Java: What are the various available security settings for applets
I have an applet that throws this exception when trying to communicate with the server (running on localhost). This problem is limited to Applets only - a POJO client is able to communicate with the exact same server without any problem.
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.net
.SocketPermission 127.0.0.1:9999 connect,resolve)
at java.se开发者_如何转开发curity.AccessControlContext.checkPermission(AccessControlContext.java:323)
My applet.policy file's contents is:
grant {
permission java.security.AllPermission;
};
My question is what are the other places where I need to modify my security settings to grant an Applet more security settings?
Thank you.
EDIT: Further investigation has lead me to find that this problem only occurs on some machines - but not others. So it could be a machine level (global) setting that is causing this, rather than a application-specific setting such as the one in the applet.policy file.
EDIT: Another SO question: Socket connection to originating server of an unsigned Java applet
This seems to describe the exact same problem, and Tom Hawtin - tackline 's answer provides the reason why (a security patch released that disallows applets from connecting tolocalhost
). Bearing this in mind, how do I grant the applet the security settings such that in can indeed run on my machine. Also why does it run as-is on other machines but not mine?Seeing this: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1, it's clear that Applets run from localhost (without being deployed to a web server) cannot access localhost.
There is no workaround for this issue as indicated
4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
My suggestion is as follows:
- Signing a Jar file to get more security privileges (http://java.sun.com/docs/books/tutorial/deployment/jar/signindex.html)
It stipulates:
Users who verify your signature can grant your JAR-bundled software security privileges that it wouldn't ordinarily have.
- Running your applet from a web server (such as Tomcat) and accessing it locally through your browser.
精彩评论