1

I am attempting to connect to an SQL database using a JApplet. However, I get a SecurityException:

com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: 

** BEGIN NESTED EXCEPTION ** 

java.net.SocketException
MESSAGE: java.security.AccessControlException: access denied ("java.net.SocketPermission" "162.243.229.150:3306" "connect,resolve")

STACKTRACE:

java.net.SocketException: java.security.AccessControlException: access denied ("java.net.SocketPermission" "162.243.229.150:3306" "connect,resolve")
    at com.mysql.jdbc.StandardSocketFactory.unwrapExceptionToProperClassAndThrowIt(StandardSocketFactory.java:407)
    at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:268)
    at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:271)
    at com.mysql.jdbc.Connection.createNewIO(Connection.java:2771)
    at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    at me.nrubin29.cubesorter.MySQL.setup(MySQL.java:24)
    at me.nrubin29.cubesorter.MySQL.access$100(MySQL.java:8)
    at me.nrubin29.cubesorter.MySQL$1.run(MySQL.java:35)
    at java.lang.Thread.run(Thread.java:744)


** END NESTED EXCEPTION **



Last packet sent to the server was 1 ms ago.
    at com.mysql.jdbc.Connection.createNewIO(Connection.java:2847)
    at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    at me.nrubin29.cubesorter.MySQL.setup(MySQL.java:24)
    at me.nrubin29.cubesorter.MySQL.access$100(MySQL.java:8)
    at me.nrubin29.cubesorter.MySQL$1.run(MySQL.java:35)
    at java.lang.Thread.run(Thread.java:744)
Exception in thread "Thread-38" java.lang.NullPointerException
    at me.nrubin29.cubesorter.MySQL$1.run(MySQL.java:38)
    at java.lang.Thread.run(Thread.java:744)

I have tried using AccessController#doPrivileged, but that didn't help. How do I grant permission to use a socket with my applet?

nrubin29
  • 1,522
  • 5
  • 25
  • 53
  • Are the applet and DB on the same server? Why is the applet allowed to directly interact with the DB? It should be forced to work through a web based API. – Andrew Thompson Apr 26 '14 at 10:38
  • They are on the same server. I am allowing the direct connection because I don't know how to write a web-based API. – nrubin29 Apr 26 '14 at 15:41
  • this is a new behavior in java 8. Probably the same issue as http://stackoverflow.com/questions/23189650/new-java-security-accesscontrolexception-in-java-8 – ddyer Apr 27 '14 at 20:32

3 Answers3

2

See these:

java.net.SocketPermission in Applet

Can signed applets connect with a different host from which they originate?

If your applet is not signed, you need to make sure your applet
is loaded from the server to which it is trying to open a socket.
Then this will work.

Community
  • 1
  • 1
peter.petrov
  • 38,363
  • 16
  • 94
  • 159
1

Unsigned Applets have a number of restrictions applied to them. One of the restrictions is that they can't open network connections to hosts other than the one hosting the applet.

There are a few ways around this:

  1. Sign the applet. The obvious problem with this is that you need an application signing certificate.
  2. Host the DB server on the same machine as the applet.
  3. Write a WebStart application instead (although it probably has the same problem).
Powerlord
  • 87,612
  • 17
  • 125
  • 175
  • The MySQL server *is* on the same server as the web server. – nrubin29 Apr 25 '14 at 21:30
  • @nrubin29 Are you using the same IP/address from the applet and webserver? – Powerlord Apr 25 '14 at 21:32
  • I tried this: `String database; if (Viewer.DESKTOP) database = "---"; else database = "localhost";`. I also added the `:3306` to the end, so don't worry there. Here's the new error: `MESSAGE: java.security.AccessControlException: access denied ("java.net.SocketPermission" "[fe80:0:0:0:0:0:0:1%1]:3306" "connect,resolve")` – nrubin29 Apr 25 '14 at 21:43
0

This is a new breakage in java 8 - it appears that sandboxed applets are not allowed to use sockets at all.

A partial solution is to change the applet to request all-permissions. This changes the scary dialogs the user has to click through a little, but not much more ominous than he already has to.

-- and of course, due to previous security calisthenics, the jars have to be signed using a trusted certificate.

ddyer
  • 1,792
  • 19
  • 26