Applet security

Elias · January 30, 2007, 4:43pm

Hi,

I have done a small application that I just converted to an applet. I signed it with a certificate I generated myself. When I load the html page I get a popup asking me to accept the certificate so everything seems fine there. What makes this even more strange is that it has worked a few times, however most of the times I get the message listed below, even though the certificate should have given me allpermission(s) right?

Would appreciate any help or suggestions.

Regards

Elias

java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:26 4)

at java.security.AccessController.checkPermission(AccessController.java:427)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)

at java.lang.System.getProperty(System.java:628)

at org.jivesoftware.smack.ConnectionConfiguration.(XMPPConnection.java:187)

at jabberClient.connect(jabberClient.java:15)

at jabberClient.init(jabberClient.java:28)

at sun.applet.AppletPanel.run(AppletPanel.java:378)

at java.lang.Thread.run(Thread.java:595)

Elias · January 30, 2007, 7:07pm

forgot a few relevant details. The jabber server I am contacting in the script is on the same domain as where the html+applet is. By default java should allow me to open socket towards this server so signing should not even be necessary.

I have unjared smack and “rejared” it together with my .class file to make sure everything is signed aswell.

Would appreciate any hints if anyone has had similar problems,

Thanks

Elias · January 30, 2007, 9:46pm

Got some more info, my applet works now but only if the xmppconnection is called by a native java method.

I tried to create a java function that creates the xmppconnection and then call it with javascript and then I get the same problem.

I guess I can workaround this by having the applet fetch userdetails from javascript instead of the other way around but it would be nice to be able to pass userdetails in a javascript call.

Elias · January 31, 2007, 1:13pm

Another applet security issue.

When I try to call this function from a javascript I get a security violation aswell:

public void joinMUC(String nick, String room)

{

try

{

MultiUserChat muc = new MultiUserChat(connection,room);

muc.join(nick);

muc.sendMessage(“hi there”);

/~~- if I remove theese lines below it works to pass the message~~-/

PacketListener pl = new PacketListener()

{

public void processPacket(Packet packet)

{

callback(“MUCMessage”,packet); //register callback handler for incomming message

}

};

muc.addMessageListener(pl);

/**----

**/

}

catch(XMPPException xmppe)

{

System.out.println(“could not join room:”+xmppe.toString());

}

The error I get is below, everything in the jar packet is totally unjared and rejared and signed:

java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException

at java.security.AccessController.doPrivileged(Native Method)

at sun.plugin.liveconnect.SecureInvocation$2.run(SecureInvocation.java:204)

at java.security.AccessController.doPrivileged(Native Method)

at sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:183)

at sun.plugin.navig.motif.AThread.handleRequest(Native Method)

at sun.plugin.navig.motif.AThread.JNIHandleLoop(AThread.java:35)

at sun.plugin.navig.motif.AThread.run(AThread.java:27)

Caused by: java.lang.reflect.InvocationTargetException

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)

at java.lang.reflect.Method.invoke(Method.java:585)

at sun.plugin.javascript.invoke.JSInvoke.invoke(JSInvoke.java:19)

at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)

at java.lang.reflect.Method.invoke(Method.java:585)

at sun.plugin.javascript.JSClassLoader.invoke(JSClassLoader.java:44)

at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:572 )

… 7 more

Caused by: java.lang.SecurityException: class “jabberClient$1”’'s signer information does not match signer information of other classes in the same package

at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)

at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)

at java.lang.ClassLoader.defineClass(ClassLoader.java:614)

at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)

at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:163)

at java.lang.ClassLoader.loadClass(ClassLoader.java:306)

at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:119)

at java.lang.ClassLoader.loadClass(ClassLoader.java:251)

at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)

at jabberClient.joinMUC(jabberClient.java:62)

… 17 more

java.lang.ClassCastException: org.jivesoftware.smack.packet.DefaultPacketExtension

at org.jivesoftware.smackx.muc.MultiUserChat.getMUCUserExtension(MultiUserChat.jav a:1955)

at org.jivesoftware.smackx.muc.MultiUserChat.access$600(MultiUserChat.java:46)

at org.jivesoftware.smackx.muc.MultiUserChat$8.processPacket(MultiUserChat.java:21 75)

at org.jivesoftware.smack.PacketReader$ListenerWrapper.notifyListener(PacketReader .java:822)

at org.jivesoftware.smack.PacketReader.processListeners(PacketReader.java:260)

at org.jivesoftware.smack.PacketReader.access$100(PacketReader.java:43)

at org.jivesoftware.smack.PacketReader$2.run(PacketReader.java:72)