We have developed a simple Java Applet that creates a TCP Port to listen on 1035 and also fires socket request messages to Port 1034 (which is the listening port of a local service) All TCP communications will be completed throught local host.
The Applet does not use a Java signed certificate as the solution is to designed to work on a local intranet.
However when we start up the applet and we try to fire a test message to the listening port of the applet 1035- the following error was outputted to the Java Console:
Exception in thread "Thread-11" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:2046 accept,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkAccept(Unknown Source)
at java.net.ServerSocket.implAccept(Unknown Source)
at java.net.ServerSocket.accept(Unknown Source)
From the Java Policy (securiy) on the clents machine the following parameters is set:
permission java.net.SocketPermission "localhost:1024-", "listen";
We initially thought this was fine as the Port range covered our required Ports i.e. 1035. However we are unsure why the error message states SocketPermission 127.0.0.1:2046 accept,resolve) referencing Port 2046, when we are firing a test message to Port 1035...........
We followed to modify the Java Policy to indicate the following:
permission java.net.SocketPermission "127.0.0.1:1024-", "listen, accept, connect, resolve";
This removed all the Java Socket communication issues but was a concern, as we appear to have unlocked all the Ports to potential malicious actions.
Therefore we tried to restrict the Port Range in the Java.Policy as illustrated below:
permission java.net.SocketPermission "127.0.0.1:1024-1035", "listen, accept, connect, resolve";
Based on the above's narrow range, when we tried to Test by firing to port 1035 again, we get thefollowingbelow:-
Exception in thread "Thread-11" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:4915 accept,resolve)
How do we restrict the Port Range used by Acces Controland why is there an error message relating to the seeminglyrandom port
The solution is created under Java Version 1.4 and JRE environment is 1.6.