Date: Mon, 9 Jan 2012 15:34:46 +0200 From: Achilleas Mantzios <achill@smadev.internal.net> To: freebsd-java@freebsd.org Subject: applet security issue Message-ID: <201201091534.46341.achill@smadev.internal.net>
next in thread | raw e-mail | index | archive | help
Hello java freebsd-ers! After struggling for hours in order to even see the digital signature security window appearing for my applet (and i did a lot of things, bundling all libs in one jar, re-signing, etc...) i got to the point where the applet starts, but then gives me a : java.security.AccessControlException: access denied (java.io.FilePermission /usr/local/jboss-6.0.0.Final/paidia2.jpg read) the stack trace is like : java.security.AccessControlException: access denied (java.io.FilePermission /usr/local/jboss-6.0.0.Final/paidia2.jpg read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:284) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.isFile(File.java:793) at org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:67) at org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:88) at org.apache.commons.httpclient.methods.multipart.FilePart.<init>(FilePart.java:178) at com.gatewaynet.web.applets.PhotoJApplet.actionPerformed(PhotoJApplet.java:285) PhotoJApplet.java:285 reads : FilePart filePart = new FilePart(thisfile.getName(),thisfile.getName(),thisfile,"image/jpeg",null); The funny thing is that the very same signed applet reads the contents of the /usr/local/jboss-6.0.0.Final/ without problem: String fname=imgPath + "/"+photos[i].filename; ImageIcon icon = new ImageIcon(fname); Its only when the IO is called from within apache's httpclient that i get the problem. (pls do not get confused, here jboss wears the hat of the dummy firefox user, nothing j2ee involved!) Any info would be great. -- Achilleas Mantzios IT DEPT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201091534.46341.achill>