?
Solved

"signed applet"-java.security.AccessControlException:access denied(java.net .SocketPermission 216.52.121.14.1521 .....)

Posted on 2003-03-11
29
Medium Priority
?
2,817 Views
Last Modified: 2007-12-19
Hi, when i run my applet the error i got is :

 "-java.security.AccessControlException:access denied(java.net .SocketPermission 216.52.121.14.1521 connect,resolve)

I think i need to sign the applet, but how do i do that.

Pls help,

Best Regards,
Jasbir
0
Comment
Question by:Jasbir21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 11
  • 4
  • +1
29 Comments
 
LVL 92

Accepted Solution

by:
objects earned 400 total points
ID: 8109590
0
 

Expert Comment

by:thushara
ID: 8109645
Following url will teach u all the steps needed in this regard.It's a great tutorial. short & sweet. Hope u'll find ur self out of trouble.
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/index.html
0
 

Author Comment

by:Jasbir21
ID: 8110141
Hi,
 why do i need to sign the applet coz i am using the thin driver.So, do i still, need to sign the applet or is there is any reason i got the error.I mean , how do i get the applet to work without having security prob.Pls help

Best regards,
Jasbir
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 35

Expert Comment

by:girionis
ID: 8110159
0
 

Author Comment

by:Jasbir21
ID: 8110164
Hi, so do i really need to sign the applet.I am very very confuse.
Pls help,

Best Regards,
Jasbir
0
 
LVL 35

Expert Comment

by:girionis
ID: 8110232
 Well you could either sign it or give permissions within your java.policy file. Signing is recommended though since giving permissions will require each user manually changing their java.policy file.
0
 

Author Comment

by:Jasbir21
ID: 8110529
Hi, thanks but someone told me that if i use thin driver, i should avoid using signing coz its dangerous.So, how do i install that policy tool?

Pls help,

Jasbir
0
 

Author Comment

by:Jasbir21
ID: 8110539
Hi again:

But first all do i need it, is there any other way to make the program work.

Best Regards,

Jasbir
0
 
LVL 35

Expert Comment

by:girionis
ID: 8110552
>  i should avoid using signing coz its dangerous

  What do you mean it's dangerous? That's the way things work in a commercial and proffesional environment.

  Anyway, it's up to you how you will make it work. The java.policy file is already installed and it resides under your /lib/security folder.
 
0
 
LVL 92

Expert Comment

by:objects
ID: 8115003
The error you are getting is not caused by the thin driver (at least directly). It is because you are attempting to access a host other than the one the applet loaded from. The default applet permissions only allow an applet to connect to the host it was laoded from.

Saying that if the thin driver is type 3 or 4 then you'll also get a problem using it.

> someone told me that if i use thin driver, i should
> avoid using signing coz its dangerous.

I can't think of any reason that signing would be dangerous.
Ask them why they claim that.

> So, how do i install that policy tool?

It's part of the JDK. But changing the security policy is only an option if you intend applet to be run using Java plugin.



0
 

Author Comment

by:Jasbir21
ID: 8116459
Hi, thanks for the explaination.I decided to signing . I followed the steps  i found . The details is below

These steps describe the creation of a self-signed applet.
This is useful for testing purposes. For use of public reachable applets,
there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).

The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...

1. Create your code for the applet as usual.
It is not necessary to set any permissions or use security managers in
the code.

2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3 path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is *any* password. Only Sun knows why...
perhaps ;-)

3. Generate key: keytool -genkey -keyalg rsa -alias tstkey
Enter keystore password: *******
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
correct?
[no]: yes

(wait...)

Enter key password for tstkey
(RETURN if same as keystore password):

(press [enter])

4. Export key: keytool -export -alias tstkey -file tstcert.crt

Enter keystore password: *******
Certificate stored in file tstcert.crt

5. Create JAR: jar cvf tst.jar tst.class
Add all classes used in your project by typing the classnames in the
same line.

added manifest
adding: tst.class(in = 849) (out= 536)(deflated 36%)

6. Verify JAR: jar tvf tst.jar

Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF
849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class

7. Sign JAR: jarsigner tst.jar tstkey
Enter Passphrase for keystore: *******

8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar

130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF
183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF
920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class

X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
(tstkey)

s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

jar verified.

9. Create HTML-File for use of the Applet by the Sun Plugin 1.3
(recommended to use HTML Converter Version 1.3)

10. Place a link to the .crt file (created in step 4) in the HTML-File.
This .crt file has to be opened by the browser and has to be set to
trusted,
as the root CA for testing is not known to the browser. For use with
"real" certificates, this step should not be necessary.

I needed two long days, to find out these steps. As the documentation at Sun and other Sites is more confusing than cla

I'm working on Microsoft platforms and did not test the steps elsewhere.

These are the steps that i got from a website , i got stuck at creating a link in the html file , how do i create a link in the html file .

I am inserting my html file as well>
<HTML>
<HEAD><TITLE>JDBC Applet</TITLE></HEAD>
<BODY BGCOLOR="brown">
<H2 ALIGN="center">JDBC Applet</H2>
<BR>
<P ALIGN="center">
     
<!--"CONVERTED_APPLET"-->
<!-- HTML CONVERTER -->
<OBJECT
    classid="clsid:CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA"
    WIDTH = 700 HEIGHT = 550  
    codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab#Version=1,4,0,30">
    <PARAM NAME = CODE VALUE = "JDBCApplet.class" >
<PARAM NAME = ARCHIVE VALUE = "JDBCApplet.jar,classes12.zip,nls_charset12.zip" >

    <PARAM NAME="type" VALUE="application/x-java-applet;jpi-version=1.4.0_03">
    <PARAM NAME="scriptable" VALUE="false">
    <PARAM NAME = "JdbcDriver" VALUE ="oracle.jdbc.driver.OracleDriver">
    <PARAM NAME = "JdbcUrl" VALUE ="jdbc:oracle:thin:@216.53.126.14:1521:KLMPMIS">
    <PARAM NAME = "User" VALUE ="combtest">
    <PARAM NAME = "Password" VALUE ="combtest">

    <COMMENT>
      <EMBED
            type="application/x-java-applet;jpi-version=1.4.0_03"
            CODE = "JDBCApplet.class"
            ARCHIVE = "JDBCApplet.jar,classes12.zip,nls_charset12.zip"
            WIDTH = 700
            HEIGHT = 550
            JdbcDriver = "oracle.jdbc.driver.OracleDriver"
            JdbcUrl = "jdbc:oracle:thin:@216.53.126.14:1521:KLMPMIS"
            User = "combtest"
            Password = "combtest"
          scriptable=false
          pluginspage="http://java.sun.com/products/plugin/index.html#download">
              <NOEMBED>
            
            </NOEMBED>
      </EMBED>
    </COMMENT>
</OBJECT>

<!--
<APPLET CODE = "JDBCApplet.class" ARCHIVE = "JDBCApplet.jar,classes12.zip,nls_charset12.zip" WIDTH = 700 HEIGHT = 550>
<PARAM NAME = "JdbcDriver" VALUE ="oracle.jdbc.driver.OracleDriver">
<PARAM NAME = "JdbcUrl" VALUE ="jdbc:oracle:thin:@216.45.126.14:1521:KLMPMIS">
<PARAM NAME = "User" VALUE ="combtest">
<PARAM NAME = "Password" VALUE ="combtest">


</APPLET>
-->


<!--"END_CONVERTED_APPLET"-->

</BODY>
</HTML>

Pls help ,

Jasbir
0
 
LVL 92

Expert Comment

by:objects
ID: 8116599
> how do i create a link in the html file .

Is it necessary?  
I never had to do it in the past (but I haven't used a test cert).
0
 
LVL 92

Expert Comment

by:objects
ID: 8116663
The link I first posted discusses most aspects of signing including creating a link for loading the cert.
0
 

Author Comment

by:Jasbir21
ID: 8117122
Hi, i tried reading each of the sent link .I found out that each link differ from the other in some way or the other and i am so confuse.
Let's say i would like to create a normal link , how do you usu do that?
Pls help,
Thanks in advance,
Jasbir
0
 
LVL 92

Expert Comment

by:objects
ID: 8117149
from the above link:

<a href="x509.cacert">Click to import certificate</a>

But as I already said I have never had to do this previously. I can point to an site running a signed applet as an example if you like.
0
 

Author Comment

by:Jasbir21
ID: 8117297
Hi, please do .Thanks in advance.

Jasbir
0
 
LVL 92

Expert Comment

by:objects
ID: 8117365
If you don't mind registering, have a look at www.evalu8.com.au.
Not sure how much it will help you though as the fact it is signed is fairly transparent from a users perpective. You just get prompted when you load the applet to grant permissions to applet.
0
 

Author Comment

by:Jasbir21
ID: 8117564
Hi, thanks again but i am stuck , i am trying my best to understand that link but i might need help.Pls do help.

 Firstly, i would like to know do i need to buy a certificate if you are developing for an organisation or could the one that i am creating be used.


Pls help,

Jasbir
0
 
LVL 92

Expert Comment

by:objects
ID: 8117591
Sorry, I've never used a test cert with the plugin, always used a bought one. I've only ever used a test cert with the MS VM.
0
 
LVL 92

Expert Comment

by:objects
ID: 8117594
What is the intended purpose for the applet?
If it's going to be for public usage then a test cert is not going to be much use as users are probably not going to trust it anyway.
0
 

Author Comment

by:Jasbir21
ID: 8117625
Hi, sorry i am really new to this signed applet thing.
The applet is being develop for the usage of within the company . (intranet) It needs to be open in IE(Internet Explorer)

  So, what do i do ? I am very confuse.
Pls help.

Best Regards,
Jasbir
0
 
LVL 92

Expert Comment

by:objects
ID: 8117676
From what you've stated above you have already managed to sign your jar with the test cert (correct?).
If so, then try it and see if it works.

The other option as mentioned above would be to change the security policy settings on all clients that need to use the applet.

Another option would be to modify your applet so it was not performing any restricted operations.
0
 

Author Comment

by:Jasbir21
ID: 8117840
I thought i did everything right but when i opened the test.cert window it still calls itself untrusted.

Think would try the above link .

Question 1:

If i sign the applet , do i need to pay for anything since it is being used for the organization and not for individiual purp.

Question 2:
The applet worked in appletviewer when i changed the policy tool
what do i do to load it ie?

Pls help

Jasbir
0
 

Author Comment

by:Jasbir21
ID: 8117843
ie meaning Internet Explorer

Thanks
0
 
LVL 92

Expert Comment

by:objects
ID: 8117911
> , do i need to pay for anything

a real cert will cost you $

> what do i do to load it ie?

Nothing afaik.
Check you updated the correct policy file for your jre.
0
 
LVL 35

Expert Comment

by:girionis
ID: 8118297
>  The default applet permissions only allow an applet to connect to the host it was laoded from.

  I am a bit confused here actually. If the applet is originating from the same host as the database server then there is no point of signing it. If the applet is trying to connect to a database server with different IP address then it needs to be signed in order to acees it.

  If the above holds true then what's the point of signing the applet at all if it does not make any connections to non-originating hosts (Jasbir21 and from what I have udnerstood Jasbir21's applet doesn't)?
0
 

Author Comment

by:Jasbir21
ID: 8118915
Hi: I am very new to this .So, sorry for all the trouble.

I am suppose to develop an applet that  connects to the database( different host ) to a server ( different host ), so i think i need to sign it.
Sorry for all the trouble again,thanks for everything
Pls help,

Jasbir
0
 

Author Comment

by:Jasbir21
ID: 8229266
Thank you so much for the help and trouble you all took to help sign the applet....
....Many times, i posted the question, redundantly, becoz i didn't know the error( i was not specific)but you all took time to help me to solve the question and find the error.

God bless you all
0
 
LVL 92

Expert Comment

by:objects
ID: 8229309
:-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
Suggested Courses
Course of the Month11 days, 8 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question