SecurityException in signed applet, but only in non-inherited functions...
Hello.
I'm developing an applet that writes a log (myApplet.log) to file using FileOutputStream. To avoid the SecurityException, I'm signing the applet, but as strange as this can look, I only can to write to the file from the functions inherited from the Applet class!!! (init, start, stop, destroy). Any other attempt to write to the file is rejected with:
SecurityException
access denied (java.io.FilePermission myApplet.log write)
It means, I can generate the log from these four functions (or from any function called from them), but not from the same functions if they are called from another side.
The applet is self signed, and all the obvious stuff was already checked (certificate accepted, file permission in disk, quota, etc.)
Does anybody have a clue about how to write to a file from any function in the applet. I'm running a secondary thread in the applet that watches for incoming events, so I can't force the writing to be done from the base applet functions.
I've noticed the same behavior when I try to open a socket from a function different than the mentioned, I also get a SecurityException in that case.
Thanks a lot for your help.
> if they are called from another side.
What "other side"? Do you mean JScript? Or classes that were not in a
signed jar, or classes that are in a differently signed jar?
Put all your classes in one signed jar and all 3rd party jars/classes
in lib/ext of the clients (or provide them in a signed jar).
Or
Use doPrivileged
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028
> > if they are called from another side.
> What "other side"? Do you mean JScript? Or classes
> that were not in a
> signed jar, or classes that are in a differently
> signed jar?
By other side, I'm refering to any other function in the same signed applet. For example, I've a setDatabaseValue function, like this:
public void dbSetDatabaseValue(String szValue)
{
// Set some value in a database
.......
// Print some results to log file using FileOutputStream
.....
}
If I call this function from init(), start(), stop() or destroy() functions in the applet, I can see how the log is correctly written. But, if I do the same call to the function from another function (for example, from a thread inside the applet), I receive the mentioned SecurityException.
> Put all your classes in one signed jar and all 3rd
> party jars/classes
> in lib/ext of the clients (or provide them in a
> signed jar).
I'm already doing this...
> Or
>
> Use doPrivileged
I'm gonna try this, but I have the feeling it won't work either.
> Signing applets:
> http://forum.java.sun.com/thread.jsp?forum=63&thread=5
> 24815
> second post and reply 18 for the java class file
> using doprivileged
>
> Still problems?
> A Full trace might help us out:
> http://forum.java.sun.com/thread.jspa?threadID=656028
Ok, thanks for the links, I'll read them.
Hope we can solve this together.
> Hope we can solve this together.
It worked!!! Your suggestion was OK, doPrivileged was the key.
If somebody find it useful, the solution steps were:
1.- Sign the applet.
2.- Surround the portion of code that was producing the SecurityException with the doPrivileged.
From:
*****************************************************************
String szLog = new String("Just a sample");
try{
FileOutputStream fLog = new FileOutputStream("log.txt",true);
fLog.write(szLog.getBytes());
fLog.close();
}
catch(FileNotFoundException eFNF){
eFNF.printStackTrace(System.err);
}
catch(IOException eIO){
eIO.printStackTrace(System.err);
}
catch(SecurityException eS){
eS.printStackTrace(System.err);
}
*****************************************************************
To:
*****************************************************************
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
String szLog = new String("Just a sample");
try{
FileOutputStream fLog = new FileOutputStream("log.txt",true);
fLog.write(szFullLog.getBytes());
fLog.close();
}
catch(FileNotFoundException eFNF){
eFNF.printStackTrace(System.err);
}
catch(IOException eIO){
eIO.printStackTrace(System.err);
}
catch(SecurityException eS){
eS.printStackTrace(System.err);
}
return null;
}
});
*****************************************************************
This can be improved (taking variables outside the AccessControler scope), but, at least it works :-)
Thanks a lot for the help.
