signed applet gives AccessControlException: access denied, when calling from javascript

java javascript applet signed accesscontrolexception
corgrath picture corgrath · Jul 1, 2009 · Viewed 15.5k times · Source

I have an easy self-signed an applet (done with keytool and the jarsigner):

public class NetAppletLauncher extends JApplet {

    private static final long serialVersionUID = 1L;

    public void init() {
        exec("notepad c:/hello.txt");
    }

    public void exec(String command) {

        try {

            // launch EXE and grab stdin/stdout and stderr
            Process process = Runtime.getRuntime().exec(command);
            //      OutputStream stdin = process.getOutputStream();
            InputStream stderr = process.getErrorStream();
            InputStream stdout = process.getInputStream();

            // "write" the parms into stdin
//          stdin.write(arguments.getBytes());
//          stdin.flush();
//          stdin.close();

            // clean up if any output in stdout
            String line = "";
            BufferedReader brCleanUp = new BufferedReader(new InputStreamReader(stdout));
            while ((line = brCleanUp.readLine()) != null) {
                //System.out.println ("[Stdout] " + line);
            }
            brCleanUp.close();

            // clean up if any output in stderr
            brCleanUp = new BufferedReader(new InputStreamReader(stderr));
            while ((line = brCleanUp.readLine()) != null) {
                //System.out.println ("[Stderr] " + line);
            }
            brCleanUp.close();

        } catch (Exception exception) {
            exception.printStackTrace();
        }

    }

}

Basically, what it does, is that it executes 'notepad c:/hello.txt'.

Then i embed the applet in html:

<applet id='applet' name='applet' archive='NetAppletLauncher1.jar' code='src.NetAppletLauncher' width='100' height='100' MAYSCRIPT ></applet>

When i visit the page, JRE starts and asks me if i want to start this applet and if i trust it. I press ok. Then notepad starts - as it should. No problem here.

But then i add this into the HTML-page:

<p class="link" onclick="document.applet.exec('calc');">remote desktop2</p>

Now when i press on this text, calc should start - right? But this gives me:

java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
  • whats up with this? Why does it give me a security exception now, but it could start notepad before?

Answer

Tom Hawtin - tackline picture Tom Hawtin - tackline · Jul 1, 2009

The Java 2 security model requires (roughly) that every frame on the stack must be granted a permission for the access control context (acc) to have that permission. JavaScript is on the stack and does not have file access permissions.

Related questions

access denied (java.net.SocketPermission 127.0.0.1:8080 connect,resolve)

I have a Java Applet inserted on a simple HTML page located at http://localhost:8080/index.html: <applet id="applet" code="SomeCode.class" archive="lib.jar" Width="1" Height="1"></applet> The Java Applet has a method that …

Read More
Accessing scanner at client side from a web page without applet

I want to acces a scanner at client side, before I was using java applet without problem but after chrome has decided to not support java what can I do. If there's solution with JS, Jquery or other language please …

Read More
How can I embed a Java applet dynamically with Javascript?

I want to be able to insert a Java applet into a web page dynamically using a Javascript function that is called when a button is pressed. (Loading the applet on page load slows things down too much, freezes the …

Read More