java.net.SocketPermission in Applet

Question

I'm developing an applet that requires to save a text file on the server. After wrestling with this problem for a while I stumbled on the internet on the Lynlin.class which can send files using ftp connection. That works fine provided I add to my C:\Program Files\Java\jre7\lib\security\java.policy file a following line:

permission java.net.SocketPermission "192.168.33.15:*", "connect, accept ,resolve, listen";

If I try to run this applet from the computer that did not have the java.policy file edited I get the following error:

java.security.AccessControlException: access denied 
    ("java.net.SocketPermission" "192.168.33.15:21" "connect,resolve")*

Does anybody know how could I get rid of this problem other than editing java.policy file at each and every computer that will be using this applet?

Just to claryfy:

my applet at the moment is not signed, but the server with which it tries to send a file is the same at which the applet is located
the http and ftp server are microsoft IIS running on the Windows Server 2003 (ip 192.168.33.15)

The exact URL is "\\pwaidc9\intranet\Inetpub\RDE\Locked_programs\Programs_report.html" and is located on one of our company intranet servers (pwaidc9 is 192.168.33.15). All the .class files as well as a file that I want to upload are in the "Locked_programs" and that folder is also a root folder for the ftp server. — Przemek, Sep 06 '12 at 13:48
Andrew, that was it. I referenced the page with the applet incorectly (`href="file://pwaidc9...`). I changed the link reference to `http://pwaidc9..` and it worked as a charm, applet works fine on all computers. Thank you for the help, I would never think about that. — Przemek, Sep 07 '12 at 09:14

score 2 · Answer 1 · answered Sep 06 '12 at 14:05

2

The exact URL is "\pwaidc9...

That's not a URL. It is a Windows UNC file name. You downloaded the applet from a file system, not a TCP host at all, so you can't connect to it with a socket.

Sign the applet.

answered Sep 06 '12 at 14:05

user207421

305,947
44
307
483

score 1 · Accepted Answer · answered Sep 07 '12 at 09:44

1

As EJP alluded to, the address delivering the applet, and the address of the server, seem to be different to the JRE that is running the applet.

It is necessary to access the HTML via the server (an http://.. address).

answered Sep 07 '12 at 09:44

Andrew Thompson

168,117
40
217
433

score -1 · Answer 3 · answered Sep 06 '12 at 11:41

-1

There is no way for an applet to do network connections without explicit permissions to allow such activity in the client machine environment. This is so for the security of the client machine. All applets by default run in a restricted sandboxed environment.

answered Sep 06 '12 at 11:41

Drona

6,886
1
29
35

3

Completely incorrect. All applets can open sockets to the server they were loaded from, and signed applets can open sockets to anywhere. -1. – user207421 Sep 06 '12 at 13:22
Yes but only from the domain it is loaded from and none other. – Drona Sep 06 '12 at 14:21
1

Wrong again. A signed applet can open a socket to anywhere. – user207421 Sep 06 '12 at 22:57

java.net.SocketPermission in Applet

3 Answers3

Linked