CODEWITHSUNDEEP
javajavascriptsecurityapplet
MKT
MKT

Reputation: 665

Applet method calling from Javascript

I have an applet to upload some files from specific folder and delete them,but something is wrong when I call an applet function from my javascript code, when I call that function from init() it works fine.

My applet code :

public class Uploader extends Applet {
   String serverPath;
   String clientPath;
   private JSObject win;
   @Override
   public void init() {
       serverPath = getParameter("serverPath");
       clientPath = getParameter("clientPath");
       try {
           win = JSObject.getWindow(this);
       } catch (JSException e) {
           log.warning("Can't access JSObject object");
       }
       upload(topic,clientPath);
   }
   public void upload(String topic,String clientPath) {
       log.log(Level.SEVERE, "upload functiond");
       DefaultHttpClient client = new DefaultHttpClient();
       MultipartEntity form = new MultipartEntity();
       log.log(Level.SEVERE, "upload functiond2");
       try {
            File directory = new File(clientPath);
            log.log(Level.SEVERE, "upload functiond2.2");
            File[] files = directory.listFiles();
            log.log(Level.SEVERE, "upload functiond2.5");
            int i = 0;
            for (File file : files) {
                log.log(Level.SEVERE, "upload functiond2.6");
                i++;
                form.addPart("file" + String.valueOf(i), new FileBody(file));
                System.out.println("adding file " + String.valueOf(i) + " " + file);
                log.log(Level.SEVERE, "adding file " + String.valueOf(i) + " " + file);
            }
            log.log(Level.SEVERE, "upload functiond3");
            form.addPart("topic", new StringBody(topic, Charset.forName("UTF-8")));
            form.addPart("action", new StringBody(action, Charset.forName("UTF-8")));
            form.addPart("path", new StringBody(serverPath, Charset.forName("UTF-8")));
            HttpPost post = new HttpPost(serverPath);
      ....

and this is my javascript code:

document.applet.upload(title,"c:\scan");

When I called from javascript only log printed:

log.log(Level.SEVERE, "upload functiond2.2");

Note that when I call from init method of applet it works fine.

I wrap my code into a PriviligedAction, but goes only one step forward and hang on 

log.log(Level.SEVERE, "upload functiond2.5");

Upvotes: 4

Views: 1591

Answers (1)

Andrew Thompson
Andrew Thompson

Reputation: 168845

The interaction of Java and JS complicates security. The JRE cannot trust the JS, so it decides the entire 'chain of operations' that include your code is untrusted. There is a way to fix it.

The code needs to be wrapped in a PrivilegedAction and called using one of the AccessController methods that doPrivileged(..). Look at the top of the AccessController docs. (above the methods) to see example usage.

Upvotes: 4

Related Questions