0

I have an applet, that does file signing using a certificate from smartcard, that means several extra permissions needed to get it working: loading .dll as file on local machine, creating temp files etc.

All involved jars are signed and started as Java Web Start.

I find confusing, that when full logic is called from init() method, everything works fine:

public void init() {
    try {
        File directory = new File("C:/Temp");
        deployPKCS11Library(directory);

        testFullCycleOnApplet("C:/somefile.txt");
    } catch (Exception e) {
        e.printStackTrace();
    }
}

If I will take testFullCycleOnApplet out of my init method and run it on button click after initialization, I will get:

java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.io.tmpdir" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)...

Does init method has more rights to perform restricted stuff ? In JNLP file I have set

<security>
    <all-permissions /> 
</security>
Artemix
  • 2,113
  • 2
  • 23
  • 34
Aziris
  • 157
  • 2
  • 9
  • Welcome to Stack Overflow! This site is dedicated to many programming languages. Please add an appropriate language, framework or technology tag to your questions to get relevant answers. – Artemix Aug 02 '13 at 13:36

1 Answers1

0

There appears to be a ready answer to this question :

Does AccessController.doPrivileged give JavaScript threads the permissions of the signed Applet?

The main reason I had this different security profile for separate function call is fact that it got invoked from JavaScript! This way it works well, not that is is a nice way to do it - most probably you would do some particular things in privileged context.

@SuppressWarnings({ "unchecked", "rawtypes" })
public void testFullCycleOnApplet(final String fileName){
    AccessController.doPrivileged(new PrivilegedAction() {
        public Object run() {
            doFullCycleOnApplet(fileName);
            return null; // nothing to return
        }
    });
}
Community
  • 1
  • 1
Aziris
  • 157
  • 2
  • 9