Reputation: 65
What permissions must be granted for applets to write temporary files?
We're developing an applet and need it to be able to read/write files in the user's temporary files directory (e.g. C:\Documents and Settings\USERNAME\Local Settings\Temp).
The applet is signed, the user clicks the 'allow' option on applet startup, and the Java Control Panel has "Allow user to grant permissions to signed content" and "Allow user to grant permissions to content from an untrusted authority" enabled.
However, on startup, we get a SecurityException:
java.lang.SecurityException: Unable to create temporary file
at java.io.File.checkAndCreate(Unknown Source)
at java.io.File.createTempFile(Unknown Source)
at java.io.File.createTempFile(Unknown Source)
at com.jniwrapper.util.AppletHelper.b(SourceFile:104)
at com.jniwrapper.util.AppletHelper.a(SourceFile:79)
at com.jniwrapper.util.AppletHelper.b(SourceFile:50)
at com.jniwrapper.util.AppletHelper.init(SourceFile:122)
at com.x.Y.init(Y.java:31)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Unable to create temporary file
If we edit the java.policy file to grant all to everything then the applet works OK but this is clearly insecure. What minimal permissions must we grant to allow the applet to read/write/create files in the user's temporary files directory?
Upvotes: 3
Views: 9588
Answers (2)
Reputation: 418
Got to that same point. To grant the permission as close as possible to what is needed minimally, you can grant a FilePermission on ${java.io.tmpdir}\- with actions read,write,delete. This worked for me.
Of course you have to replace the ${...} by the value of the system property java.io.tmpdir. This property is used by java.io.File.createTempFile.
Note: With someDir\- you grant recursive access to all subdirs of the someDir path. At this point you can use someDir\* but I haven't tested it.
If you use policy files to grant permissions there is a good chance that those files already support referencing system properties. But google that again to be sure. If you use a custom policy implementation you can easily create the permission java.io.FilePermission.
Upvotes: 0
Reputation: 1245
Using the policy file is kinda ok for testing but you should not be relying on it for your finished code, especially when granting a file permission, it is dangerous.
To interact with files you need to do the following.
Sign your jar - tons of tutorials like this, you can just do a self signed one.
Add the file creation code to a privileged block here is an example
File myFile = (File) AccessController.doPrivileged(new PrivilegedAction() { public Object run() { return new File("C:\\MyFolder\\MyFile"); } });
Upvotes: 6
Related Questions
- How to resolve permission issue in applet?
- access denied ("java.io.FilePermission" "execute")
- Allow Java applet to file system access and recording without modifying java policy file?
- Not able to create files and Folder on MAC using java applets - Operation not Permitted
- Applet java.io.FilePermission exception
- How to write to a file in applets in java?
- signed Java applet causes AccessControlException when writing files to local system
- how to provide access permission for applet to write on file system
- Write file on client system using applet
- Java Applet File Permission Errors