Java FileOutputStream access denied to a signed applet

Question

I'm developping a Java Applet that must access the visitor's filesystem, so i compressed my .class file to a .jar file with self-signed cert, when I'm opening the call.html file with my browser (file where is located the <applet> HTML tag), I accept the security popup then i'm getting this error in the Java console:

java.security.AccessControlException: access denied (java.io.FilePermission output.txt write)

I'm using a FileInputStream and a FileOutputStream. FileInputStream works but not FileOutputStream, why?

Here's my code:

try {
      AccessController.doPrivileged(
          new PrivilegedExceptionAction() {              
              @Override 
              public Object run() throws FileNotFoundException {
                  outFile = new FileOutputStream("output.txt");
                  inFile = new FileInputStream("input.txt");
                  return "test";
              }
          }
      );
} catch (PrivilegedActionException e) {
    throw (FileNotFoundException) e.getException();
}

I've tried many way to make privileged actions, FileInputStream is always working, whereas FileOutputStream isn't. output.txt is not read-only file.

Answer 1

Access permission is granted with a policy file, and appletviewer is launched with the policy file to be used for the applet being viewed.

Creating a Policy File

Policy tool is a Java 2 Platform security tool for creating policy files. The Java Tutorial trail on Controlling Applets explains how to use Policy Tool in good detail. Here is the policy file you need to run the applet. You can use Policy tool to create it or copy the text below into an ASCII file.

grant {
       permission java.util.PropertyPermission 
   "user.home", "read";
       permission java.io.FilePermission 
   "${user.home}/text.txt", "read,write";
     };

Here is the full link for applets permission http://java.sun.com/developer/onlineTraining/Programming/BasicJava1/data.html