0

I have three classes, one called Capture, AppletLogging and AbstractJLabel. I have set the following permissions in my %USERPROFILE%/.java.policy file:

grant codeBase "file:/C:/project/abc/target/test-classes/-" {
  permission java.util.logging.LoggingPermission "control";
};

All classes are in the codeBase from the grant above. When Capture calls a static method in AppletLogging everything works ok. When AbstractJLabel calls the same static method in AppletLogging then I get

java.security.AccessControlException: access denied (java.util.logging.LoggingPermission control)

This runs in the Sun java plugin version 6 update 35. Does anyone have an explanation? I get the same error even if I all the following to the grant codeBase block:

  permission java.security.AllPermission;

Note that Capture and AbstractJLabel invoke the static method from a static block.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
mario
  • 25
  • 1
  • 8
  • 18
  • Jar and digitally sign the code if the applet needs trust. I do not understand why people bother with policy files for applets. A policy file is not suitable for deployment except to machines you control, and if that is the case, JWS is probably a better distribution option. – Andrew Thompson Sep 11 '12 at 22:24
  • (Note that static initialisers are unfortunately not treated specially by the "Java 2 Security Model". The stack-based security checking goes through the class loader and back out into whatever code happened to cause the class initialisation.) – Tom Hawtin - tackline Sep 12 '12 at 13:08

1 Answers1

1

It turned out that the issue I was facing was because of the fact that whenever I got the AccessControlException, the thread that had been running was invoked from Javascript. Let me explain, on the page where the applet is hosted, I have a reference to the applet tag. It is possible to invoke public instance methods on the Java applet class from Javascript variable referencing the applet tag. In that case, the thread, even though it is running code from the applet (or the jar that contains the main applet class) it will not inherit the permission from the applet code base as the call came from outside. The solution is to invoke the java code that requires the permission inside a AccessController.doPrivileged.

mario
  • 25
  • 1
  • 8
  • 18