Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4415413

AccessControlException: access denied appears when applet "phones home"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P2 P2
    • None
    • 1.3.0
    • deploy
    • x86
    • windows_nt



      Name: yyT116575 Date: 02/14/2001


      Java Console reports:
        Java(TM) Plug-In: Version 1.3.0_01

      java -version reports:
        java version "1.3.0_01"
        Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_01)
        Java HotSpot(TM) Client VM (build 1.3.0_01, mixed mode)

      1. Steps to reproduce the problem:

      i) Use a small applet which opens an inputstream for a url which points to the
      same host the applet was loaded from.
      ii) Try this applet inside Netscape 6.01 [Mozilla/5.0 (Windows; U; WinNT4.0; en-
      US; m18) Gecko/20010131 Netscape6/6.01] or Mozilla M18 [Mozilla/5.0 (Windows;
      U; WinNT4.0; en-US; m18) Gecko/20010131]
      iii) The Java Console shows the Exception
           java.security.AccessControlException: access denied
      (java.net.SocketPermission [myhost] resolve)

      2a. sample applet:
      import java.applet.*;
      import java.net.*;
      import java.io.*;

      public class APhoneHome2 extends Applet {

        public String start() {
          String result = null;
          try {
            URL url = new URL( this.getDocumentBase(), "applet.html" );
            InputStreamReader rin = new InputStreamReader( url.openStream() );
            StringBuffer buf = new StringBuffer();
            int chr;
            while ( -1 != (chr = rin.read() ) ) {
              buf.append( (char) chr );
            }
            result = buf.toString();
            System.out.println( result );
          } catch (Exception ex) {
            ex.printStackTrace();
          }
          return result;
        }
      }

      2b. sample HTML page (called "applet.html"):
      <HTML>
      <HEAD>
      <script>
        function run() {
          var loApplet = document.applets["applet1"];
          alert( loApplet.get( "applet.html" ) );
        }
      </script>
      </HEAD>
      <BODY onload="run()">
      <APPLET
        CODEBASE = "."
        CODE = "APhoneHome2.class"
        NAME = "applet1"
        WIDTH = 400
        HEIGHT = 300
        HSPACE = 0
        VSPACE = 0
        ALIGN = middle
      >
      </APPLET>
      </BODY>
      </HTML>

      3. Error mesage:
      ava.security.AccessControlException: access denied (java.net.SocketPermission
      p49985.wdf.sap-ag.de resolve)

      at java.security.AccessControlContext.checkPermission(Unknown Source)

      at java.security.AccessController.checkPermission(Unknown Source)

      at java.lang.SecurityManager.checkPermission(Unknown Source)

      at java.lang.SecurityManager.checkConnect(Unknown Source)

      at sun.plugin.protocol.jdk12.http.HttpURLConnection.connectStep1
      (Unknown Source)

      at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream
      (Unknown Source)

      at java.net.URL.openStream(Unknown Source)

      at APhoneHome2.get(APhoneHome2.java:46)

      at java.lang.reflect.Method.invoke(Native Method)

      at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)

      at java.security.AccessController.doPrivileged(Native Method)

      at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)

      4. trace (at level 5)
      Registered modality listener

      Referencing classloader: sun.plugin.ClassLoaderInfo@33f8f6, refcount=1

      Added trace listener: sun.plugin.navig.win32.AppletPluginPanel
      [applet1,0,0,400x300,invalid,layout=java.awt.BorderLayout]

      Sending events to applet. LOAD

      Sending events to applet. INIT

      Sending events to applet. START

      Determine if the applet requests to install any HTML page

      HTML Installation finished.

      Determine if the applet requests to install any JAR

      Jar cache option: null
      Jar archive(s): null
      Jar cache version(s): null

      Applet Installation finished.

      JavaScript: calling Java system code

      JavaScript: default security policy = http://p49985.wdf.sap-ag.de

      JavaScript: calling Java system code

      JavaScript: default security policy = http://p49985.wdf.sap-ag.de

      JavaScript: UniversalBrowserRead enabled

      JavaScript: UniversalJavaPermission enabled

      Wird ge?ffnethttp://p49985.wdf.sap-
      ag.de/weblab/com.sap.weblab/classes/APhoneHome2.html

      Check for (java.net.SocketPermission p49985.wdf.sap-ag.de resolve) in
      JavaScriptProtectionDomain: java.security.AllPermissionCollection@51e730 (
      )

      5. additional configuration
      The applet resides exactly inside the same loaction (host *and* folder) as the
      HTML page. The URLconnection is opened to this location too.

      We tried to lower the security settings inside the java.policy file:

      grant {
        ...
        permission java.net.SocketPermission "*.sap-ag.de", "accept, connect, listen,
      resolve";
        ...
      }

      and
      grant codeBase "http://p49985.wdf.sap-ag.de" {
        permission java.net.SocketPermission "*.sap-ag.de", "accept, connect, listen,
      resolve";
      };

      without success.

      The same applet inside NS 4.x and MSIE 5.x (with the original browser build-in
      JVM) works fine.
      (Review ID: 116927)
      ======================================================================

            stanleyh Stanley Ho (Inactive)
            yyoungsunw Yung-ching Young (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: