Geek Answers Handbook

Can signed applets connect to another host from which they originate?

I need an applet to open the socket and communicate with the server listening on the local host to which the applet is loaded (end-user machine).

contrary to what I read about applet security, it seems that even signed applets cannot open the socket to another host from which they were downloaded (it works fine on the same computer)

I certified the applet using -selfcert, signed it using jarsigner, and yet, when it tries to open the socket to another host, I get:

Java.lang.Exception: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:9999 connect,resolve)

I even tried changing the Java policy file, although this is not required with signed applets:

grant codeBase "http://applethost:8080/socket" { permission java.security.AllPermission; permission java.lang.RuntimePermission "usePolicy"; };

What is a deal with sigend applets, can they connect to another host or not?

+4
source share
1 answer

Yes, when you download your applet, if you decide to accept its certificate and trust it, it is provided with AllPermission, which includes SocketPermission. I wrote a signed applet before it connects to a host other than the one from which it was loaded. You can try temporarily changing the Java policy file to just

 grant { permission java.security.AllPermission; };
  • Look in the policy file to determine if it defines other policy.url locations, maybe they interfere.
  • Perhaps check your browser settings for javascript.
  • Make sure you accept the certificate for the applet and install it in your list of site certificates.
  • Make sure you have a grantBase line of code similar to the code base of your applet manifest.
  • You can try printing a list of permissions that your applet has before attempting to connect.
  • You can try to programmatically provide AllPermission from the applet.
+1
source

More articles:


All Articles