Same plugin, two browsers, security exception in one of them

Applet might use proxy settings of the browser or you might have come

to the wrong conclusion.

Try out a full trace.

http://forum.java.sun.com/thread.jspa?threadID=656028

Whith this applet: Test.java

import java.io.ByteArrayOutputStream;

import java.io.IOException;

import java.io.InputStream;

import java.net.HttpURLConnection;

import java.net.URL;

import java.net.URLConnection;

import java.io.OutputStream;

import java.net.URLEncoder;

import java.applet.*;

public class Test extends Applet {

// used if run as application

public static void main(String args[]) {

if(args.length!=0){

new Test(args);

}

new Test();

}

public Test() {

try{

System.out.println(new String(this.openURL("http://www.google.com",null),"UTF-8"));

}catch(Exception e){

e.printStackTrace();

}

}

public Test(String[] args){

int i = 0;

while(i<args.length){

// do something with the encoding, I am assuing utf-8

// but the openURL method can check the header for you

try{

this.openURL(args[i],null);

}catch(Exception e){

e.printStackTrace();

}

i++;

}

}

public byte[] openURL(String urlpath,URL u) {

// it is VERRY importaint to read the entire response

// if you want to connect to the same server again

// this is because closing the inputstream does not close the socket

// and response data from a previous request could be mixed up with the current

InputStream is;

byte[] buf = new byte[1024];

URLConnection urlc = null;

try {

URL a = null;

if(u!=null){

a = u;

}else{

a = new URL(urlpath);

}

urlc = a.openConnection();

urlc.setDoOutput(false);

is = urlc.getInputStream();

int len = 0;

ByteArrayOutputStream bos = new ByteArrayOutputStream();

while ((len = is.read(buf)) > 0) {

bos.write(buf, 0, len);

}

// close the inputstream

is.close();

return bos.toByteArray();

} catch (Exception e) {

e.printStackTrace();

try {

// now failing to read the inputstream does not mean the server did not send

// any data, here is how you can read that data, this is needed for the same

// reason mentioned above.

((HttpURLConnection) urlc).getResponseCode();

InputStream es = ((HttpURLConnection) urlc).getErrorStream();

int ret = 0;

// read the response body

while ((ret = es.read(buf)) > 0) {

}

// close the errorstream

es.close();

} catch (IOException ex) {

ex.printStackTrace();

// deal with the exception

}

}

return new byte[0];

}

}

html page (same dir as applet)

<object

classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"

>

<PARAM NAME = CODE VALUE = Test ><PARAM NAME = ARCHIVE VALUE = sTest.jar >

<param name = "type" value = "application/x-java-applet">

<param name = "scriptable" value = "false">

<comment>

<embed

type = "application/x-java-applet" \

CODE = Test \

ARCHIVE = sTest.jar

scriptable = false

><noembed>

</noembed>

</embed>

</comment>

</object>

batchfile to sign the applet (same dir as applet and html file)

del *.cer

del *.com

del *.jar

del *.class

javac Test.java

keytool -genkey -keystore harm.com -keyalg rsa -dname "CN=Harm Meijer, OU=Technology, O=org, L=Amsterdam, ST=, C=NL" -alias harm -validity 3600 -keypass password -storepass password

rem keytool -export -alias harm -file exportPublicKey.cer -keystore harm.com -storepass password

jar cf0 test.jar Test.class

jarsigner -keystore harm.com -storepass password -keypass password -signedjar sTest.jar test.jar harm

del *.class

pause

harmmeijera at 2007-7-14 1:00:30 >

And, after signing the applet with the new key, I still get the same error:

java.security.AccessControlException: access denied (java.net.SocketPermission obelix.nil.si resolve)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkConnect(Unknown Source)

at java.net.InetAddress.getAllByName0(Unknown Source)

at java.net.InetAddress.getAllByName0(Unknown Source)

at java.net.InetAddress.getAllByName(Unknown Source)

at java.net.InetAddress.getByName(Unknown Source)

at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:621)

at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:228)

FATAL: java.security.AccessControlException: access denied (java.net.SocketPermission obelix.nil.si resolve)

Oh, and the applet with the libraries comes in 5 JARs, if it matters.

Regards, Miha Vitorovic

Miha.Vitorovica at 2007-7-14 1:00:30 >

> Are all 5 jars signed(the same)?

> Are all 5 jars downloaded from (archive value of the

> applet/object/embed tag)?

>

Thanks for your help, but I forgot to mention something (I opened this thread in another forum, because this one seemed totally dead to me).

There was just one policy file (left over from earlier tesing), but that is what was causing the mismatch - with Firefox the plugin was honouring the policy file, IE behaved like there is not policy file at all, and like the applet was not signed.

> You might edit the java.policy to give fullpermission

> and see if that helps,

> check and see if there are more than 1 java.policy

> files (several versions

> of jre installed).

After I removed the poslicy file, both browser started beave the same, that is both are throwing the Security exception.

The policy was specified to allow resolve and connect. As I said, it worked from FF, but not from IE.

But the JARs are signed. All using the same key.

<param name="archive" value="properJavaRDP-1.1.jar,properJavaRDP12-1.1.jar,FakeLogger.jar,NilProxy.jar" />

This is it. I just removed one of the JARs from this line - it is not needed anyway.

But, as you can imagine it is driwing me crazy.

Regards, Miha

Miha.Vitorovica at 2007-7-14 1:00:30 >