Loading...

freebsd-java@freebsd.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

applet security issue Achilleas Mantzios Wed Feb 01 03:06:31 2012

Hello java freebsd-ers!

After struggling for hours in order to even see the digital signature security 
window appearing for my applet (and i did a lot of things, bundling all libs 
in one jar, re-signing, etc...)
i got to the point where the applet starts, but then gives me a :
java.security.AccessControlException: access denied (java.io.FilePermission 
/usr/local/jboss-6.0.0.Final/paidia2.jpg read)

the stack trace is like :

java.security.AccessControlException: access denied (java.io.FilePermission 
/usr/local/jboss-6.0.0.Final/paidia2.jpg read)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
        at 
java.security.AccessController.checkPermission(AccessController.java:553)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at 
net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:284)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
        at java.io.File.isFile(File.java:793)
        at 
org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:67)
        at 
org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:88)
        at 
org.apache.commons.httpclient.methods.multipart.FilePart.<init>(FilePart.java:178)
        at 
com.gatewaynet.web.applets.PhotoJApplet.actionPerformed(PhotoJApplet.java:285)

PhotoJApplet.java:285 reads :

FilePart filePart = new 
FilePart(thisfile.getName(),thisfile.getName(),thisfile,"image/jpeg",null);

The funny thing is that the very same signed applet reads the contents of the 
/usr/local/jboss-6.0.0.Final/ without problem:

String fname=imgPath + "/"+photos[i].filename;
                         ImageIcon icon = new ImageIcon(fname);

Its only when the IO is called from within apache's httpclient that i get the 
problem.

(pls do not get confused, here jboss wears the hat of the dummy firefox user, 
nothing j2ee involved!)


Any info would be great.

-- 
Achilleas Mantzios
IT DEPT
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-java
To unsubscribe, send any mail to "[EMAIL PROTECTED]"