[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Need help with policytool, permissions.

I am developing an applet which needs to send data to another computer over UDP.  I am having trouble giving myself permission to send data from a UDP socket.

I thought that I had granted myself permission to do anything by using the policytool to modify the file c:\winnt\profiles\administrator\.java.policy, but the applet is still causing a security exception.

I don't know if the problem is with my use of the policytool or in my applet.  Does my applet need to request permission to perform the operation?

Help will be much appreciated.
0
garyz31
Asked:
garyz31
  • 14
  • 14
1 Solution
 
objectsCommented:
> Does my applet need to
> request permission to perform the operation?

Nope.

Can we see your policy file?
0
 
garyz31Author Commented:
OK, I've included the policy file below.  I can put my classes in a jar file and sign it, but I was hoping to avoid that during development.
-----------------------------------------------

/* AUTOMATICALLY GENERATED ON Sun Apr 21 18:41:40 EDT 2002*/
/* DO NOT EDIT */

grant codeBase "http://127.0.0.1",
      principal com.sun.security.auth.NTUserPrincipal * {
  permission java.security.AllPermission;
};

0
 
objectsCommented:
Try:

grant codeBase "http://127.0.0.1/-"
{
 permission java.security.AllPermission;
};

Though I'd be wary granting all permissions :)
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
garyz31Author Commented:
No luck.  I even tried

grant codeBase "http://-"
{
permission java.security.AllPermission;
};

but I still get the socketpermission exception.
0
 
objectsCommented:
jic it's not picking up the user policy settings, try changing the system java.policy file (make sure you change the right one).

What version of the plugin are you using?
0
 
garyz31Author Commented:
I have 2 .java.policy files on my machine, but navigator may be using neither of them.  I have edited both of them to be what I posted earlier.  The two files are in
     c:\Program Files\java\2re1.4.0\bin
and     c:\winnt\Profiles\Administrator

How do I determine which version of the plugin Navigator is using?
0
 
objectsCommented:
Not .java.policy, the system policy files are named java.policy

You can find out the version from the Java console.
0
 
garyz31Author Commented:
Still not there.  I've changed every java.policy file on my machine to be

grant codeBase "http://*"
{
permission java.security.AllPermission;
};

byt I still get this stack trace:

java.security.AccessControlException: access denied (java.net.SocketPermission localhost:1024- listen,resolve)

     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)

     at java.security.AccessController.checkPermission(AccessController.java:401)

     at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)

     at java.lang.SecurityManager.checkListen(SecurityManager.java:1128)

     at java.net.DatagramSocket.bind(DatagramSocket.java:326)

     at java.net.DatagramSocket.<init>(DatagramSocket.java:129)

     at AppTest$UDPSendThread.run(AppTest.java:132)

0
 
objectsCommented:
Are you sure you're running the plugin, and not the default JVM?

Don't think your codebase is right: "http://*"
Should be  "http://-" If you want rights to all http url's.

What is the codebase of your applet?


0
 
garyz31Author Commented:
Sorry, it was and is "http://-"

How do I know that I am using the plugin rather than the default JVM?

the URL of my test page is

http://coherentconcept/misc/AppTest.htm

and my class files are in the same folder.
0
 
objectsCommented:
> How do I know that I am using the plugin rather than the
> default JVM?

check which console is being used.
0
 
garyz31Author Commented:
It appears that the plugin is being used.  This is at the top of the console.

Java(TM) Plug-in: Version 1.4.0
Using JRE version 1.4.0 Java HotSpot(TM) Client VM
User home directory = C:\WINNT\Profiles\Administrator

Proxy Configuration: Browser Proxy Configuration

Another thing that is a little odd:

I put the class files in a jar file and signed the jar file with my test certificate.  I specified the jar file in the archive attribute of the <Applet> tah.  I was a little surprised when Internet Explorer popped up information about the test certificate and gave me a chance to grant permission.  I granted it, and the applet ran fine.  Unfortunately, it doesn't seem to make any difference for Navigator 6, still the same stack trace.
0
 
objectsCommented:
> attribute of the <Applet> tag.

I could be wrong but I didn't think that NS supported using the plugin with the <applet> tag. I thought the only way was to use the <embed> tag.
0
 
garyz31Author Commented:
I think we've almost got it.  I clicked refresh in Navigator, got the cert pop-up, granted permission, and the applet ran fine.

I double-checked the IE thing, and sure enough, the cert pop-window is really there.  Verisign has told me that I will have to buy separate certs for the two browsers.  I am using IE 6, so maybe that has something to do with it.
0
 
garyz31Author Commented:
If I remove the "archive" attribute, neither browser runs the applet properly.  I was hoping that I wouldn't have to sign during testing.
0
 
objectsCommented:
Changing the policy file should work.
In fact I just completed a project where we did exactly that.
0
 
objectsCommented:
From what you've told me the permission entry you need is:

grant codeBase "http://coherentconcept/misc/-"
{
   permission java.net.SocketPermission "localhost:1024", "listen,resolve";
};
0
 
garyz31Author Commented:
I wish that I could report that it worked, but it didn't.

I'm wondering if my policy file is in the right place.  I have 4 on my machine, but perhaps none of them is in the right place.  I don't mind so much having extra ones, but I would like to have one that is in the right place.  Wher should the policy file be located?
0
 
objectsCommented:
My two are in:

<jdk>/jre/lib/security
<jre>/1.3.1_01/lib/security

Might also be worth getting rid of all you user policy files. (Maybe an error in these is stopping anything else getting picked up).
0
 
garyz31Author Commented:
Which version of Navigator are you using?  
0
 
garyz31Author Commented:
I looked at the URL below, and it seems to imply that the policy file is in the directory with the applet.

http://java.sun.com/docs/books/tutorial/security1.2/toolsign/wstep4.html
0
 
objectsCommented:
> Which version of Navigator are you using?  

I'm using IE6.
But the browser has nothing to do with the policy file, it is used by the plugin.
0
 
objectsCommented:
> it seems to imply that the policy file is in the
> directory with the applet.

That doesn't make any sense, if you wre loading the applet from a web server (as is the norm) then were would you put it?

No the system policy files are stored in the directory mentioned above. And user policy files I believe are stored in the users home directory.

0
 
garyz31Author Commented:
Is there any environment variable involved?
0
 
objectsCommented:
> Is there any environment variable involved?

no
0
 
garyz31Author Commented:
Finally, success!!!

This file did the job.
------------------------------------------------
grant {

permission java.security.AllPermission;

};
-----------------------------------------------
saved in c:\winnt\profiles\Administrator\.java.policy

I will certainly need to tighten it up, but the applet does work now.  I do almost no web surfing, so there's not too much danger.
0
 
garyz31Author Commented:
Thanks for keeping me pointed in the right direction.
0
 
objectsCommented:
Happy to help :-)

http://www.objects.com.au
Brainbench MVP for Java 1
http://www.brainbench.com
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 14
  • 14
Tackle projects and never again get stuck behind a technical roadblock.
Join Now