9

I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one.

In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control.

The question is that when i try to put my code to work in the browser it fails with the following error:

java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve)

Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didn't work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides.

Appreciate any tips, thanks.

Bozho
  • 588,226
  • 146
  • 1,060
  • 1,140
makdere
  • 113
  • 1
  • 1
  • 5
  • When i try to run my client code after starting server from the console as follows, i am able to make recognized my own policy file that resides in my home directory: appletviewer -J-Djava.security.policy=mypolicy.policy file:///home/xxx/NetBeansProjects/project/src/index.html But when i try to run from IDE, it fails :s – makdere Apr 10 '10 at 09:52
  • signing the applet jar(s) may be a bit easier to manage. Saves you having to install a policy file on every box you want it to run on. – objects Apr 10 '10 at 09:59

5 Answers5

11

by default I think it looks for a file named .java.policy in your home directory

you can check the file /lib/security/java.security to see where it looks. check the keys named policy.url.n

objects
  • 8,637
  • 4
  • 30
  • 38
  • 1
    Renaming my own created policy file to .java.policy after checking /lib/security/java.security in order to find out where java looks for the policy file, it worked. Thanks every1 for the tips. – makdere Apr 11 '10 at 11:06
  • if your problem is solved then please click the tick next to the comment (on the left) that helped you. – objects Apr 11 '10 at 23:32
  • what is the windows equivalent of this path `/lib/security/java.security` ? – Shiplu Mokaddim Jun 19 '12 at 23:26
  • Look in the directory where the JRE is installed, typically in Program Files – objects Jun 20 '12 at 01:09
3

You can set the location of the security policy file by using this command-line option

-Djava.security.policy=policyfilepath

with the java command.

Or you can even set this propery using the System.setProperty() procedure.

Marko
  • 20,385
  • 13
  • 48
  • 64
sdflkj
  • 31
  • 1
  • How is this applicable to an applet? Furthermore I doubt that setting the system property after the JVM has already started is effective. – davmac Dec 09 '14 at 22:40
0

Place the policy file where the JRE is.

For instance, my policy file is located at C:\Program Files\Java\jre1.6.0_01\lib\security

colinjwebb
  • 4,362
  • 7
  • 31
  • 35
0

I strongly suggest respecting the same-origin policy. Security implications are not necessarily obvious at the best of times. Also, an applet with standard permissions has better usability and should be easier to maintain.

Tom Hawtin - tackline
  • 145,806
  • 30
  • 211
  • 305
0

If you grant a permission to a specific JAR (codebase), this only works if the whole execution stack from the start of the thread to the method invocation is in that codebase/protection domain.

If your method is alibrary, and you are sure that you access the operation safely, you can use a Priveledged Block, which essentially makes sure the part of the stack calling your block is not considered in the access calculation.

Privileged Block, as described here:

http://docs.oracle.com/javase/6/docs/technotes/guides/security/doprivileged.html

Greetings Bernd

eckes
  • 10,103
  • 1
  • 59
  • 71