Solved

Urgent: Enigmatic Netscape Security Problem

Posted on 1998-07-16
7
201 Views
Last Modified: 2010-03-30
I have an applet using rmi which produces the attached stack trace in the Netscape Java Console.
The applet offers a remote Object to the server to access (by reference).

I tried to enable the Netscape privileges in my code on applet start up:
...
netscape.security.PrivilegeManager.enablePrivilege("30Capabilities");
...
But it did not work. I tried combinations of UniversalConnect and UniversalAccept. Did not work. I tried to give the SuperUser privilege but I get a ForbiddenTargetException.

What the h... on earth is going wrong? Does anyone know what the problem is?

Regards Ian

Netscape Communications Corporation -- Java 1.1.5
Type '?' for options.
Symantec Java! ByteCode Compiler Version 210.065
Copyright (C) 1996-97 Symantec Corporation
netscape.security.AppletSecurityException: security.Couldn't connect to '160.85.128.161' with origin from 'local-classpath-classes'.
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at java.lang.RuntimeException.<init>(Compiled Code)
  at java.lang.SecurityException.<init>(Compiled Code)
  at netscape.security.AppletSecurityException.<init>(Compiled Code)
  at netscape.security.AppletSecurityException.<init>(Compiled Code)
  at netscape.security.AppletSecurity.checkConnect(Compiled Code)
  at netscape.security.AppletSecurity.checkAccept(Compiled Code)
  at java.lang.SecurityManager.checkAccept(Compiled Code)
  at java.net.ServerSocket.implAccept(Compiled Code)
* at java.net.ServerSocket.accept(Compiled Code)
  at sun.rmi.transport.proxy.HttpAwareServerSocket.accept(Compiled Code)
  at sun.rmi.transport.tcp.TCPTransport.run(Compiled Code)
  at java.lang.Thread.run(Compiled Code)
0
Comment
Question by:e4monsch
  • 3
  • 3
7 Comments
 
LVL 2

Author Comment

by:e4monsch
ID: 1226850
Could it be a Netscape Java bug. I'm using the prerelease of Netscape 4.05 with full Java Awt 1.1.5 support.

Regards Ian

0
 
LVL 5

Expert Comment

by:fontaine
ID: 1226851
3 questions come me in mind. They would clarify the context:

- Does the RMI server run on the same machine as the Web server that delivered the applet?
- Is the applet actually loaded from a server or from the local disk?
- Are you behind a firewall?


0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226852
1. Yes
2. No local classes on the test computer. Every thing is loaded from server.
3. No

The server object utilieses a client object. Everything works well on Sun Activator/Appletviewer. But not in Netscape.

Regards Ian

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 5

Accepted Solution

by:
msmolyak earned 100 total points
ID: 1226853
I assume 160.85.128.161 is the machine where you run both your Web server and RMI server (since it is one and the same machine). This is good (that is it is the way it's supposed to be), and the applet should have no troubles connecting to the server it came from.

Looking at the error message it seems you are loading the applet's classes from the local classpath (even though you do not think so) rather than from the Web server. It is easy to verify. Start your browser and clear the cache (to do the clean experiment). Then open Java Console and turn debug mode on (type 9). After that access your applet. The messages on the console will tell you where each of the Java classes comes from. If it says http://160.85.128.161/...., you are fine. If it says c:\..., then you have a problem.

Check it and post the result.
0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226854
P.S. You can use Capabilities API but I do not think you need it in this case. UniversalCOnnect and UniversalAccept shoul do the job. I do not thing the privilege 30Capabilities exists. There is a browser preference signed.applets.local_classes_have_30_powers which will give the applet loaded locally universal connect privilege. But this is not a long-term solution.
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226855
ms...:Yes you are right. It seems as if there has been a local class somewhere in the system. Could it be that, the browser looks for classes in his cache?

After removing the disk cache every thing went ok. But sadly I had to give my code to the professor two hours ago. So now I have given the pro a unfinished software...

Regards Ian

0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226856
But if the problem is in the cache or CLASSPATH why are you worried? You software should not have anything to do with that.

Browser looks at the cache, than the CLASSPATH on the local machine, then at the ARCHIVE and CODEBASE location from the APLLET tag and probably last at the directory the HTML file with an applet came from.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An old method to applying the Singleton pattern in your Java code is to check if a static instance, defined in the same class that needs to be instantiated once and only once, is null and then create a new instance; otherwise, the pre-existing insta…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This video teaches viewers about errors in exception handling.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now