Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Applet security policy

3 views
Skip to first unread message

Jon

unread,
Jun 4, 2003, 9:20:42 AM6/4/03
to
I'm trying to run an applet that retieves the system properties, but
when the call is made I get an exception:

java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:267)
at java.security.AccessController.checkPermission(AccessController.java:394)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1241)
at java.lang.System.getProperties(System.java:483)

I've tried putting

permission java.util.PropertyPermission "*", "read,write";

into my .java.policy file in my home directory, and in every other
policy file I can find on my system, but with the same result. I've
also tried accessing one of the default properties (e.g.
file.seperator) directly, but get the exception:

java.security.AccessControlException: access denied
(java.util.PropertyPermission file.seperator read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:267)
at java.security.AccessController.checkPermission(AccessController.java:394)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1273)
at java.lang.System.getProperty(System.java:555)

This is one of the properties that should be available to all applets!

The only thing I can think of is that the system is trying to locate a
policy file in a location that doesn't have one, and so is using
defaults. Is there any way of telling if a policy file is being used,
and if so which one, and if not where it's looking?

Thanks in advance for any help.

Jon

Michael Amling

unread,
Jun 4, 2003, 11:58:07 AM6/4/03
to
Jon wrote:
> I've
> also tried accessing one of the default properties (e.g.
> file.seperator) directly, but get the exception:

If you really tried file.seperator, try again with file.separator.

--Mike Amling

Artur Wystub

unread,
Jun 4, 2003, 12:03:43 PM6/4/03
to
Hi Jon,

Open the file C:\j2sdk1.4.1\jre\lib\security\java.security and verify if
there are
folowing lines:

policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

This is the searching order for policy files.
The first line looks for java.policy in the JRE directory.
The second looks in the user home directory.

Next add following lines to your user .java.policy file.

grant codeBase "file:/c:/yourpath/to/the/applet" {
permission java.util.PropertyPermission "*", "read, write";
};

when you view the applet from your file system or:

grant codeBase "http://www.yourdomain.org/yourpath/to/the/applet" {
permission java.util.PropertyPermission "*", "read, write";
};

in the case of access to a web server.

Cheers

Artur Wystub
http://artur.wystub.bei.t-online.de
-----------------------------------------------------------


Jon

unread,
Jun 5, 2003, 10:00:56 AM6/5/03
to
Thanks for your replies. As Mike pointed out the problem with
file.separator is that I can't spell. However the problem still exists
for non-default properties e.g. java.home and for loading all
properties.

I checked the java.security file and the settings for policy.url.x
were as you suggested. I also tried adding the grant for the codebase
but this made no difference. I actually had the grant:

permission java.util.PropertyPermission "*", "read, write";

in my default permissions granted to all domains. I'm stumped...

Thanks for your help so far. Any further suggestions gratefully
received.

Cheers
Jon

0 new messages