Applet method calling explicitly from JavaScript causes access violation

When applet method is called explicitly from JS to either open a file (applet from file URL), or making a socket connection (applet from a http host), security exception is thrown. This is not supposed to happen because JS should be able to perform these actions through the permissions granted in the applet. This is corresponding to the Bugzilla bug #60120.



ck.prasad@eng 2001-05-01

Customer Problem Description:

  The problem is regarding a security exception when using liveconnect (i.e. a Java applet and JavaScript communicating with each other on the same web page). A web server (Microsoft web server version 4.0) is running, and a specific directory (c:\inetpub) is linked as the root directory. When the Java applet is running, it tries to retrieve a file on the same machine, however a security exception is then thrown at the applet level. This example surprisingly runs fine on internet explorer.

    Notes and comments on the problem:

   1. If the Java applet is running alone with the JavaScript and thus without live connect, it runs fine without any security exception.

   2. The exception reads :

java.security.AccessControlException: access denied (java.net.SocketPermission localhost resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.connectStep1(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.connect(Unknown Source)
at SimpleComm.getURL(SimpleComm.java:73)
at java.lang.reflect.Method.invoke(Native Method)
at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
3. Normally we use a call blocking function i.e. the javascript waits for the reply from the applet. However, if we spawn a thread at the applet level when the URL is passed in then the program works fine!

4. The Javascript resides on URLGettest.htm. In our example where c:\inetpub was set as the root directory, we created a c:\inetpub\test2 which contained the files which are sent as the attachment. At the browser level, after enabling webserver we went to the page "http://localhost/test2/URLGetTest.htm" and at the prompt we typed in " http://localhost/test2/blank.htm". This is where we get the exception, after we click the button geturl.

5. In the file "URLGettest.htm", line 20 is the call in the Javascript which calls the method getURL(String urlStr) in the java applet where the exception is thrown. If you want to try and verify that this works when not using blocking, uncomment line 25, which calls the appropriate method in the applet to test url liveconnect without blocking. Our aim is to get blocking to work i.e. get this sample code to work on Netscape 6 without leading to an exception.

6. We want this code to work on Netscape 6, and we are not worried about other versions of Netscape.