0

I have a JApplet that I want to give read write print etc permission to. This applet is loaded only from the local file system

I have been reading through the controlling applets part of the java tutorials and have successfully created a policy file, giving permissions and specifying the code base http://docs.oracle.com/javase/tutorial/security/tour1/index.html

To get the example applet to write to the local system successfully I had to add this line to the java.security file. policy.url.3=file:/home/susanj/test/examplepolicy

The question is, How does one achieve the same result through code?.

I assume you start with the Policy class http://docs.oracle.com/javase/6/docs/api/java/security/Policy.html#getInstance%28java.lang.String,%20java.security.Policy.Parameters%29

create a new policy with either one of the getInstance methods

Policy.getInstance(String type,Policy.Parameters params)

Policy. getInstance(String type,Policy.Parameters params, Provider provider)

Policy. getInstance(String type,Policy.Parameters params, String provider)

and add it via the Policy.setPolicy(Policy p) method and then use Policy.refresh();

Unfortunately it seems to fall apart with the getInstance method and things start to get pretty confusing, what I need to know is what type, policy parameters do I need to use as arguments to give full permission to my applet.

This applet is not download from the internet, it is part of a desktop application so I can run a class/jar file with full privileges before the applet loads. I'm assuming you may be able to set the policy file this way before the applet loads?

I am assuming that this is actually the correct way.

Regards

Brett

BMac
  • 87
  • 2
  • 9

1 Answers1

1

It would be a really bad idea if you could modify the policy from within the sandbox...which is what it sounds like you're trying to do.

Have a read through Set up a Policy File to Grant the Required Permission.

You basically need to update the Policy file in the default instance of Java before you can run the Applet.

Or you can sign it.

Community
  • 1
  • 1
MadProgrammer
  • 343,457
  • 22
  • 230
  • 366
  • This applet is not download from the internet, it is part of a desktop application.I can load a class/jar file before the applet loads. I'm assuming you may be able to set the policy file before the applet loads? – BMac Aug 16 '12 at 23:26
  • Shouldn't make a lot of difference, the Applet is operating in restricted security mode, that's how it works by default. You need to enable it to run in "unprotected" mode some how. The best way is to update the default policy file, or supply a different one to the the application, something like `-Djava.security.policy=applet.policy` – MadProgrammer Aug 16 '12 at 23:29
  • How does the eclipse IDE allow applets to be run with full privileges? – BMac Aug 16 '12 at 23:32
  • Depends, does it use it's own applet view or the one that comes with Java? If it's own, it may be implementing it's own security manager or supplying it's own security policy file. Netbeans uses the supplied applet viewer, but it allows you to switch the applet to unprotected mode from within the container – MadProgrammer Aug 16 '12 at 23:33
  • java -Djava.security.manager -Djava.security.policy=file:/C:/app/applet/policy I'm trying what you recommended which is updating the policy file via the command line but I don't seem to be able to make it work. Am I using the correct syntax? – BMac Aug 17 '12 at 01:28
  • I'm not sure about `-Djava.security.manager` but does `-Djava.security.policy` need a "URL" style reference, can it just be `C:\app\applet\policy`?? And is it pointing to a `Policy File` directly?? ie `-Djava.security.policy=C:\app\applet\security.policy` – MadProgrammer Aug 17 '12 at 02:21
  • Thanks for the help. I ended up writing directly to the java.policy file.All good – BMac Aug 17 '12 at 04:36