security1.2

Strickland, Fred (fstrickland@cap.af.mil)
Fri, 12 Mar 1999 14:08:43 -0600

From: "Strickland, Fred (HQ CAP/DOKF)" <fstrickland@cap.af.mil>
To: "'tutorial@java.sun.com'" <tutorial@java.sun.com>
Subject: security1.2
Date: Fri, 12 Mar 1999 14:08:43 -0600

Good afternoon,

Excellent information! I worked through all the steps including downloading
the Java 1.2 plug-in for Netscape Navigator.

I was able to use appletviewer from the DOS command line and access the
example on the Java.Sun.Com web page. I was able to copy your example code
(WriteFile.java) and compile it with Java 1.2 and place the applet on my web
page (http://www.tsum.edu/~flstrickl/JDK12Class/WriteFile.html and it worked
from the command line. But....

When I try clicking on WriteFile applet, I receive an error message:

writeFile: caught security exception: netscape.security.A.....

I checked my copy of Netscape Navigator and I see that Java 1.2 is listed in
the plug-in lists. So I don't understand why I am getting the error
messages.

Also I have written a java program that can be run as a stand alone or as an
applet. This program reads two files, creates two temp files and does some
other things. When it runs as a stand alone application, it does what is
supposed to do. When I run the applet from the BIN directory of
VisualCafeWDE, the applet runs and does the I/O correctly. When I attempt
to run the applet with JDK1.1.6, JDK1.1.7, or JDK1.2, it doesn't run. When
I try to use the command line "trick" to access the applet on my web page,
it displays the starting applet message. Then it gives a quick status
message that I can not read and it ends with "Start: applet not
initialized." When I end the applet, I see a long series of messages on the
DOS screen. Here are those lines:

What I typed: appletviewer
http://www.tsum.edu/~fstrickl/JDK12Class/DLX.html

java.security.AccessControlException: access denied
(java.util.PropertyPermission user.dir read)
at
java.security.AccessControlContext.checkPermission(Compiled Code)
at java.security.AccessController.checkPermission(Compiled
code)
at java.lang.SecurityManager.checkPermission(Compiled Code)
at java.lang.SecurityManager.checkPropertyAccess(Compiled
Code)
at java.lang.System.getProperty(Compiled Code)
at FileViewer.<init>(FileViewer.java:64)
at FileViewer.<init>(FileViewer.java:22)
at DLX.<init>(DLX.java:583)
at java.lang.class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.jva:39)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:532)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:468)
at sun.applet.AppletPanel.run(Compiled Code)
at java.lang.Thread.run(Thread.jva:479)

When I attempt to launch this same applet from my web page, I receive an
error message about not being able to find DLX class which is strange
because I have confirmed that the file is present.

I have written Netscape about this problem, but I haven't received an
answer.

I hope you can explain what is going on. I realize that this is a new
feature and that bugs will appear sometimes. (Do you know about the bug in
the policytool? When it opens, it looks for C:\Windows/java.policy. The
second bar is pointing in the wrong direction.)

Once I know that your program will work within Netscape, then I can look at
my applet and see what bugs might exist. For example, does the applet have
permission to write to the host computer directory? Or does in it only have
access to the calling computer's resources? (My program write now only
writes to the host computer directory.)

Thank you for working through this long message.

FRED L. STRICKLAND

PS I forgot to tell you, the applet works because (I guess) that
VisualCafeWDE is running JDK1.1.4.

====================================================

'aptex_response@netscape.com'

I need information about Java 1.2/2.0. Other applets run through the
Netscape software, but not those from Java1.2/2.0 which Involves I/O. I
have gone to the java.sun.com web page to learn about the new abilities of
applets under Java1.2/2.0. I have downloaded the plug-in and the Netscape
software does acknowledge that it has the Java 1.2 plug-in. I have used the
DOS command line to execute the sample I/O-ing applet and it runs nicely.
But when I try to do this from within Netscape, security warning messages
are issued. So what is going on?