Stephen_Miller
October 10th, 2000, 09:38 AM
Hello,
We are hoping that someone can help explain whether there's a solution to
a problem we are having with a jdk1.1.8 applet w.r.t. network security.
Basically, we would like to have our applet jar file "scroller.jar" embedded
in an html file "scroller.html" residing on a web host - "host_A", say - and
supposing that it's url is "http://www.site_of_a.com/scroller.html".
When started, the applet would try to access another html file "news.html"
on a different web host - "host_B", say - and suppose it's url is
"http://www.site_of_b.com/news.html".
Now, access of "news.html" by our DataReader class archived in "scroller.jar"
involves the following calls ( with appropriate try{} and catch{}'s ) :
URL newsUrl = new URL( "http://www.site_of_b.com/news.html");
DataInputStream input = new DataInputStream( newsUrl.openStream() );
and it is the call to openStream() that seems to be causing the problem -
resulting in something like the following being dumped on the java console :
com.ms.security.SecurityExceptionEx[DataReader.readHtmlFile]: cannot connect to "www.site_of_b.com"
at com/ms/security/permissions/NetIOPermission.check
at com/ms/security/PolicyEngine.deepCheck
at com/ms/security/PolicyEngine.checkPermission
at com/ms/security/StandardSecurityManager.chk
at com/ms/security/StandardSecurityManager.chkex
at com/ms/security/StandardSecurityManager.checkConnect
at com/ms/net/wininet/WininetURLConnection.connect
at com/ms/net/wininet/WininetURLConnection.getInputStream
at java/net/URL.openStream
at DataReader.readHtmlFile
at DataReader.run
at java/lang/Thread.run
As you might gather, the browser being used is Microsoft's Internet Explorer
( which is a requirement ) and our applet is developed with jdk1.1.8 for
compatibility with existing browsers.
Now first of all, I'm wondering if what we're trying to do is totally against
jdk1.1.8's security design and there's no way around it without making use of
digital certificates ( which would require each web user to make use such
certificates and so on ).
Java texts often state that a java applet cannot connect to or accept a
connection from any computer other than the one it was downloaded from.
Is this exactly what we're trying to do with our applet ?
Am I correct in thinking that the com.ms.security.SecurityExceptionEx being
thrown is from the Internet Explorer application that a web user is using to
open "http://www.site_of_a.com/scroller.html" ?
We don't know if it's a complicating factor but in our test case, both of
the above domains actually map to the same file system by our web server
- ie. "http://www.site_of_a.com/" maps to a folder like D:\htdocs and
"http://www.site_of_b.com/" maps to D:\htdocs\aussieone.
Things work fine if both "scroller.html" and "news.html" are in the same
folder and are in the same web domain but we would like to be able to have
the two html files at different domains.
Many thanks ahead of time.
We are hoping that someone can help explain whether there's a solution to
a problem we are having with a jdk1.1.8 applet w.r.t. network security.
Basically, we would like to have our applet jar file "scroller.jar" embedded
in an html file "scroller.html" residing on a web host - "host_A", say - and
supposing that it's url is "http://www.site_of_a.com/scroller.html".
When started, the applet would try to access another html file "news.html"
on a different web host - "host_B", say - and suppose it's url is
"http://www.site_of_b.com/news.html".
Now, access of "news.html" by our DataReader class archived in "scroller.jar"
involves the following calls ( with appropriate try{} and catch{}'s ) :
URL newsUrl = new URL( "http://www.site_of_b.com/news.html");
DataInputStream input = new DataInputStream( newsUrl.openStream() );
and it is the call to openStream() that seems to be causing the problem -
resulting in something like the following being dumped on the java console :
com.ms.security.SecurityExceptionEx[DataReader.readHtmlFile]: cannot connect to "www.site_of_b.com"
at com/ms/security/permissions/NetIOPermission.check
at com/ms/security/PolicyEngine.deepCheck
at com/ms/security/PolicyEngine.checkPermission
at com/ms/security/StandardSecurityManager.chk
at com/ms/security/StandardSecurityManager.chkex
at com/ms/security/StandardSecurityManager.checkConnect
at com/ms/net/wininet/WininetURLConnection.connect
at com/ms/net/wininet/WininetURLConnection.getInputStream
at java/net/URL.openStream
at DataReader.readHtmlFile
at DataReader.run
at java/lang/Thread.run
As you might gather, the browser being used is Microsoft's Internet Explorer
( which is a requirement ) and our applet is developed with jdk1.1.8 for
compatibility with existing browsers.
Now first of all, I'm wondering if what we're trying to do is totally against
jdk1.1.8's security design and there's no way around it without making use of
digital certificates ( which would require each web user to make use such
certificates and so on ).
Java texts often state that a java applet cannot connect to or accept a
connection from any computer other than the one it was downloaded from.
Is this exactly what we're trying to do with our applet ?
Am I correct in thinking that the com.ms.security.SecurityExceptionEx being
thrown is from the Internet Explorer application that a web user is using to
open "http://www.site_of_a.com/scroller.html" ?
We don't know if it's a complicating factor but in our test case, both of
the above domains actually map to the same file system by our web server
- ie. "http://www.site_of_a.com/" maps to a folder like D:\htdocs and
"http://www.site_of_b.com/" maps to D:\htdocs\aussieone.
Things work fine if both "scroller.html" and "news.html" are in the same
folder and are in the same web domain but we would like to be able to have
the two html files at different domains.
Many thanks ahead of time.