Jsvs Applet - Socket Communication Exception

mikesung99
mikesung99 used Ask the Experts™
on
Hi,

We have developed a simple Java Applet that creates a TCP Port to listen on 1035 and also fires socket request messages to Port 1034 (which is the listening port of a local service) All TCP communications will be completed throught local host.

The Applet does not use a Java signed certificate as the solution is to designed to work on a local intranet.

However when we start up the applet and we try to fire a test message to the listening port of the applet 1035- the following error was outputted to the Java Console:

Exception in thread "Thread-11" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:2046 accept,resolve)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkAccept(Unknown Source)
      at java.net.ServerSocket.implAccept(Unknown Source)
      at java.net.ServerSocket.accept(Unknown Source)
      at tntcctapplet.Listner_Class.Listener_Loop(Listner_Class.java:128)
      at tntcctapplet.Listner_Class.run(Listner_Class.java:73)

From the Java Policy (securiy) on the clents machine the following parameters is set:

permission java.net.SocketPermission "localhost:1024-", "listen";

We initially thought this was fine as the Port range covered our required Ports i.e. 1035. However we are unsure why the error message states SocketPermission 127.0.0.1:2046 accept,resolve) referencing Port 2046, when we are firing a test message to Port 1035...........

We followed to modify the Java Policy to indicate the following:

      permission java.net.SocketPermission "127.0.0.1:1024-", "listen, accept, connect, resolve";

This removed all the Java Socket communication issues but was a concern,  as we appear to have unlocked all the Ports to potential malicious actions.

Therefore we tried to restrict the Port Range in the Java.Policy as illustrated below:

      permission java.net.SocketPermission "127.0.0.1:1024-1035", "listen, accept, connect, resolve";

Based on the above's narrow range, when we tried to Test by firing to port 1035 again, we get thefollowingbelow:-

Exception in thread "Thread-11" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:4915 accept,resolve)

How do we restrict the Port Range used by Acces Controland why is there an error message relating to the seeminglyrandom port

The solution is created under Java Version 1.4 and JRE environment is 1.6.








Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Mick BarryJava Developer
Top Expert 2010

Commented:
why is this an applet?

Author

Commented:
All part of the project requirements to have a Java Applet embedded to a HTML page to enable socket communications.
Mick BarryJava Developer
Top Expert 2010

Commented:
so much more practical to just sign the jars

Author

Commented:
If you sign the Jar would the user viewing the applet, always need view a certificate to accept that Applet is as a trusted application.... ?
Java Developer
Top Expert 2010
Commented:
no, the certificate is used to sign the applet.
The user just gets prompted to 'trust' the (signed) applet

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial