I have mobile application in which I have added mobile file browsing. But when ever I try to open some directory or some file, it raises exception that application is trying to access mobile data.
So how do I overcome this error? If somebody could also tell me that how overcome security exception while install the application?
Actually this is not an error. You are using JSR-75. So permission needed for accessing file from memory card or phone memory.
This is not coding related issue. Basically this type of confirm alert asking for security purpose. Because you are using JSR-75.
In this purpose, You need to sign your application with at least any 3rd party signature like one from Verisign or Thrawte and then go to the application settings - permissions - and set permission for "Access User Data" as "Ask only Once" or "Allow Always" (these settings might not be available for your unsiged app on the device.)
If you facing this Issue on the emulator, go to preferences and MIDP tab, set the application domain to Trusted and set permission as "Allow Always". For more info, see here...
Signing sites are,
Thawte
Verisign
Java Verified
Related
Could you help me?
I have a question about permission required by using admob in my application. Are these permissions really necessary? I've found some app on PlayStore they are using ads without any permissions? How can I do it?
Thanks for your suggestions
The internet access permission does not by default show up when you are downloading an app under the permissions that the app uses (i.e. "The app requires no special permissions to run." In this example the app could still use internet access. Google simply gave every app the permission, however you still need to declare that you use the permission in your application). If you have checked the permissions manually (using a program) and the application does not use the internet access permissions then the "ads" are likely just pictures that when clicked open your browser. Thus they require no internet access.
However to use admob the INTERNET ACCESS permission is required, the reason you don't see it is because Google no longer states whether application have this permission or not.
Internet permission is required now. Although, existing app with no Internet permission still works.
I have a self signed application, when i load it in browser it give this warning (Do you want to run this application) each time. I don't want this pop up to appear. I have tried all the settings in java configure setting.
https://www.java.com/en/download/help/java_blocked.xml
Java has further enhanced security to make the user system less
vulnerable to external exploits. Starting with Java 7 Update 51, Java
does not allow users to run applications that are not signed
(unsigned), self-signed (not signed by trusted authority) or that are
missing permission attributes.
WORKAROUND
It is highly recommended not to run these types of applications. However if you still want to run these apps, run only if you understand the risks and implications.
As a workaround, you can use the Exception Site list feature to run the applications blocked by security settings. Adding the URL of the blocked application to the Exception Site list allows it to run with some warnings.
Steps to Add URLs to the Exception Site list
Go to the Java Control Panel (On Windows Click Start and then Configure Java)
Click on the Security tab
Click on the Edit Site List button
Click Add in the Exception Site List window
Add url to Exception Site list
Click in the empty field under the Location field to enter the URL
I have an Applet that is required to run with some privileges, meaning a warning message will be displayed when it loads. If the user denies the warning message I would like to redirect to an error page and explain what happened. Is there any way to do this?
I looked in to having a timer running and redirect after a certain time period but that's not that exact and it would be nice to catch the response from the pop-up instead.
The following exception is thrown if the user denies the warning:
java.lang.SecurityException: attempted to open sandboxed jar [jar-file]
as a Trusted-Library
The exception is thrown before reaching the init function.
I looked in to having a timer running and redirect after a certain time period ..
..extend that to add a JS function that cancels the timer, then call that JS from the applet, is about the best protection you can get.
A try/catch on security related matters can work for some JREs that load applet sand-boxed if the security prompt is refused, but other run-times (notably the Iced Tea JRE) will not load the applet at all if the security prompt is refused.
I have an Applet that is required to run with some privileges.. Basically we store a file there, the file can be any file and the size can therefore be any value. The user will choose this file themselves and they can choose anything from a 1kb textfile to a many-gigabyte movie. ..
If the user can be guaranteed to have a 'Next Generation' - Plug-In 2 JRE (mentioned in the applet info. page), it is possible to the use the JNLP API in an embedded applet. The JNLP services provide access to the local disks for a sand-boxed app. See this demo of the JNLP file services.
But there is a slight hitch. There is no option to persist the path to the file chosen by the user. In this lesser security environment, the JRE does not provide a File but instead a JNLP API FileContents object. It will not provide a path and is not serializable. But if the user is willing to choose the file each run, it could be workable.
..and that reminds me. Perhaps a better alternative for launching trusted apps. is to offer a free-floating (applet or) frame using Java Web Start. If the user refuses, it never appears on-screen, but they can click the launch button again any time they like (to be prompted again).
i'm trying to connect to a mysql server (which is on the same machine right now, as in i'm connecting to localost (I'm using Windows and have Apache, PHP, Mysql and phpmyadmin installed) yet I can connect fine to the server running the application in Netbeans, yet if I run the applet in the browser, it fails to connect, I get this error:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.
Do you have any idea what could cause this? As far as I know, it's all connecting to my local machine right now. What could be the problem, the MySQL server or apache, or the java application, and how could I solve it? Thanks.
I attempted to sign the applet and I think it signed it, but it's till giving me this error though. Thanks.
By default, Java enforces something similar to Javascript's Same Origin Policy: untrusted applets may only open a network connection to the server from which they were downloaded, but cross-domain access is prohibited.
To overcome this, signing the applet is required but on its own not sufficent yet for granting extended permissions, you also have to state explicitly what permissions you require. To test if it works, try granting AllPermission first, you can still fine-tune this afterwards.
An easy way to grant AllPermission is by deploying the applet using JNLP, add
<security>
<all-permissions/>
</security>
to your JNLP deployment descriptor.
Next, ensure that all Jars referenced by the applet are signed using the same certificate. It's not enough to sign only the applet Jar file.
In the "Java Control Panel", make sure that in "Advanced/Security" you
Allow user to grant permissions to signed content
That should solve it.
A simple check to see whether signing was really successful:
Open the Jar file with something like WinZip, go to the META-INF folder and check whether there exist two additional files next to MANIFEST.MF - one ends in .SF, the other one most probably in .RSA.
I have a java applet that is downloaded to a user's browser when they visit a webpage and allows them resumable file uploads to my server. Obviously, this requires the applet to access the user's hard disk, which I understand is outside the regular sandbox applets can run in. The user sees a security warning popup which asks for their permission to allow this applet to run.
I have signed the applet using verisign and the link from where is applet is fetched is over SSL with a versigned cert. None of these make the warning go away.
Is there a way to make all warnings go away? Can anyone explain what is going on behind the scenes?
JNLP has a FileOpenService which allows the untrusted Java Webstart applications to show a File Open dialog to the user and access the file the user selected:
http://docs.oracle.com/javase/1.5.0/docs/guide/javaws/jnlp/javax/jnlp/FileOpenService.html
You can't avoid this message, it would be a security issue if you could.
Granting Applets Permission
If you tried to run the applet example, you undoubtedly saw errors when you clicked the Click Me button. This is because the Java 2 Platform security does not permit an applet to write to and read from files without explicit permission.
An applet has no access to local system resources unless it is specifically granted the access. So for the FileUIAppl program to read from text.txt and write to text.txt, the applet has to be given the appropriate read or write access permission for each file.
Access permission is granted with a policy file, and appletviewer is launched with the policy file to be used for the applet being viewed.
What you can do is having a configuration (a policy file) to allow this applet to use some files. But you would have to do this manually (for obvious security reasons). Check the link below.
Resources :
oracle.com - Applets, File Access and Permissions