access denied (java.net.SocketPermission 127.0.0.1:8080 connect,resolve)

PropellerHead picture PropellerHead · Nov 9, 2010 · Viewed 78.8k times · Source

I have a Java Applet inserted on a simple HTML page located at http://localhost:8080/index.html:

<applet id="applet" code="SomeCode.class" archive="lib.jar" Width="1" Height="1"></applet>

The Java Applet has a method that looks similar to the code below:

public void PostStuffToServer() {
  String server = "http://localhost:8080/PostHandler.ashx";
  URL u = new URL(server);
  URLConnection con = u.openConnection();
  con.setDoOutput(true);
  con.getOutputStream().write(stream.toByteArray());
  con.connect();
}

When I execute the applet code from JavaScript like so:

obj = document.getElementById('applet');
obj.getClipboardImageURL();

I get the following error:

access denied (java.net.SocketPermission 127.0.0.1:8080 connect,resolve)

It seems like the Java code resolves the domain localhost to its equivalent IP address and therefore raises a cross domain security restrain. It works fine when I execute the same code from http://127.0.0.1:8080/index.html. The lib.jar file is signed.

Is there anyway to avoid this?

Answer

Kristian picture Kristian · Nov 10, 2010

I encountered the same problem after installing Java 6 Update 22. My applet has been online for several years with no reported errors. When I downgrade to version 6 Update 21, everything works perfect. My applet is not signed.

SOLUTION: It took me ha while to find the cause of the problem. Actually in my case there were several factors causing the security error. The problem was solved by the crossdomain.xml file. The Java applet tried to download the crossdomain file, failed, and did not even bother to display an error in the java console (debug level 5). Java tried to download the file from the ip adress of my domain (http://ip-address/crossdomain.xml), and not the root of my website (http://domain-name/crossdomain.xml). I guess it is better for the security aspect? I then had to configure the webserver to expose the crossdomainfile on the IP address. In my case I have removed the default website in ISS for security reasons, and had to create a new website. I then discovered that the java applet did not work with the crossdomain files i use with flash:

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
   <allow-access-from domain="*" />
</cross-domain-policy>

I had to remove the site-control and allow-http-request-headers-from nodes from the xml file in order to make the applet work.