Why do I get an AccessControlException ?
I tried to run an simple applet with a policy-file, but I get AccessControlException.
What am I doing wrong? Do I have to do something more than making the policy- and the class-file.
When I try to run it in the browser, I get this message:
java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)
Here is the policyfile:
grant {
permission java.util.PropertyPermission "user.name", "read";
};
and the applet:
import java.applet.Applet;
import java.awt.Graphics;
public class UserNameApplet extends Applet {
private String userName = System.getProperty("user.name");
public void paint(Graphics g) {
g.drawString("User Name: " + userName, 50, 45);
}
}
[794 byte] By [
Eyvind5a] at [2007-10-1 9:52:50]
Did you try to run the applet with appletviewer?
appletviewer -J-Djava.security.policy=mypolicy.policy myhtmlfile.html
That should have worked.
If you run the applet in a browser make sure you add the file in the java.policy located in
the javadir\lib\security. Which is in my case:
C:\Program Files\Java\jre1.5.0\lib\security
there is allso a file called java.security, here you can add extra policy files to be used
when opening the applet in a browser:
policy.url.3=file:c:/myfolder/.java.policy
or
policy.url.3=http://mysite/.java.policy
Thanks for the help. It worked now.
You say that I "should add the file in the java.policy located in
the javadir\lib\security". But java.policy isn't located in this directory for every
one. So how could I make that work in a browser for everyone?
This is what I'm trying to do:
I have made a screensaver from an applet with screensaver developement software. The applet-screensaver needs to keep counts of how may times it has been started by the user that has downloaded it. To do this, I guess the best approach is to serialize an object that keeps track of this information. To do this, I have to set permissions for reading and writing files.
But is it best to solve this with policy files or signing it with digital
certificates, or with some other approach?
Assuming that saving something is the only privilege the applet needs than you can post
the object to the server where the applet came from and let server side code save this
for the client.
Or sign the applet, especially if this is for "grandma's ol' pc" where the user cannot be
expected to have a decent security set up and you have to work with SUN's default.
Try this thread here, it has info on how to sign and (if so needed) how to doPrivileged
actions.
http://forum.java.sun.com/thread.jspa?threadID=611967
CA signed keys do look a lot more profesional but you'll have to pay for it. Make sure your
applet does not expose any method that are publuc so other applet can take advantage
of the "trust" that people give to your applet.
Self signing is allso possible, the user gets a warning about the applet not beeing of a
trusted company or someting like that. Most users don't really read that stuff anyway. If
they trust your site they will probably click yes and if they don't they will click no anyway.
