Reputation: 943
Java 7 security restrictions for applets
I've implemented an applet and so far has been working with no hassle with Java 6. Recently, when I switched to Java 7 the applet stopped working, showing the following exception in javascript console:
Uncaught Error: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read")
This behavior is consistently reproductible, just switching from one Java version to the other with the Linux command update-java-alternatives.
The applet is self-signed and all its public methods invoke AccessController.doPrivileged(), for example:
public File chooseFile() {
return AccessController.doPrivileged( new PrivilegedAction<File>() {
public File run() {
JFileChooser chooser = new JFileChooser();
chooser.setMultiSelectionEnabled(false);
return chooser.showOpenDialog(null) == JFileChooser.APPROVE_OPTION ?
chooser.getSelectedFile() : null;
}
} );
}
I've solved the problem using a java.policy local file, but requiring special installation procedures is not an option.
Does anybody know which are those Java 7 new security restrictions and/or how to circumvent them?
Upvotes: 0
Views: 1410
Answers (1)
Reputation: 3591
Some information can be found in Do java applets have to be signed with trusted cert authority with new v7 update 21? and http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html
There will be more restrictions in the next scheduled security update in October 2013.
One requirement will be to switch from a selfsigned applet to a certificate from a trusted authority.
Upvotes: 1
Related Questions
- Applet doesn't work on JRE 7
- Java Applet Security Issues
- Applet blocked by java security settings in java 7
- Java applet security error
- Apply the security policy for applet
- Java 1.7.51 internet restrictions for applets
- Java security vulnerability for basic applet
- Applet security setting?
- What Applets Can and Cannot Do
- Applet Security