javascript access applet security issues

Category: Web Develop
 
wane99
2009-07-19 12:55:34

Sponsored Links
One a signed applet, the client runtime, by operating the buttons on the applet interface, everything is normal, including the local file system on the client to write the log.
but all the way once using the javascript call to perform, you encounter security issues:
java.security.AccessControlException: access denied (java.io.FilePermission C: \ Documents and Settings \ CozyWikiup \ Desktop \ SoftPhone read)
at java.security.AccessControlContext.checkPermission (Unknown Source)
at java.security.AccessController.checkPermission (Unknown Source)
at java.lang.SecurityManager.checkPermission (Unknown Source)
at java.lang.SecurityManager.checkRead (Unknown Source)
at java.io.File.exists (Unknown Source)
at gcti.TelePhone.log (Unknown Source)
at gcti.TelePhone.connect (Unknown Source)
at gcti.TelePhone $ 1.run (Unknown Source )
currently using jre version 1.4.2_09, 1.4.2_05 on the network that the use of the previous version does not have this problem, but the project team is not allowed to do so.
After inspection, found to be due before the amendment of the original version in 1.4.2_05 applet method call in javascript, not using the applet security manager, loopholes, through this vulnerability could is not allowed to perform any original content. The later version 1.4.2_05 fixes this vulnerability, but the javascript call applet method, use is not signed after the applet security manager, but rather use the default sandbox security permissions and therefore can not access local resources.
Now the question is very clear, I am not going some way to make javascript to use the correct security manager to call the applet method, because the client to control the occurrence of some of the things that is more expected painful. After testing, the applet is started, create a new thread, including a method to execute the contents of the original, and now the contents of this method is modified to start the thread, so that even when using javascript to call this method, since it is Another thread, using a signed applet security manager can operate successfully. But this thread is over, the second can not be used. If flag calibration constant thread scanning approach can be made, but efficiency can not keep up.
My question is, is there a simple way to make a method call or in another specified thread, the key is that the thread is not a security manager current thread manager. Or any expert help to talk about thread or the security manager's knowledge, or any expert to solve similar problems, but please let us know!
QQ: 124340767
Email (MSN): cozywikiup@21cn.com
2006-11-09 17 hours before the line waiting, thank you!

Sponsored Links

futeng261359668
2009-07-19 01:03:57
No, studied too high, according to the volume is not on, only to Bangniding the
jessica518
2009-07-19 01:18:20
do not understand, after the signature should be able to use
catgan
2009-07-19 01:24:14
someone help?
kalvans
2009-07-19 01:36:01
someone help? Line waiting
thisistmac
2009-07-19 01:39:17
APPLET indeed after the signature has been able to access local resources to complete, but once these methods are invoked via javascript, things had changed, after analysis, in fact, because these methods by the javascript, it is located caller thread is javascript, but javascript security manager used without any authorization.
now solved the problem, use the Timer timer to start in the affairs of the original method, so that these processing is carried out in another thread, so they can get enough privileges. And after doing so, applet handle large transaction, IE and will not be "stuck".
additional use netscape.javascript.JSObject class to call the javascript function, if there is this javascript function to call this applet method, the same problem can also occur, it is estimated the control problem on the thread . Also use the Timer timer can solve this problem.
opinion between javascript and applet problem or too much, another example, a dotted rectangle appears around the page controls to prevent users interact with the patch, and use of the Abstract Window Toolkit AWT's APPLET have access violation.
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.