1

I am creating a socket connection with an unsigned applet to a different host and I'm getting java.security.AccessControlException: access denied

If I sign this applet with either "self-cert" or "CA cert" does the applet gain the permissions to create a socket connection to a different host (not the same host it was downloaded from) and does a security message popup if its been certified by a CA?

Thanks

Roman C
  • 49,761
  • 33
  • 66
  • 176
Adam
  • 85
  • 1
  • 2
  • 4

2 Answers2

4

If you don't sign the applet, the code which is accessing local resources won't be executed in any way.

If you sign the applet with a self-cert, the enduser would only get a warning message which asks for permission. You however still need to wrap the call inside an AccessController#doPrivileged(). 

public void init() {
    AccessController.doPrivileged(new PrivilegedAction<Object> {
        @Override public Object run() {
            // Put your original init() here.
            return null;
        }
    });
}

If you sign the applet with a $$$-cert, the enduser won't get a warning message.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • There should be no need to use `doPrivileged` if there is no untrusted code on the stack. The warning dialog is much the same whether the certificate is valid or self-signed. – Tom Hawtin - tackline Jul 20 '10 at 16:13
  • I guess a cross domain socket connection is untrusted though? – Adam Jul 20 '10 at 16:30
0

You should see an appropriate dialog for the certificate, unless disabled or that certificate is always accepted. Only if the user agrees is the code given full privileges.

A better approach would be to stick to connecting to only the same-origin host.

Tom Hawtin - tackline
  • 145,806
  • 30
  • 211
  • 305