1

I have a Java Applet that is using a library I made. The library, used inside another project on Eclipse works perfectly. On the applet, when I call the constructor of the "main" class, I get a PrivilegedActionException. The only thing the constructor does is creating an instance of an object that, ultimately, implements Java's Serializable, which is used to access the internet. You can see the class here: CommonsDataLoader.java. This class implements DataLoader.java that, as you can see, implements Serializable.

I can run a test function inside the applet that simply receives a string from JS and returns a new one. This works perfectly.

So... I don't seem to be doing anything wrong here, nor accessing anything out of the ordinary. So why the exception?

NOTES:

I'm using maven to build the jar. The manifest is created using the <addDefaultImplementationEntries>true</addDefaultImplementationEntries> tag of the maven-assembly-plugin. I considered that I had to provide the Permissions: all-permissions to the manifest, but if I do this, the test function doesn't even work.

EDIT:

Manifest's header:

Manifest-Version: 1.0
Implementation-Title: myApplet
Implementation-Version: 0.0.1-SNAPSHOT
Archiver-Version: Plexus Archiver
Built-By: pedrocunha
Implementation-Vendor-Id: myProject
Created-By: Apache Maven
Build-Jdk: 1.8.0_25

Line on the manifest concerning DataLoader:

Name: eu/europa/ec/markt/dss/validation102853/loader/DataLoader.class
SHA-256-Digest: Aua3IW0faYfh4Mf3Q08wMxZc/WU0S2DuF6fJoE+pRpM=

Line on the manifest concerning CommonsDataLoader:

Name: eu/europa/ec/markt/dss/validation102853/https/CommonsDataLoader.class
SHA-256-Digest: d4zCM6GVllA0Fy/pm4D6Z8OZf+jHR58VPCUIq786cr0=
Sidner
  • 383
  • 4
  • 16
  • Is this library signed too? Please post your manifest file. – Tomasz Dzięcielewski Oct 30 '14 at 14:12
  • Yeah, on the manifest, there's an entry for each .class with its respective SHA-256 Digest. The file is a little too big to put here, but I've edited into the question the lines about dataloader and commonsdataloader. – Sidner Oct 30 '14 at 15:10
  • Look at this question: http://stackoverflow.com/questions/5868100/signed-applet-running-a-privilegedaction-still-fails-with-an-accesscontrolexcept What certificate do you use? Official or your own? – Tomasz Dzięcielewski Oct 31 '14 at 06:25
  • Official. I tried my own, didn't work, so I used the company's I'm working at. – Sidner Oct 31 '14 at 06:36
  • From documentation: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions If you have all-permissions and your applet is signed with official certificate, applet will work as a desktop application. PriviledgeActionException is thrown, because applet is trying do something outside of the sandbox. Improve your test function or tell me, where exception is thrown (what applet is trying to do). – Tomasz Dzięcielewski Oct 31 '14 at 07:47
  • As I said, what is throwing the exception (no idea where it's throwing, it just is, maybe the javascript throwing it) is the initialization of the a CommonsDataLoader variable. I've tried wrapping it up inside a doPrivileged, but to no avail as well. I'm this close to giving up on the applet idea and just do a desktop client, since I have no idea wth is going on... – Sidner Oct 31 '14 at 10:55
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/64004/discussion-between-tomaszdz-and-sidner). – Tomasz Dzięcielewski Oct 31 '14 at 11:09

1 Answers1

0

So, I think I figured out what was missing/happening. First and foremost, there was an issue with some of the poms of subprojects that were declared as pom and not as jar. Then, the manifest needs the all-permissions declaration and the codebase. I assigned * to the codebase. Everything inside every jar must be signed. The jnlp file must contain

<security>
all-permissions
</security>

The code inside the applet that requires the privileges need to be inside a doPrivileged (i.e. Access to hardware, sockets, etc).

If all this is set, then it'll work. At least it did for me.

Sidner
  • 383
  • 4
  • 16