Skip to main content

calling privileged java functions from javascript

5 replies [Last post]
tkram01
Offline
Joined: 2005-12-14

When calling privileged java methods from javascript IllegalAccess errors are thrown unless the java code is surrounded by:

AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
//do something
}
});

or the applet sets it's security manager to null.

Are there any practical differences between these 2 methods assuming you completely trust the javascript calling your applet.

Trevor

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kbr
Offline
Joined: 2003-06-16

Do not set the security manager to null. I assume you have a signed applet. Doing this will open up huge security holes for other applets running in the same JVM.

Use the first construct, which is the correct way of achieving this result.

tkram01
Offline
Joined: 2005-12-14

yes - we have a singed applet. will this also be the case with the new plugin?

kbr
Offline
Joined: 2003-06-16

Yes. The security model in the new plug-in is exactly the same as in the old plug-in, only slightly clarified. In the new plug-in, on all browsers, calls from JavaScript to Java are modeled as though they came from an unsigned applet rooted at the document base. This means that if the document base and code base are different, the resulting call will not have permission to connect back to any server unless AccessController.doPrivileged() is used in the applet's code. If you want elevated privileges in your signed applet, you must use AccessController.doPrivileged().

tackline
Offline
Joined: 2003-06-19

Extreme care should be used when calling AccessController.doPrivileged. See guideline 6-1 of the "Secure Coding Guidelines for the Java Programming Language, version 2.0".

http://java.sun.com/security/seccodeguide.html

stevekemsley
Offline
Joined: 2003-07-03

We use a thread that watches a variable that is set by javascript. Because the thread is invoked outside of the javascript call it has full permissions.