self certificate applet, file access under different jre issue!

Hi,

I have a jarsigner signed applet with a self certificate which seems to throw java.security.AccessControlException: access denied (java.io.FilePermission when trying to read a file from the user temp internet folder.

What puzlles me is that this applet seems to work in different environment.

I tested it in 2 citrix environment on IE, one with jre 1.3.1_02 which worked fine and another one with jre 1.4.1_02 which failed with the error above.

Also tried it from my machine with jre 1.3.1_17 and got the same error.

Could this be a security change between the different jre versions?

Should my self certified applet be able ot read files under any jre?

[700 byte] By [m.belleca] at [2007-10-2 11:15:04]

«« Show the contents of the ComboBox when the mouse hovered over.
»» is there a way to add a graphics object to a jscrollpan?

# 1

Since 1.4.1_02 the jre will check the stack of the currently running code and let

that deside if the currently running code is "trusted".

If your signed and trusted applet has a method called from javascript than it will

fail because javascript is not trusted. This is according to the specs.

So jre versions before 1.4.1_02 actually had a security bug.

Check out the link below to see how to make your signed applet work

Signing applets:

http://forum.java.sun.com/thread.jsp?forum=63&thread=524815

second post and reply 18 for the java class file using doprivileged

Still problems?

A Full trace might help us out:

http://forum.java.sun.com/thread.jspa?threadID=656028

harmmeijera at 2007-7-13 4:03:57 >

top of Java-index,Security,Signed Applets...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

self certificate applet, file access under different jre issue!

Security New Topic

Security Hot Topic

Security

All Classified