Can we still use Smack in applets?

Noticed some earlier comments on this but didn’'t see any resolution. Using Smack 2.2.1 and trying to set up a secure connection back to the server from an applet, I get:

java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:26 4)

at java.security.AccessController.checkPermission(AccessController.java:427)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)

at java.lang.System.getProperty(System.java:627)

at org.jivesoftware.smack.ConnectionConfiguration.(SXMPPSession.java:29)

at us.cccounty.cws.xmpp.ChatAp.init(ChatAp.java:36)

at sun.applet.AppletPanel.run(AppletPanel.java:378)

at java.lang.Thread.run(Thread.java:613)

From my limited research it appears that this query for the client-side java.home property is a) a fairly recent feature in Smack, and b) a deal-breaker for applets. (I tried signing my applet, but that didn’'t help.) (And yes, the applet is from the same server.)

So can anyone please tell me if there’'s a workaround for secure connections from applets?

  • Art

Hey Art,

Here are a couple of suggestions.

  1. Which Java version are you using? Based on this bug report server certificates are no longer good for signing applets. If you are using Java 1.5 or later then try changing your signing the applet with a coding signing certificate instead.

  2. Have you tried setting the system property java.home.applet to true?

  3. Which security manager are you using? Check out the one that is being shown here. That securoty manager will let you set the system property java.home.applet to true so you can access java.home.

If all of these suggestions still fail for you let me know. We can code a workaround in the Smack code.

Regards,

– Gato

Gato -

Yes, it’‘s a 1.5 thing. Alas, I’‘m not anxious to spend $500 on a code-siging certificate, nor can I count on being able to modify all my clients’’ properties or security managers.

(Background: I’'m a local government employee trying to incorporate simple groupchat into an AJAX dashboard for controlling some local systems.)

Anyway, I’‘m not wanting to authenticate the clients at this level, only to encrypt their connections back to the server. So if there’‘s a workaround possible I’'d sure appreciate it.

Thanks!

  • Art

Poking around the source a bit, it looks like the trouble starts when the constructor for ConnectionConfiguration tries to figure out where client-side certificates would be stored… even though with the default settings it doesn’'t look like those local certs are going to be referenced anyway.

So I wonder if that particular check might be moved out of the constructor and only performed if-and-when necessary. (I tried to hack the source to that end and had partial success, but then got lost in chasing side-effects and had to admit I was in over my head.)

  • Art

I’'m having the same problem with an applet that I am trying to write. Has anyone been able to get it working?

Thanks,

Giordano

I use smack 2.2.1 in an applet with a SSLXMPPConnection with no issue. I don’'t remember having to do anything special except sign the applet. I used a self-signed cert.