Skip to main content

Applet to Read Files?

7 replies [Last post]
sunsett
Offline
Joined: 2004-04-07

Though I would much rather use JWS, I think the only way to really do what I'm trying to do is in an applet. I've gotten everything to work perfectly for the applet apart from the exception I get when I try to read a file from the file system:

java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\mhicks\Desktop\screenshot.png read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.FileInputStream.(Unknown Source)
at org.jseamless.flex.applet.JSLSupportApplet.acceptDragUpload(JSLSupportApplet.java:182)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

This is a signed JAR and if possible I'd like some way to be able to request read access to the file (this is for drag-and-drop support in an application). I know I can modify my policy file but that is just silly to expect anyone that wants to use this applet to have to go and add something to their policy file to allow it to gain access.

My question is, is there ANY way that I can gain access to read a dropped file without requiring anything more complicated than "Are you sure you want to give this application complete unrestricted access to your filesystem?" question. :o

I would be fine using Web Start for this as well, but I need to know where the inner document's global 0, 0 position is for what I'm trying to do and I don't believe that's possible, right (I'm doing it in the applet by determining the position of the applet and styling it to be positioned at 0, 0 in the document)?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kbr
Offline
Joined: 2003-06-16

Sorry for the long delay, but in order to get your code to work portably you need to put an AccessController.doPrivileged() block in your acceptDragUpload() call. The issue is that calls in from JavaScript are treated as calls from untrusted code. When the security check is being done currently, it's walking up the stack checking the permissions of all visible stack frames including the frame which models the JavaScript call as coming from untrusted code. Using AccessController.doPrivileged() will prevent the stack from being traversed above that call. Note that you should be sure that you aren't opening up any security holes before adding such a call to your signed applet. Consult the documentation on the [url=http://java.sun.com/javase/technologies/security/]Java 2 security model[/url] for more detailed information.

Note that going forward the security model for JavaScript calls made in to Java is going to look more like the current situation on IE on all browsers.

tmehrvarz
Offline
Joined: 2008-01-13

> you should be sure that you aren't opening up any security holes before..

But how to do this? Would it be possible to sign the parent Web document (the one containing the calling JavaScript code) and then verify it's signature from within the applet? If it was possible to retrieve the Web document signature, it should be possible to compare it against the applets own getClass().getSigners(), before running any critical code.

kbr
Offline
Joined: 2003-06-16

Assume it isn't possible to verify the parent document. You should treat the inputs from JavaScript as untrusted and make sure you aren't doing anything unexpected on behalf of the calling JavaScript.

mthornton
Offline
Joined: 2003-06-10

Is this Vista by any chance? If so then that is the cause of your problem.

sunsett
Offline
Joined: 2004-04-07

No, it's not Vista and I've tested this against both IE 6 and IE 7. It would seem there is a security feature in IE that is non-standard and is either a bug or a Microsoft "feature" (not sure there's really much difference actually) that adds extra restraints upon the applet.

At this point it looks like my only option is to push a policy file to the user before they'll be able to load the applet. Any alternatives would be greatly appreciated since I REALLY don't like that idea.

rituraj_tiwari
Offline
Joined: 2005-07-06

I wouldn't be surprised if IE 7 on XP has the same restrictions as Vista where ActiveX controls (Java plugin is one) can only write within the browser sandbox. We let the Java plugin create and read from files in Java's default temp folder only. This seems to work pretty well with Vista and IE7.

sunsett
Offline
Joined: 2004-04-07

Okay, I've determined that my code actually works as it should on Firefox (I can read the file from the filesystem without any trouble) but IE is refusing to read the file with that nasty exception I posted above.

Is there any way around this or am I stuck with issues with security on different browsers?