Applet loading despite denying permissions

Question

I have an applet which runs in a browser.

I expect that when the use denies the permission for the applet to run, it should not run and give an AccessControlEception or something similar.

However, surprisingly, even after the user has denied permissions, the applet still keeps running. Here is part of the trace from the Java Console.

security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
security: Checking if certificate is in Deployment session certificate store
security: User has denied the priviledges to the code
security: Adding certificate in Deployment denied certificate store
security: Added certificate in Deployment denied certificate store
basic: Applet loaded.
basic: Applet resized and added to parent container

Isn't it expected that after the user has denied privileges, the applet shouldn't load? What's going on here?

Answer 1

If additional privileges are requested but denied, then the applet continues to run as normal. Otherwise you'd have the area of the page broken. The author of the applet may decide to continue with standard applet functionality or display some kind of permissions denied message. Unfortunately many applets are of sufficiently poor quality (which is a bit worrying for code that's supposed to be trusted) that they just fail throwing exceptions.

Answer 2

..think I got the solution. If the user denies permissions, the applet still loads with limited privileges, and if the user grants permissions, the applet loads with all privileges

You think wrong. An Iced Tear JRE will not load the applet at all if it requests extended privileges and the user refuses. It is a decision that comes down to the manufacturer of the JRE.