Communications permission trouble when calling into Java from javascript

I have a little graphics editing Java applet embedded in an HTML/Javascript/jquery page.

I have a save button on the page that pops up a jquery dialogue which calls a Java function.

When that function tries to access the server it dies on a permission error. The identical code works to load the graphics object.

I am currently assuming that the call to Java from Javascript is not in the applet context (separate thread?), so there is no place it was loaded from and therefor cannot talk to it.

Is there any way to get into the correct context?

I expect I can work around it by putting the save button 开发者_Go百科in the Java applet and using a Java dialogue to get the other data. Long term going to HTML5 canvas is the solution I think.

The security model of JavaScript -> Java calls says that even calls into a signed applet are treated as untrusted. To avoid this, if you know what method is being called, you can use AccessController.doPrivileged() to allow the call to execute with the right privileges. However, be aware that anyone can embed your applet and use their own JavaScript to call into it, so this solution does have security consequences that you should consider carefully.

You either have set permission in policy file (${user.home}.java.policy) - you can do it manually or with polictool (in JDK bin directory). See Set up a Policy File to Grant the Required Permission.This has to be done for on each client's machine that will use your applet.

Another way is to sign your applet.

More details on applet security can be found at wiki and in Java Plug-in Developer Guide.

It is important to note that an unsigned applet can only communicate with the server from which it was served. To communicate with a different server, the applet needs to be signed. More info here.