we have this problem: we want to save files or print from java applet in browser, but this could not be easily implemented, as java applets don't seem to have rights for calling OS services. Is there any way to implement these two functionalities (maybe with server help etc.). What would you suggest?
Thank you in advance
For accessing resources outside the Applet sandbox, you'll need to sign your Applet, and set up the access privilieges at a policy file.
Here you can find a quite complete guide on Applets Security.
Well the solution was very simple :). In Netbeans -> Project properties -> Application/Web Start/{check the self-signed checkbox}. That's it with all certifications
Tomas is right. But probably I can suggest you a workaround. You can implement your print through browser. This does not require additional security permissions and applet might be unsigned.
To call javascript API from applet the applet must have attribute MAYSCRIPT and use netscape.javascript.JSObject. Yes, netscape! The name remained as a monument for this died browser.
Related
I am writing a Java file uploader applet, but I simply could not figure the following issue out. (The uploader is very specialised, therefore we could not just use a stock solution). I have a self-signed applet, which I am trying to test locally, but I cannot get it to read local files. I have Permissions:all-permissions declared in the manifest.
If I add
<param name="permissions" value="all-permissions" />
to the applet tag , it throws
com.sun.deploy.security.BlockedException: User has denied the privileges to the code
If I avoid this, it throws
java.security.AccessControlException: access denied ("java.io.FilePermission" PATH_TO_FILE" "read")
BlockedException is thrown in the first case, even though when the Java plugin asks me about security issues, I always say "don't block", in order for this code to run.
Any ideas how I can test this? Or could you point me to an open source Java uploader applet implementation I could inspect? Of course, the deployed version of this software will be signed with a trusted certificate, but I need a means to test it....
Thank you!
Update
Here is what needs to be done:
Given a web application which we developed, this application needs a lot of small files from the local filesystem. So, we need to iterate over a directory structure and inspect files in order to find those that the web app needs. This is very cumbersome by hand, therefore we need to automate this.
I thought of two other approaches:
JNLP-applet, however, its API can only display a FileChooser for single or multiple files, but not for a directory
A plain old Java client application, which will find the files it needs and upload them to the server via an API. This client can then be launched via Java Web Start.
..Do you have any more ideas?
What you are trying to do is generally frowned-upon as this is exactly how systems are compromised with Java installed. The operation you want to do is privileged, you will need to run your code in a privileged mode, and, most likely, create a policy file to allow this to work on the client machine. There's a short, concise tutorial on http://www.coderanch.com/how-to/java/HowCanAnAppletReadFilesOnTheLocalFileSystem.
Now, please, this is actually a VERY BAD IDEA. Is there no way that you could rather write a JavaScript page that will perform this upload via some API call at all? That way, you are not bypassing the browser security to perform the upload.
The Java Applet approach is an out-dated, dangerous and down-right nasty solution, and no amount of signing, policy files or tweaks will make this a safe alternative. I'm a huge Java fan, but if there's one thing that gives me nightmares, it's the Java browser plug-in - there's just never a good reason for using it, not when you consider how incredibly unsafe it is. Of course, don't get me started on Flash...
Your idea of using a plain Java client, loaded via Web Start, seems to be the best solution. That way, once installed, your application would have full access to the underlying file system. Of course, this also opens up the debate of whether this is really a situation for using Java in the first place, but that's a whole other kettle of fish.
to do this you have to sign your applet.
keytool -genkey -keystore myKeyStore -alias me
keytool -selfcert -keystore myKeyStore -alias me
jarsigner -keystore myKeyStore jarfile.jar me
A self signed applet working off a local server1 should be able to access the local file-system. It might be necessary to lower the security level in the Java Control Panel. Oracle is in a process of tightening the security of applets, so it will depend on which exact JRE version is loading the applet.
It seems the security environment of an applet loaded off the local file-system is tighter than if it were loaded from localhost. See this answer for details.
I agree with your assessment that the the JNLP based file chooser is unsuited to this task. As you mentioned, it is for working with file resources, not directories. Even worse, I noticed a small applet that I had developed using the JNLP based file open services was throwing NullPointerException while browsing around, with associated odd visual behavior in the chooser itself. Totally inadequate.
As the top poster for applet questions, I strongly actually warn against embedding an uploader in a web page. The biggest problems:
It creates further problems with browser/JRE/JavaScript/applet interaction bugs
It creates a non-resizable GUI. There are ways to create a resizable applet, but last time I checked, they were not reliable across browsers.
So in the end, I recommend using a fully trusted (i.e. all-permissions) app. that uses either the Swing JFileChooser or a variant of the File Browser GUI opened from a free-floating, JNLP launched JFrame. If the use-case is simple enough, we might even be able to dispense with the frame itself, and (visually) go directly to the file chooser.
The 'free-floating' approach will not work in a web-app. that requires JavaScript interaction. If the web-app. requires that, we come back to 'applet', and that is where you'd look to use the doPrivileged(..) functionality you mentioned in a comment. The reason being that if a method is called programmatically by JS, the Java based security manager detects that some frames in the stack are not trusted (the JS), and therefore puts everything back in the sand-box - even if the Java code was originally trusted.
I want to read the web address of all open windows. As soon as the window closes, I should know it too.
One way to do this is by asking the user to download a firefox plugin. This plugin should monitor the user web address.
But is this possible? How to go about executing it. I am pretty decent in Java and PHP.
EDIT:
What if the user wants to give permission to access all the websites he or she visits?
I want to display in a visual manner the statistics of the sites being visited by users who grant permission.
As noted, this cannot be done with standard JavaScript/DOM methods that run inside a page, for security and privacy reasons.
You could definitely do it with a Firefox add on, plugin or extension.
I suggest reading the Firefox addons developer guide and the Developer Hub in general. The language used to develop for Firefox is JavaScript.
nsIWindowMediator can be used to enumerate open windows, and properties can be obtained through the nsIDOMWindow objects. As explained here,
"While you can use JavaScript to get child windows opened from the parent window, you cannot get dialogs or windows that have no relation to that window. To overcome this limitation, nsIWindowMediator makes it possible to access all of Firefox's windows."
this likely violates the same origin policy, which rules this out
it basically controls the code so that it does not read anything it did not create
so no spying can be done
No, this would be a major security and privacy issue.
This is definitely a security violation similar to sniffing; and would require certain privileges to run on each platform (such as an activeX or plugin or a privileged applet).
However, this can be done using javascript only the page containing the script it self is responsible for opening windows (meaning not all windows such as window opened by user) - if that is what you are looking for, let me know.
I would like to know if the following can be done in flash/Java:
I have an ASP.NET web site from which I need to be able to print/send a specific set of instructions to a code-bar printer. Since this can't be done from javascript, I thought maybe a client side app/plugin (Flash, Java) could do it.
Do any of you know if this can be done? where can I find how to do it?
many thanks in advance!
It is possible to print in Java, for a website you could develop a Java applet. There is an official Java website available about printing which includes API documentation and tutorials. The only catch is because of the Java security model the applet needs to be signed.
Here is another link from Java about signing applets. Note that you are able to create your own signature (as opposed to having one from a certificate authority), it will just pop up a warning when the applet loads, which may be ok depending on the audience of your website.
I would like to create a folder selector for my application which will only run on Internet Explorer Browsers (IE6+).
I would like to get the full folder path a user wishes to use via a HTML browse button or similar and then pass this to my server side application which is written in PHP! This can not be done via JavaScript for security reasons so I am looking for any other alternative that will work.
I had implemented a solution using a Java Applet but this did not work out as it didn't work on IE6, plus the browser security is locked down where I am deploying this app, meaning I am unlikely to get away with an applet.
The current solution is getting the user to paste in the folder location into a textfiel, this isn't acceptable any more.
Any implementation advice welcome!
Thanks all
If your app is IE only you can create a simple ActiveX Control with only one method:
HRESULT BrowseForFolder([out] BSTR folderName);
ATL Wizard will give you major portion of code.
But I would consider using flash for this:
It is more widely used then Java (I
think so).
ActiveX is strongly depends on
browser's security options and more annoying to install.
Your task is rather small, so it can
be implemented without deep skills, if you not familiar with flash
Is it possible for a website to automatically run an external .exe file upon visiting? That is, an .exe file that is not already on the client file system. If so how is this possible? Also, i've read about the use of HTA files or ActiveX components or Java in this process. Is it possible for a java applet to write code to a client's file system upon visiting a website? I understand this is a serious security concern, please enlighten me further. Thank you.
it's possible, the app (exe or applet) must be signed and granted permission by the user in order to run. even still the user's security policy may deny it, but it's possible..
java trusted applet info:
http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
signed activex control:
http://dedjo.blogspot.com/2007/07/creating-exposing-and-signing-activex.html
It really sounds like what you need is a browser plugin;
check out FireBreath: http://firebreath.googlecode.com
it will allow you to create a c++ plugin that will run on almost any windows browser, and you can do whatever you need with it.
Note that the user will have to install the plugin/ActiveX control first, and that you need to be very careful with security considerations (i.e. make sure nobody can run arbitrary code on the remote computer)