CODEWITHSUNDEEP
javajarapplet
wlk
wlk

Reputation: 5785

Trouble writing file from within a java applet

I have created simple Java class to test file writes from applets:
update appeared

public class localfile extends Applet{
public localfile(){
    try {
        File f = new File("testfile.txt");
        BufferedWriter out = new BufferedWriter(new FileWriter(f,true));
        out.write("test");
        out.close();
    }
    catch(Exception x)
       System.err.println(x.toString());
   }
}

I have created and signed jar:

jar cvf localfile.jar localfile.java
jarsigner localfile.jar yourkey

html looks like: <applet code="localfile.class" archive="localfile.jar", width=300, height=600>

The error I get every time I run this applet is:

java.lang.SecurityException: trusted loader attempted to load sandboxed resource from file:/home/w/test/
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(CPCallbackHandler.java:308)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(CPCallbackHandler.java:121)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(CPCallbackHandler.java:473)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Plugin2ClassLoader.java:701)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Applet2ClassLoader.java:206)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Plugin2ClassLoader.java:520)
at sun.plugin2.applet.Plugin2Manager.createApplet(Plugin2Manager.java:2940)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1444)
at java.lang.Thread.run(Thread.java:619)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from file:/home/w/test/

What is strange: I have created similar applet to read files and it works ok.

Any thoughts?

I was running this applet on both browser and applet viewer. What is strange given applet doesn't work on applet viewer and throws exception, but on browser it is fine.

java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:725)
at localfile.<init>(localfile.java:15)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:785)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:714)
at sun.applet.AppletPanel.run(AppletPanel.java:368)
at java.lang.Thread.run(Thread.java:619)

So, beside this strange behaviour I consider my problem solved. Thanks everyone:)

Upvotes: 3

Views: 5708

Answers (5)

zawhtut
zawhtut

Reputation: 8551

I knew this is quite late. But just to help whoever look-up to this error -

Using Ant, multiple jars can be signed at one shot, for example java-comm.jar etc

<target name="applet.sign" description="Sign the applet jar">
<signjar jar="${applet.dir}/*.jar"
         storepass="${applet.key.password}"
         keystore="${applet.keystore}"
         alias="${applet.key.alias}"
         keypass="${applet.key.password}" />

This wil sign all the jar in the directory.

Upvotes: 1

Tom Hawtin - tackline
Tom Hawtin - tackline

Reputation: 147154

I believe your problem is that directory including the file you are trying to load is within the codebase where class files and application resources are looked up. So, you end up mixing trusted and untrusted resources, which is not secure. If the applet is hosted on an http, or better https, server then the issue doesn't arise for files.

Note you can use the JNLP APIs for applets to "open" or write files through a file dialog.

Your resource handling leaves the file open in the case of exceptions. Resource handling should be written in the style:

Resource resource = acquire();
try {
     use(resource);
} finally {
     resource.release();
}

In your specific case:

final FileOutputStream rawOut = new FileOutputStream(file);
try {
    ...
    out.flush();
} finally {
    rawOut.close();
}

Upvotes: 0

Powerlord
Powerlord

Reputation: 88796

With some finagling, you can include a policy file in a jar. Refer to the SO question jar policy file for more information.

Otherwise, consider making a Java WebStart application, which can read/write files more easily.

Upvotes: 1

omarello
omarello

Reputation: 2693

http://java.sun.com/docs/books/tutorial/security/tour1/step2.html

This should help you out with creating the policy file and associating with your code base

Upvotes: 1

Tobias P.
Tobias P.

Reputation: 4665

Did you provide a policy to allow reading files from the filesystem?

Seems that you only signed the jar but didn't use policytool.

Upvotes: 2

Related Questions