Trying to make an applet with clojure

122 views
Skip to first unread message

William Robinson

unread,
Feb 23, 2008, 9:58:13 AM2/23/08
to clo...@googlegroups.com

Using the 2008-02-13 release, I've been trying to see if I could get
Clojure working via an applet. I've attached my java stub, (bad) html
and clj file. This applet should basically just dispatch the key
functions to the clojure. I'm not sure about the file readers (bit rusty
on java), but it's failing on the RT.init() call...


> javac -classpath clojure.jar ClojureAppletTest1.java
> appletviewer ClojureAppletTest1.html
Couldn't initialize Clojure runtime: Pop without matching push
java.lang.IllegalStateException: Pop without matching push
at clojure.lang.Var.popThreadBindings(Var.java:224)
at clojure.lang.RT.init(RT.java:224)
at ClojureAppletTest1.init(ClojureAppletTest1.java:22)
at sun.applet.AppletPanel.run(AppletPanel.java:419)
at java.lang.Thread.run(Thread.java:619)


Any ideas appreciated.
Regards
Bill.

ClojureAppletTest1.clj
ClojureAppletTest1.html
ClojureAppletTest1.java

Bill Robinson

unread,
Feb 24, 2008, 5:52:49 AM2/24/08
to Clojure

Actually, I have found that the pop error masking this error:

Couldn't initialize Clojure runtime: access denied
(java.lang.RuntimePermission createClassLoader)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission createClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:
323)
at
java.security.AccessController.checkPermission(AccessController.java:
546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:
594)
at java.lang.ClassLoader.<init>(ClassLoader.java:201)
at
clojure.lang.DynamicClassLoader.<init>(DynamicClassLoader.java:24)
at clojure.lang.Compiler.load(Compiler.java:3416)
at clojure.lang.RT.init(RT.java:243)
at clojuredispatch.DispatchApplet.init(DispatchApplet.java:43)
at sun.applet.AppletPanel.run(AppletPanel.java:419)
at java.lang.Thread.run(Thread.java:619)

I'm not a java security policies expert, so I'm pondering the
feasibility of getting clojure to work in an applet at all now. If
anyone has any advice how I might be able to override this, or the
minimum amount of effort required for the user I'd appreciate it. I'm
thinking of allowing them to set policies with a couple of clicks,
maximum.

Also, it makes me wonder about the RT.init() method in general... as
that finally { pop } error could mask other errors in there. That
stack trace is against the latest SVN trunk@696.

Regards,
Bill.

Ted Neward

unread,
Feb 24, 2008, 7:02:22 AM2/24/08
to clo...@googlegroups.com
Ah, permissions....

Applets are generally forbidden from creating custom ClassLoaders, which is
why you're running afoul of the permission check below. Is this running in a
JVM whose java.policy file you have access to? Is it running in the Java
Plug-In environment, for example?

The other alternative is to create a signed applet (numerous tutorials all
over the web), which I think then lifts all restrictions. (I haven't tried
to do applets post-Java 1.1, so I can't say 100% for certain, but I'm
reasonably sure.) Your users would get a "do you trust this thing" message
box, and then all should be good again.

As for the bottom half of your message, I can't help you there--I know the
JVM Really Really Well (TM), but nothing about Clojure. :-)

Ted Neward
Java, .NET, XML Services
Consulting, Teaching, Speaking, Writing
http://www.tedneward.com

> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.20.9/1294 - Release Date:
> 2/22/2008 6:39 PM
>

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.20.9/1294 - Release Date: 2/22/2008
6:39 PM

Bill Robinson

unread,
Feb 24, 2008, 11:26:23 AM2/24/08
to Clojure
Thanks for the idea. I have made a self-signet applet, but it's still
coming up with the same error. :( I'm guessing I need to go a step
further and start defining some security policies alongside this
certificate too. So I'm going to try to work out:
a) if i can do this for a jar applet,
b) how to, and
c) which permissions to grant.

I'll post back here with any luck I have, unless someone with some of
this expertise is willing to give me a pointer and head me off.

ttfn


On Feb 24, 12:02 pm, "Ted Neward" <ted.new...@gmail.com> wrote:
> Ah, permissions....
>
> Applets are generally forbidden from creating custom ClassLoaders, which is
> why you're running afoul of the permission check below. Is this running in a
> JVM whose java.policy file you have access to? Is it running in the Java
> Plug-In environment, for example?
>
> The other alternative is to create a signed applet (numerous tutorials all
> over the web), which I think then lifts all restrictions. (I haven't tried
> to do applets post-Java 1.1, so I can't say 100% for certain, but I'm
> reasonably sure.) Your users would get a "do you trust this thing" message
> box, and then all should be good again.
>
> As for the bottom half of your message, I can't help you there--I know the
> JVM Really Really Well (TM), but nothing about Clojure. :-)
>
> Ted Neward
> Java, .NET, XML Services
> Consulting, Teaching, Speaking, Writinghttp://www.tedneward.com

Ted Neward

unread,
Feb 24, 2008, 11:24:29 PM2/24/08
to clo...@googlegroups.com
(a) means finding the JRE from which the applet is executing--this is
probably going to be dependent on whether you're using a browser with the
JVM built-in (are there any of those anymore?) or else finding out where the
JavaPlugIn is installed.

(b) means editing Java Policy files--this is actually much easier than it
might seem. Look for the java.policy file in jre/lib/security once you've
figured out the JRE ((a), above).

As for (c), you can use -Djava.security.debug=access to help out; for
example, doing that with clojure from the command-line gives us:

C:\Prg\clojure-svn\trunk>java -Djava.security.debug=access
-Djava.security.manag
er -jar clojure.jar
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks
)
access: access allowed (java.security.SecurityPermission
getProperty.policy.expa
ndProperties)
access: access allowed (java.security.SecurityPermission
getProperty.policy.igno
reIdentityScope)
access: access allowed (java.security.SecurityPermission
getProperty.policy.allo
wSystemProperty)
access: access allowed (java.util.PropertyPermission
sun.security.policy.utf8 re
ad)
access: access allowed (java.util.PropertyPermission
sun.security.policy.numcach
es read)
access: access allowed (java.util.PropertyPermission java.security.policy
read)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.
1)
access: access allowed (java.util.PropertyPermission java.home read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\securi
ty\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\securi
ty\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\securi
ty\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\securi
ty\java.policy read)
access: access allowed (java.util.PropertyPermission java.ext.dirs read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\ext\*
read)
access: access allowed (java.io.FilePermission C:\WINDOWS\Sun\Java\lib\ext\*
rea
d)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.
2)
access: access allowed (java.util.PropertyPermission user.home read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.ja
va.policy read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.ja
va.policy read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.ja
va.policy read)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.
3)
access: access allowed (java.util.PropertyPermission
java.security.auth.policy r
ead)
access: access allowed (java.security.SecurityPermission
getProperty.auth.policy
.url.1)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.
jar read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.
jar read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.
jar read)
access: access denied (java.lang.RuntimePermission createClassLoader)
Exception in thread "main" java.lang.IllegalStateException: Pop without


matching
push
at clojure.lang.Var.popThreadBindings(Var.java:224)

at clojure.lang.RT.init(RT.java:240)
at clojure.lang.Repl.main(Repl.java:24)

C:\Prg\clojure-svn\trunk>

... and this is with the stock java.policy file that comes with the JDK. So
iteratively, this would give you the basic list of permissions you need to
grant your applet.

If you don't want to run it iteratively, at the risk of perhaps missing one
or two checks along the way, you can run it with a java.policy that grants
AllPermission to all ProtectionDomains; when you do, you get this list:

access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.security.SecurityPermission
getProperty.policy.expandProperties)
access: access allowed (java.security.SecurityPermission
getProperty.policy.ignoreIdentityScope)
access: access allowed (java.security.SecurityPermission
getProperty.policy.allowSystemProperty)
access: access allowed (java.util.PropertyPermission
sun.security.policy.utf8 read)
access: access allowed (java.util.PropertyPermission
sun.security.policy.numcaches read)
access: access allowed (java.util.PropertyPermission java.security.policy
read)
access: access allowed (java.util.PropertyPermission user.dir read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\java.policy read)
access: access allowed (java.io.FilePermission .\java.policy read)
access: access allowed (java.util.PropertyPermission user.dir read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\java.policy read)
access: access allowed (java.util.PropertyPermission java.ext.dirs read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\ext\* read)
access: access allowed (java.io.FilePermission C:\WINDOWS\Sun\Java\lib\ext\*
read)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.1)
access: access allowed (java.util.PropertyPermission java.home read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\security\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\security\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\security\java.policy read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\security\java.policy read)
access: access allowed (java.util.PropertyPermission java.ext.dirs read)
access: access allowed (java.io.FilePermission
C:\Prg\jdk1.6.0_01\jre\lib\ext\* read)
access: access allowed (java.io.FilePermission C:\WINDOWS\Sun\Java\lib\ext\*
read)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.2)
access: access allowed (java.util.PropertyPermission user.home read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.java.policy read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.java.policy read)
access: access allowed (java.io.FilePermission C:\Documents and
Settings\Ted\.java.policy read)
access: access allowed (java.security.SecurityPermission
getProperty.policy.url.3)
access: access allowed (java.util.PropertyPermission
java.security.auth.policy read)
access: access allowed (java.security.SecurityPermission
getProperty.auth.policy.url.1)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.jar read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.jar read)
access: access allowed (java.io.FilePermission
C:\Prg\clojure-svn\trunk\clojure.jar read)
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
[ snip -- lots more of the same (suppressAccessChecks) ]
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.RuntimePermission
accessClassInPackage.sun.reflect)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
[ snip -- lots more of the same (suppressAccessChecks) ]
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.RuntimePermission createClassLoader)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.RuntimePermission createClassLoader)


And that's just up through the clojure REPL prompt; you'd then have to run
your Clojure code to see what other permissions are implicitly requested as
part of your code paths.

Hope that helps....

Version: 7.5.516 / Virus Database: 269.21.0/1296 - Release Date: 2/24/2008
12:19 PM

Reply all
Reply to author
Forward
0 new messages