AccessControlException

Discussion in 'Java' started by Roedy Green, Jun 13, 2005.

  1. Roedy Green

    Roedy Green Guest

    I have been blithely reading files via URL from an Applet. They
    worked fine locally, but with Java 1.5 I'm getting
    AccessControlExceptions. I should have been getting these all along.

    Any comments on this?
    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 13, 2005
    #1
    1. Advertising

  2. Roedy Green

    Roedy Green Guest

    On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    <> wrote or quoted :

    >I have been blithely reading files via URL from an Applet. They
    >worked fine locally, but with Java 1.5 I'm getting
    >AccessControlExceptions. I should have been getting these all along.
    >
    >Any comments on this?
    >--


    Is an unsigned Applet supposed to be able to read arbitrary files from
    the server it came from with

    url = new URL( getDocumentBase(), "../xxxx.ser" );
    URLConnection urlc = (URLConnection)url.openConnection();
    urlc.setAllowUserInteraction( false );
    urlc.setDoInput( true );
    urlc.setDoOutput( false );
    urlc.setUseCaches( false );
    urlc.connect();
    InputStream is = urlc.getInputStream();

    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 13, 2005
    #2
    1. Advertising

  3. Roedy Green

    Roland Guest

    On 13-6-2005 6:31, Roedy Green wrote:
    > On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    > <> wrote or quoted :
    >
    >
    >>I have been blithely reading files via URL from an Applet. They
    >>worked fine locally, but with Java 1.5 I'm getting
    >>AccessControlExceptions. I should have been getting these all along.
    >>
    >>Any comments on this?
    >>--

    >
    >
    > Is an unsigned Applet supposed to be able to read arbitrary files from
    > the server it came from with
    >
    > url = new URL( getDocumentBase(), "../xxxx.ser" );
    > URLConnection urlc = (URLConnection)url.openConnection();
    > urlc.setAllowUserInteraction( false );
    > urlc.setDoInput( true );
    > urlc.setDoOutput( false );
    > urlc.setUseCaches( false );
    > urlc.connect();
    > InputStream is = urlc.getInputStream();
    >

    AFAIK, this should be possible. But judging from your question, you seem
    to have trouble with it.
    I've created a test applet using your code snippet, and hosted on my
    local Apache webserver. It works perfectly with JRE 1.5.0_03 (no
    AccessControlExceptions).
    --
    Regards,

    Roland de Ruiter
    ` ___ ___
    `/__/ w_/ /__/
    / \ /_/ / \
     
    Roland, Jun 13, 2005
    #3
  4. Roedy Green

    Lucy Guest

    "Roedy Green" <> wrote in message
    news:...
    > On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    > <> wrote or quoted :
    >
    > >I have been blithely reading files via URL from an Applet. They
    > >worked fine locally, but with Java 1.5 I'm getting
    > >AccessControlExceptions. I should have been getting these all along.
    > >
    > >Any comments on this?
    > >--

    >
    > Is an unsigned Applet supposed to be able to read arbitrary files from
    > the server it came from with


    I was under the impression that the unsigned Applet could be able
    to access (read and write) from the server it came from, but only
    within the same directory (sub)tree if that is the right word. I.e.
    if ~jones has an applet, it cannot access ~smith files.

    >
    > url = new URL( getDocumentBase(), "../xxxx.ser" );
    > URLConnection urlc = (URLConnection)url.openConnection();
    > urlc.setAllowUserInteraction( false );
    > urlc.setDoInput( true );
    > urlc.setDoOutput( false );
    > urlc.setUseCaches( false );
    > urlc.connect();
    > InputStream is = urlc.getInputStream();
    >
    > --
    > Bush crime family lost/embezzled $3 trillion from Pentagon.
    > Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    > http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm
    >
    > Canadian Mind Products, Roedy Green.
    > See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Lucy, Jun 13, 2005
    #4
  5. Roedy Green

    Roland Guest

    On 13-6-2005 21:46, Lucy wrote:

    > "Roedy Green" <> wrote in message
    > news:...
    >
    >>On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    >><> wrote or quoted :
    >>
    >>
    >>>I have been blithely reading files via URL from an Applet. They
    >>>worked fine locally, but with Java 1.5 I'm getting
    >>>AccessControlExceptions. I should have been getting these all along.
    >>>
    >>>Any comments on this?
    >>>--

    >>
    >>Is an unsigned Applet supposed to be able to read arbitrary files from
    >>the server it came from with

    >
    >
    > I was under the impression that the unsigned Applet could be able
    > to access (read and write) from the server it came from, but only
    > within the same directory (sub)tree if that is the right word. I.e.
    > if ~jones has an applet, it cannot access ~smith files.
    >


    This is not the case: an applet is allowed to read a resource at levels
    higher than the document base (i.e. where the document containing the
    applet resides).

    A Java applet has no knowledge of what "~jones" means. That's entirely
    defined by the webserver. Though, it is possible that the webserver does
    not allow to access resources of "~smith" (for instance because user
    "smith" has restricted access rights of his/her files or folders). In
    that case the webserver probably would return a 403 (Forbidden) or a 404
    (Not Found) response, and the urlc.connect() below would throw an
    IOException, rather than the applet throwing an AccessControlException.

    >
    >>url = new URL( getDocumentBase(), "../xxxx.ser" );
    >> URLConnection urlc = (URLConnection)url.openConnection();
    >> urlc.setAllowUserInteraction( false );
    >> urlc.setDoInput( true );
    >> urlc.setDoOutput( false );
    >> urlc.setUseCaches( false );
    >> urlc.connect();
    >> InputStream is = urlc.getInputStream();


    --
    Regards,

    Roland de Ruiter
    ` ___ ___
    `/__/ w_/ /__/
    / \ /_/ / \
     
    Roland, Jun 13, 2005
    #5
  6. Roedy Green

    Lucy Guest

    "Roland" <> wrote in message
    news:42adf01b$0$83698$4all.nl...
    > On 13-6-2005 21:46, Lucy wrote:
    >
    > > "Roedy Green" <> wrote in message
    > > news:...
    > >
    > >>On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    > >><> wrote or quoted :
    > >>
    > >>
    > >>>I have been blithely reading files via URL from an Applet. They
    > >>>worked fine locally, but with Java 1.5 I'm getting
    > >>>AccessControlExceptions. I should have been getting these all along.
    > >>>
    > >>>Any comments on this?
    > >>>--
    > >>
    > >>Is an unsigned Applet supposed to be able to read arbitrary files from
    > >>the server it came from with

    > >
    > >
    > > I was under the impression that the unsigned Applet could be able
    > > to access (read and write) from the server it came from, but only
    > > within the same directory (sub)tree if that is the right word. I.e.
    > > if ~jones has an applet, it cannot access ~smith files.
    > >

    >
    > This is not the case: an applet is allowed to read a resource at levels
    > higher than the document base (i.e. where the document containing the
    > applet resides).
    >
    > A Java applet has no knowledge of what "~jones" means. That's entirely
    > defined by the webserver. Though, it is possible that the webserver does
    > not allow to access resources of "~smith" (for instance because user
    > "smith" has restricted access rights of his/her files or folders). In
    > that case the webserver probably would return a 403 (Forbidden) or a 404
    > (Not Found) response, and the urlc.connect() below would throw an
    > IOException, rather than the applet throwing an AccessControlException.


    Guess I better go protect my files right away WOWOWOWOWOWOWOW.
    And, also, YIPES !!!
     
    Lucy, Jun 13, 2005
    #6
  7. Roedy Green

    Roland Guest

    On 13-6-2005 23:11, Lucy wrote:

    > "Roland" <> wrote in message
    > news:42adf01b$0$83698$4all.nl...
    >
    >>On 13-6-2005 21:46, Lucy wrote:
    >>
    >>
    >>>"Roedy Green" <> wrote in message
    >>>news:...
    >>>
    >>>
    >>>>On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    >>>><> wrote or quoted :
    >>>>
    >>>>
    >>>>
    >>>>>I have been blithely reading files via URL from an Applet. They
    >>>>>worked fine locally, but with Java 1.5 I'm getting
    >>>>>AccessControlExceptions. I should have been getting these all along.
    >>>>>
    >>>>>Any comments on this?
    >>>>>--
    >>>>
    >>>>Is an unsigned Applet supposed to be able to read arbitrary files from
    >>>>the server it came from with
    >>>
    >>>
    >>>I was under the impression that the unsigned Applet could be able
    >>>to access (read and write) from the server it came from, but only
    >>>within the same directory (sub)tree if that is the right word. I.e.
    >>>if ~jones has an applet, it cannot access ~smith files.
    >>>

    >>
    >>This is not the case: an applet is allowed to read a resource at levels
    >>higher than the document base (i.e. where the document containing the
    >>applet resides).
    >>
    >>A Java applet has no knowledge of what "~jones" means. That's entirely
    >>defined by the webserver. Though, it is possible that the webserver does
    >>not allow to access resources of "~smith" (for instance because user
    >>"smith" has restricted access rights of his/her files or folders). In
    >>that case the webserver probably would return a 403 (Forbidden) or a 404
    >>(Not Found) response, and the urlc.connect() below would throw an
    >>IOException, rather than the applet throwing an AccessControlException.

    >
    >
    > Guess I better go protect my files right away WOWOWOWOWOWOWOW.
    > And, also, YIPES !!!


    On Unix/Linux systems running a webserver, the URL

    http://your.server.com/~yourname/

    typically --but not allways-- corresponds to the subdirectory
    'public_html' in your home directory, e.g.

    /usr/home/yourname/public_html/

    and not your entire homedir tree:

    /usr/home/yourname/

    All files in 'public_html' and subdirs are typically readable by the
    webserver (otherwise it cannot serve them to some browser, at the other
    side of the world, for example). For the remaining files in your homedir
    tree you should apply normal access rules, i.e. protecting files from
    access by others if you want don't want to share them, and less strict
    if you do.

    I don't have experience with webservers running on a Windows host, but I
    guess a similar setup is conceivable, i.e. some subfolder containing
    files accessible and served by the webserver, remaining files protected
    by normal access rules.
    --
    Regards,

    Roland de Ruiter
    ` ___ ___
    `/__/ w_/ /__/
    / \ /_/ / \
     
    Roland, Jun 13, 2005
    #7
  8. Roedy Green

    John Currier Guest

    Even if an applet had those restrictions the "protected" resources
    would still be available from any browser not running the applet.

    You're probably thinking of the visibility scope of an HTTP session.

    John
    http://schemaspy.sourceforge.net
     
    John Currier, Jun 14, 2005
    #8
  9. Roedy Green

    Lucy Guest

    "Roland" <> wrote in message
    news:42ae035c$0$84219$4all.nl...
    > On 13-6-2005 23:11, Lucy wrote:
    >
    > > "Roland" <> wrote in message
    > > news:42adf01b$0$83698$4all.nl...
    > >
    > >>On 13-6-2005 21:46, Lucy wrote:
    > >>
    > >>
    > >>>"Roedy Green" <> wrote in message
    > >>>news:...
    > >>>
    > >>>
    > >>>>On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    > >>>><> wrote or quoted :
    > >>>>
    > >>>>
    > >>>>
    > >>>>>I have been blithely reading files via URL from an Applet. They
    > >>>>>worked fine locally, but with Java 1.5 I'm getting
    > >>>>>AccessControlExceptions. I should have been getting these all along.
    > >>>>>
    > >>>>>Any comments on this?
    > >>>>>--
    > >>>>
    > >>>>Is an unsigned Applet supposed to be able to read arbitrary files from
    > >>>>the server it came from with
    > >>>
    > >>>
    > >>>I was under the impression that the unsigned Applet could be able
    > >>>to access (read and write) from the server it came from, but only
    > >>>within the same directory (sub)tree if that is the right word. I.e.
    > >>>if ~jones has an applet, it cannot access ~smith files.
    > >>>
    > >>
    > >>This is not the case: an applet is allowed to read a resource at levels
    > >>higher than the document base (i.e. where the document containing the
    > >>applet resides).
    > >>
    > >>A Java applet has no knowledge of what "~jones" means. That's entirely
    > >>defined by the webserver. Though, it is possible that the webserver does
    > >>not allow to access resources of "~smith" (for instance because user
    > >>"smith" has restricted access rights of his/her files or folders). In
    > >>that case the webserver probably would return a 403 (Forbidden) or a 404
    > >>(Not Found) response, and the urlc.connect() below would throw an
    > >>IOException, rather than the applet throwing an AccessControlException.

    > >
    > >
    > > Guess I better go protect my files right away WOWOWOWOWOWOWOW.
    > > And, also, YIPES !!!

    >
    > On Unix/Linux systems running a webserver, the URL
    >
    > http://your.server.com/~yourname/
    >
    > typically --but not allways-- corresponds to the subdirectory
    > 'public_html' in your home directory, e.g.
    >
    > /usr/home/yourname/public_html/
    >
    > and not your entire homedir tree:
    >
    > /usr/home/yourname/
    >
    > All files in 'public_html' and subdirs are typically readable by the
    > webserver (otherwise it cannot serve them to some browser, at the other
    > side of the world, for example). For the remaining files in your homedir
    > tree you should apply normal access rules, i.e. protecting files from
    > access by others if you want don't want to share them, and less strict
    > if you do.


    So it looks like you are saying that anyone can access any of my files
    unless I protect each and every one of them. This is the YIKES scenario.
    I better run over and protect them all. But wait, since I have access to
    everyone elses files, I can just destroy them first.

    > I don't have experience with webservers running on a Windows host, but I
    > guess a similar setup is conceivable, i.e. some subfolder containing
    > files accessible and served by the webserver, remaining files protected
    > by normal access rules.
    > --
    > Regards,
    >
    > Roland de Ruiter
    > ` ___ ___
    > `/__/ w_/ /__/
    > / \ /_/ / \
     
    Lucy, Jun 14, 2005
    #9
  10. Roedy Green

    Roland Guest

    On 14-6-2005 5:26, Lucy wrote:
    > "Roland" <> wrote in message
    > news:42ae035c$0$84219$4all.nl...
    >
    >>On 13-6-2005 23:11, Lucy wrote:
    >>
    >>
    >>>"Roland" <> wrote in message
    >>>news:42adf01b$0$83698$4all.nl...
    >>>
    >>>
    >>>>On 13-6-2005 21:46, Lucy wrote:
    >>>>
    >>>>
    >>>>
    >>>>>"Roedy Green" <> wrote in message
    >>>>>news:...
    >>>>>
    >>>>>
    >>>>>
    >>>>>>On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    >>>>>><> wrote or quoted :
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>I have been blithely reading files via URL from an Applet. They
    >>>>>>>worked fine locally, but with Java 1.5 I'm getting
    >>>>>>>AccessControlExceptions. I should have been getting these all along.
    >>>>>>>
    >>>>>>>Any comments on this?
    >>>>>>>--
    >>>>>>
    >>>>>>Is an unsigned Applet supposed to be able to read arbitrary files from
    >>>>>>the server it came from with
    >>>>>
    >>>>>
    >>>>>I was under the impression that the unsigned Applet could be able
    >>>>>to access (read and write) from the server it came from, but only
    >>>>>within the same directory (sub)tree if that is the right word. I.e.
    >>>>>if ~jones has an applet, it cannot access ~smith files.
    >>>>>
    >>>>
    >>>>This is not the case: an applet is allowed to read a resource at levels
    >>>>higher than the document base (i.e. where the document containing the
    >>>>applet resides).
    >>>>
    >>>>A Java applet has no knowledge of what "~jones" means. That's entirely
    >>>>defined by the webserver. Though, it is possible that the webserver does
    >>>>not allow to access resources of "~smith" (for instance because user
    >>>>"smith" has restricted access rights of his/her files or folders). In
    >>>>that case the webserver probably would return a 403 (Forbidden) or a 404
    >>>>(Not Found) response, and the urlc.connect() below would throw an
    >>>>IOException, rather than the applet throwing an AccessControlException.
    >>>
    >>>
    >>>Guess I better go protect my files right away WOWOWOWOWOWOWOW.
    >>>And, also, YIPES !!!

    >>
    >>On Unix/Linux systems running a webserver, the URL
    >>
    >> http://your.server.com/~yourname/
    >>
    >>typically --but not allways-- corresponds to the subdirectory
    >>'public_html' in your home directory, e.g.
    >>
    >> /usr/home/yourname/public_html/
    >>
    >>and not your entire homedir tree:
    >>
    >> /usr/home/yourname/
    >>
    >>All files in 'public_html' and subdirs are typically readable by the
    >>webserver (otherwise it cannot serve them to some browser, at the other
    >>side of the world, for example). For the remaining files in your homedir
    >>tree you should apply normal access rules, i.e. protecting files from
    >>access by others if you want don't want to share them, and less strict
    >>if you do.

    >
    >
    > So it looks like you are saying that anyone can access any of my files
    > unless I protect each and every one of them. This is the YIKES scenario.
    > I better run over and protect them all. But wait, since I have access to
    > everyone elses files, I can just destroy them first.

    Yeah, right on... Eliminate your opponents before they harm you. :cool:

    Files that reside on your website (/usr/home/yourname/public_html/)
    should be *readable* by others (the webserver in particular), but this
    doesn't mean others can --or rather should be allowed to-- replace,
    alter or delete them. This is the way you should protect your website
    files: readable for others, writable (changeable) only by yourself. For
    other files, changeable only by yourself is always recommended, and
    readable by others according to the confidentially of each file.
    --
    Regards,

    Roland de Ruiter
    ` ___ ___
    `/__/ w_/ /__/
    / \ /_/ / \
     
    Roland, Jun 14, 2005
    #10
  11. Roedy Green

    Roedy Green Guest

    On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    <> wrote or quoted :

    >I have been blithely reading files via URL from an Applet. They
    >worked fine locally, but with Java 1.5 I'm getting
    >AccessControlExceptions. I should have been getting these all along.


    I think I have figured out what is going on. Running the applet
    locally the applet is only allowed to access its directories and
    descendants. Moving the files into a descendant seems to have cleared
    up the problem. It a nuisance trying to share files.



    Is this:

    1. what is supposed to happen

    2. a Java bug

    3. an Opera bug

    4. one of those vaguely defined things.

    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 15, 2005
    #11
  12. Roedy Green

    Roedy Green Guest

    On Mon, 13 Jun 2005 04:08:43 GMT, Roedy Green
    <> wrote or quoted :

    >I have been blithely reading files via URL from an Applet. They
    >worked fine locally, but with Java 1.5 I'm getting
    >AccessControlExceptions. I should have been getting these all along.


    I have discovered by experiment that when an Applet runs locally, it
    is only allowed to read files in the same directory or in a
    subdirectory of that directory. It can't read files in the parents or
    sibling directories, just child directories. I have not performed the
    corresponding experiments on websites. I did my tests with the Opera
    browser on Win2K.

    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 15, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JayDS
    Replies:
    5
    Views:
    4,650
    JayDS
    Aug 19, 2003
  2. Thanasis \(sch\)
    Replies:
    0
    Views:
    5,479
    Thanasis \(sch\)
    Mar 1, 2004
  3. Chandrashekar Tippur

    AccessControlException while trying to run applet

    Chandrashekar Tippur, Apr 24, 2004, in forum: Java
    Replies:
    2
    Views:
    2,021
    Roedy Green
    Apr 26, 2004
  4. Ken Kast

    AccessControlException

    Ken Kast, May 23, 2004, in forum: Java
    Replies:
    1
    Views:
    456
    Chris Smith
    May 24, 2004
  5. BADBOY
    Replies:
    8
    Views:
    6,685
    Roedy Green
    Jul 12, 2004
Loading...

Share This Page