granting & reverting previlages at runtime
hello ...
i'm trying to migrate an applet currently implemented netscape and microsoft security packages(com.ms.security & netscape.security) using Javas plug-ins. But during the life time of this applet permissions are granted and revoked dynamically.
like....
if (miBrowserSecurity == MyClass.NETSCAPE)
PrivilegeManager.enablePrivilege("UniversalSystemClipboardAccess");
--
-
if (miBrowserSecurity == MyClass.NETSCAPE)
PrivilegeManager.revertPrivilege("UniversalSystemClipboardAccess");
How to implement this functionality using java2 plug-ins. Do i need to implement
custom policy ?
Please help
[704 byte] By [
minimola] at [2007-9-30 11:21:33]
If you sign the code, you should be able to remove all the netscape.security packages and it should work fine. Not sure about the microsoft packages since we never used those but I would hope they could be removed too.
If you don't sign the code, I think you would have to update the java.policy file on every client that would use your applet.
hi.. i removed the netscape & microsoft packages , recompiled the applet and got it signed.
but the problem is how to grant and revert previlages dynamically at run time.
See the enablePrevilage and revertPrivilages methods below. What is the equivalentin java plug-in?
PrivilegeManager.enablePrivilege("UniversalSystemClipboardAccess");
-
some code lines here ...again the UniversalSystemClipboardAccess previlage id reverted.
-
PrivilegeManager.revertPrivilege("UniversalSystemClipboardAccess");
I cant change the java.policy file during the execution of the applet. it is updated only once.
hope you understood the problem now.
thanks
I think that what sbelsly is saying is that you don't need netscape.security. If code is signed or a policy is
set up for code than security for certain functions is granted and enabled. In other words you don't need
to enable it explicitly.
http://developer.netscape.com/docs/manuals/signedobj/javadoc/netscape_security_PrivilegeManager.html
To check if you have access to certain things (PrivilegeManager.checkPrivilegeGranted) I think you can use
SecurityManager
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html
If you use a certificate from a certificate authority such as Verisign or Thawte, the user will be prompted to to grant permission and then your applet will have AllPermission. See http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_how.html for details ... the important paragraph being -
"If Plug-in can verify the certificate chain all the way up to its Root CA certificate, it checks if that Root CA certificate is contained in the database of trusted Root CA certificates. If so, Plug-in will display the certificate chain of the authenticated signer and ask the user whether or not to grant AllPermission to code signed by that principal. Java code that is assigned the AllPermission permission is treated the same as system code, meaning it has all the privileges that system code has. The user can then choose whether or not to grant AllPermission to code signed by that principal, and whether such permission should be granted to any code signed by that principal for all subsequent sessions or for the current session only. "
Hello
I have the same error but just when Im using NetScape for Win2k or Sun or IE for XP. When Im using win2k wih IE6.0 the applet works perfectly. I made my testes with four versions of Java Plug-ins 1.3.1_09, 1.3.1_11, 1.4.0, 1.4.1_02 and the behavior is the same for all cases.
I tried load the applet with the TAG APPLET and OBJECT/EMBED but the problem don t desapear.
I signed the applet with the other certificate generate with keygen but doesnt works.
Anybody knows something about specific problems with Netscape or IE for XP.
Tks.
Dilson
Dilson_msa, I answered your question in your original post. Since no error exception was mentionedin this post I suggest using your original post to solve/discuss it. http://forum.java.sun.com/thread.jsp?forum=63&thread=531824&start=0&range=15#2576880
