A
Andrew Thompson
What is the purpose of the 'Unrestricted' option of the AppletViewer?
Try this..
1) Save the SSCCE to a convenient location (including the first
comment
line that defines an applet element for it)
2)
prompt>javac TestSecurityDemo.java
3)
prompt>appletviewer TestSecurityDemo.java
(Yes, that '.java' is intentional)
Now, click the 'Browse to File' button to see an
AccessControlException
This is logical enough, the applet is sandboxed, and browsing the
user's file system is forbidden.
Now, in AppletViewer access the 'Applet' menu, 'Properties...'
menu item, to see a dialog containing two text fields and a combo
for 'Class access:' with options 'Unrestricted' and 'Restricted'.
That implies to me, that we can select between the two, to set the
security level/privileges of the applet. Yet if you select
'Unrestricted' and try the applet again, you'll get another ACE.
It is the same effect with a self-signed applet
prompt>appletviewer http://pscode.org/test/docload/applet.html
Has anybody ever seen this combo have any effect on an applet?
Is this functionality broken? If it is, could it be considered
a bug - it is not as if I can even find documentation on the
appletviewer*?
* Yes, I can find..
<http://java.sun.com/javase/6/docs/technotes/tools/windows/
appletviewer.html>
...but it has no mention of 'Unr' or 'Class acc'.
<SSCCE>
// <applet code='TestSecurityDemo' width='300' height='100'></applet>
import java.awt.event.*;
import javax.swing.*;
public class TestSecurityDemo extends JApplet {
public void init() {
JButton openFile = new JButton("Browse to File");
openFile.addActionListener( new ActionListener(){
public void actionPerformed(ActionEvent ae) {
JFileChooser fileChooser = new JFileChooser();
fileChooser.showOpenDialog(TestSecurityDemo.this);
}
} );
getContentPane().add(openFile);
validate();
}
}
</SSCCE>
Try this..
1) Save the SSCCE to a convenient location (including the first
comment
line that defines an applet element for it)
2)
prompt>javac TestSecurityDemo.java
3)
prompt>appletviewer TestSecurityDemo.java
(Yes, that '.java' is intentional)
Now, click the 'Browse to File' button to see an
AccessControlException
This is logical enough, the applet is sandboxed, and browsing the
user's file system is forbidden.
Now, in AppletViewer access the 'Applet' menu, 'Properties...'
menu item, to see a dialog containing two text fields and a combo
for 'Class access:' with options 'Unrestricted' and 'Restricted'.
That implies to me, that we can select between the two, to set the
security level/privileges of the applet. Yet if you select
'Unrestricted' and try the applet again, you'll get another ACE.
It is the same effect with a self-signed applet
prompt>appletviewer http://pscode.org/test/docload/applet.html
Has anybody ever seen this combo have any effect on an applet?
Is this functionality broken? If it is, could it be considered
a bug - it is not as if I can even find documentation on the
appletviewer*?
* Yes, I can find..
<http://java.sun.com/javase/6/docs/technotes/tools/windows/
appletviewer.html>
...but it has no mention of 'Unr' or 'Class acc'.
<SSCCE>
// <applet code='TestSecurityDemo' width='300' height='100'></applet>
import java.awt.event.*;
import javax.swing.*;
public class TestSecurityDemo extends JApplet {
public void init() {
JButton openFile = new JButton("Browse to File");
openFile.addActionListener( new ActionListener(){
public void actionPerformed(ActionEvent ae) {
JFileChooser fileChooser = new JFileChooser();
fileChooser.showOpenDialog(TestSecurityDemo.this);
}
} );
getContentPane().add(openFile);
validate();
}
}
</SSCCE>
