(yet again) signed applet throws security exceptions
Hi all
I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
So, signing will have to work.
Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
It works on JVM 1.5.0_06 but not on 1.4.2_08.
Please help me make if work under any JVM.
Thanks.
Hi, Can u share the error message that u had encountered.Regards
Of course:
Java(TM) Plug-in: Version 1.4.2_08
Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\miha
Proxy Configuration: Automatic Proxy Configuration
URL: http://orion.nil.si/proxy.pac
-
c:clear console window
f:finalize objects on finalization queue
g:garbage collect
h:display this help message
l:dump classloader list
m:print memory usage
o:trigger logging
p:reload proxy configuration
q:hide console
r:reload policy configuration
s:dump system properties
t:dump thread list
v:dump thread stack
x:clear classloader cache
0-5: set trace level to <n>
-
java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
java.lang.NullPointerException
at net.propero.rdp.ISO.connect(ISO.java:123)
at net.propero.rdp.MCS.connect(MCS.java:84)
at net.propero.rdp.Secure.connect(Secure.java:153)
at net.propero.rdp.Secure.connect(Secure.java:171)
at net.propero.rdp.Rdp.connect(Rdp.java:498)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
FATAL: java.lang.NullPointerException: null
Regards, Miha Vitorovic
Funny thing about my problem is:
Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
All JARs are signed using the same key/certificate.
Both applets try to connect to the same "host1".
Both applets try to use the same proxy - which is different from "host1".
Strange, isn't it?
Regards, Miha Vitorovic
The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
When I tried to move the proxy object down to the child threads, I get the following exception:
Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)
It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
Regards, Miha Vitorovic
