a client, but always
*execute* in the client.

 

[S J Rulison]

Before I make this comment I would like to state that I have been
listening to and trying everybody's suggestions and I do appreciate
your help.

I made an interesting discovery in my continuous Socket Connection
dilemma. I bought a book last week called Java Security Solutions by
Rich and Johennie Helton. There is a chapter in the book pertaining
to the Java Security Manager, which led me to the java security.policy
file (%systemdrive%\Program
Files\Java\jre1.5.0\lib\security\security.policy). I discovered that
if you modify the file by adding the following line to one of the
grant statements, a connection can be established across the network
and the applet will work.

Grant{
Permission java.net.SocketPermission "IP Addressort", "connect,
accept";
}

This of course is not a solution since it would not be practical to
modify the security.policy file on every client attempting to access
the server but it sounds to me like the problem resides in the
security manager.

 

[Steve Horsley]

Before I make this comment I would like to state that I have been
listening to and trying everybody's suggestions and I do appreciate
your help.

I made an interesting discovery in my continuous Socket Connection
dilemma. I bought a book last week called Java Security Solutions by
Rich and Johennie Helton. There is a chapter in the book pertaining
to the Java Security Manager, which led me to the java security.policy
file (%systemdrive%\Program
Files\Java\jre1.5.0\lib\security\security.policy). I discovered that
if you modify the file by adding the following line to one of the
grant statements, a connection can be established across the network
and the applet will work.

Grant{
Permission java.net.SocketPermission "IP Addressort", "connect,
accept";
}

This of course is not a solution since it would not be practical to
modify the security.policy file on every client attempting to access
the server but it sounds to me like the problem resides in the
security manager.

Like Andrew says, you don't need to do that stuff if your applet is
just calling back to the source server. What string do you get if you
print getCodeBase.getHost()? "Didn't have much luck" doesn't
tell us much.

Steve

 

[S J Rulison]

If I type in System.out.println(getCodeBase.getHost()); in the Applet
source code, I get this compilation error message:
Applet1:java:34: cannot find symbol symbol: variable getCodeBase


If I type in System.out.println(getCodeBase().getHost()); in the
Applet source code, it compiles w/o any errors but when I run it I get
this runtime error message:
Check point 1
Check point 2
java.lang.NullPointerException
at java.applet.Applet.getCodeBase(Unknown Source)
at Applet1.<init>(Applet1.java:22)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Here is the source code for the Applet:

/* Program Name: Applet.java

Purpose: Demonstrate a socket connection from the APPLET side over
the network.
*/
import java.applet.*;
import java.net.*;
import java.io.*;

public class Applet1 extends Applet
{
//Constructor
public Applet1()
{
try
{

System.out.println("Check point 1");
Socket s = new Socket("10.44.1.250", 1427);

System.out.println("Check point 2");
System.out.println(getCodeBase().getHost() );


//This generates a compilor error
// System.out.println(getCodeBase.getHost() );


System.out.println("Check point 3");
}
catch(Exception e)
{
e.printStackTrace();
System.out.print("Socket connection unsuccessful.");
}//End of catch block.
}//Constructor

public void init(){}
}//End of class Applet1.


Here is the source code for the server:

/* Class name: Server1

Purpose: Demonstrate a socket connection from the SERVER side over
the network.
*/
import java.net.*;
import java.io.*;

public class Server1
{
public static void main(String[] Args)
{
try
{
ServerSocket ss = new ServerSocket(1427);
Socket s;

while(true)
{
s = ss.accept();
}
}catch(IOException e)
{
e.printStackTrace(System.err);
}
}//End of main.
}//End of class Server1