Signed applet to open local file problem with IE6 / Firefox
Hello
I have a signed applet to open a local file, with this code :
...
try{
URL destination=null;
File f=new File(adresse);
destination=f.toURL();
AppletContext ac=applet.getAppletContext();
ac.showDocument(destination,"_blank");
}
catch (MalformedURLException e)
{
System.out.println(e.toString());
}
...
It works perfectly with Netscape 7.01 and IE 5.5, but not with IE6.0 or Firefox 1.0...
(using SUN JVM 1.4.2_04), and there is no trace/error message
With a http link, it works for all browsers...
...
try{
URL destination=new URL("http://my.site/mypage.htm");
AppletContext ac=applet.getAppletContext();
ac.showDocument(destination,"_blank");
}
catch (MalformedURLException e)
{
System.out.println(e.toString());
}
...
Any idea ?
Thanks
[1443 byte] By [
TipJa] at [2007-10-1 2:51:45]
When you create a File object it will try to read a property named user.dir.
A normal unsigned applet is not allowed to do that.
Don't know why it only tries to read user.dir in Firefox or IE but it does.
You only have to create a URL object anyway.
import java.applet.Applet;
import java.applet.AppletContext;
import java.net.URL;
public class test extends Applet {
public void init() {
try {
//URL destination = null;
//File f = new File("test.jpg");
//System.out.println("file is now: " + f.getAbsolutePath() );
URL destination = new URL(this.getCodeBase() ,"test.jpg");
System.out.println("URL is now: " + destination.getPath() );
AppletContext ac = this.getAppletContext();
ac.showDocument(destination, "_blank");
} catch (Exception e) {
e.printStackTrace();
}
}
}
Thanks
Well, I think your code works fine
but in my problem the file the applet tries to open is not in my applet "path"....
The first time someone uses the applet, he can download some files anywhere on his computer
If he download a file(with a JFileChooser to select the path), a key is created in the registry (using simply Preference.put("File_n","CompletePathToFile");
) .
When you look in the registry, it shows something like
Name = "File_1"
Value = ""/E://temp//test.jpg"
The next time the user want to see the file, if there is a good value in the registry, the applet try to open the file from the path in the registry, else it opens the file from the web...
I think the path is good (it works with IE5.5, Netscape 7.01) else there will be an exception...
Here is the real code
...
// http file location
String adresse=null;
// local file location
String adresseLocale=null;
// Document type (html, image, sound...)
int typeLien=-1;
// get http file location (exists always)
adresse=elem.getLienWeb();
// get local file location (may exists, or "")
adresseLocale=elem.getEmplacementLocal();
// get document type
typeLien=elem.getTypeLien();
try{
/**
* FIXME BUG...
*/
URL destination=null;
if (adresseLocale!="") //$NON-NLS-1$
{
File fichier=new File(adresseLocale);
destination=fichier.toURL();
fichier=null;
}
else
destination=new URL(adresse);
/*
System.out.println("getAuthority= "+destination.getAuthority());
System.out.println("getFile= "+destination.getFile());
System.out.println("getHost= "+destination.getHost());
System.out.println("getPath= "+destination.getPath());
System.out.println("getProtocol= "+destination.getProtocol());
System.out.println("getQuery= "+destination.getQuery());
System.out.println("getRef = "+destination.getRef());
System.out.println("getUserInfo= "+destination.getUserInfo());
System.out.println("toString= "+destination.toString());
System.out.println("toExternalForm = "+destination.toExternalForm());
*/
AppletContext ac=m_applet.getAppletContext();
if (typeLien!=ConstantsChaud.LIEN)
{
ac.showDocument(destination,"_blank"); //$NON-NLS-1$
}
else
{
ac.showDocument(destination,"_self"); //$NON-NLS-1$
}
}
catch (MalformedURLException e)
{
System.out.println(e.toString());
}
..
TipJa at 2007-7-8 15:28:17 >
ps : sorry for my poor english...
TipJa at 2007-7-8 15:28:17 >
This should work:
import java.applet.Applet;
import java.applet.AppletContext;
import java.net.URL;
public class test extends Applet {
public void init() {
try {
//URL destination = null;
//File f = new File("test.jpg");
//System.out.println("file is now: " + f.getAbsolutePath() );
String path = "file:/C:/temp/";
URL destination = new URL(new URL(path) ,"test.jpg");
System.out.println("URL is now: " + destination.getPath() );
AppletContext ac = this.getAppletContext();
ac.showDocument(destination, "_blank");
} catch (Exception e) {
e.printStackTrace();
}
}
}
> ps : sorry for my poor english..
No problem
I will try, then update the post...but I can't try with IE6.0 at this time, my computer is out of order...
TipJa at 2007-7-8 15:28:17 >
Hello
Your code works perfectly directly on local machine (IE5.5 and FF) as my old one...
Then I put your code in a JAR and sign it like this
keytool -genkey -alias SignatureTest
jar.exe cvf test.jar test.class
jarsigner -verbose test.jar SignatureTest
and test it on my local machine : it works great (FFopen my file as I accept to use the applet)
but infortunately then I put it in the real world on the distant server and it stills not work on FF with no error and works great with IE5.5 :-(((
I've checked all the proxies/firewall/anti-virus parameters and all is good...it works on my local machine, not on the web...
Or am I doing something wrong when I sign the applet ? (it's my first experience with applet and signed applet...)
Another idea ?
Thanks...
TipJa at 2007-7-8 15:28:17 >
When the codebase of the test.jpg is different than the codebase of the applet than
the applet has to be signed and the entire stack has to have access on reading the file.
So if the applet comes from http"//myServer it cannot read your local file system (if it's not
signed or any code in the call stack is not signed)
But if the applet comes from c:\myFolder than there is no problem.
Maybe the applet is not signed correctly or you call methods in your applet from javascript
since the plugin.jar is never and can never be "trusted" the call stack runs under the
applet security.
On signing and/or calling from javascript:/unsigned code
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post
Good luck and have a nice weekend.
Thanks again for your help
I don't believe I use javascript (there is no javascript code in your sample code, and I use a very simple html page), and I still don't understand why it works for IE5.5
I'll follow the link to try to solve my problem ...
I will keep you inform....
TipJa at 2007-7-8 15:28:17 >
Hello again
There's something I don't undestand...
java applet code
import java.applet.*;
import java.net.*;
public class test extends Applet {
public void init() {
try {
String path = "file:/C:/Temp/";
URL destination = new URL(new URL(path) ,"test.jpg");
System.out.println("URL is now: " + destination.getPath() );
AppletContext ac = this.getAppletContext();
ac.showDocument(destination, "_blank");
} catch (Exception e) {
e.printStackTrace();
}
}
html code
<html>
<head>
<title>test</title>
</head>
<body>
<applet CODE = "test.class" ARCHIVE = "sTest.jar" width=350 height=200></applet>
</body>
</html>
Signature
javac -classpath ".;D:\Program Files\Java\j2re1.4.2_04\lib\plugin.jar" test.java
keytool -genkey -keystore mag -keyalg rsa -alias harm -validity 3600 -keypass password -storepass password
jar cf0 test.jar *.class
jarsigner -keystore mag -storepass password -keypass password -signedjar sTest.jar test.jar harm
With a debug the signature looks good in the logs (translation by google, not sure of the correct words...)
...
The checking of the certificate using the certificates CA root failed
Piled up method
Unstacked method
Selected user: 0
The user granted the rights of access to the code for this session only
Addition of the certificate in the storage section of the certificates of session JPI
Certificate added in the storage section of the certificates of session JPI
Recording of the certificates in the storage section of the certificates of session JPI
Certificates recorded in the storage section of the certificates of session JPI
URL is now: /C:/Temp/test.jpg
Javascript: Activated UniversalBrowserRead
Javascript: Activated UniversalJavaPermission
What are the 2 last line ? (appears only in firefox, not in IE55...don't have another browser yet 'cause my graphic card and motherboard are out of order :-(
Why in firefox, in the javascript console, there is a "message" (again translation by google...) but everything is alright in the java console ?
Error of safety: the contents located at http://www.distantserver.com/Demo/test/test.html cannot charge of data or establish a bond towards file:///C:/Temp/test.jpg.
Thanks in advance (and sorry if I only don't understand something from your link because of my english level...)
TipJa at 2007-7-8 15:28:17 >
Hello
I have solved my problem using a "cheat code", found here http://www.javaworld.com/javaworld/javatips/jw-javatip66.html with the signed applet.
It works with IE6,Ff1 and Ns7
-
but, using the old code (showDocument) with JVM1.5
- it works "offline"
- it stills doesn't "online" work with IE6.0 (why ?)
- it still works "online" with NS7.02
- it still doesn't work "online" with Ff1.0 with a "message" in the javascript console, but not exactly the same as with JVM1.4, there's a "livescript" before Javascript ...
I think there is a "bug" with Firefox using JVM (is it firefox who has a problem ? or is it JVM ?...livescript seems to be a Netscape specific function...)
Is anyone have an answer for all the cases ?
Anyway, it works with the tips...
Bye
TipJa at 2007-7-8 15:28:17 >
Hello, I think your problem is the same as that one found at http://windowsxp.mvps.org/ie/elevlocalfile.htm. It is restricted to open local files from IE, although your code is signed. This issue is a new security feature in IE 6 SP1 and later.
