Date: Fri, 22 Aug 1997 10:52:21 -0700
Message-Id: <199708221752.KAA13198@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: steven.j.blumfield@ac.com
Subject: Re: JDK1.1.3 applet security exception
Hi,
Unfortunately we don't have an end-user support line. We do try to
answer a representative sampling of email that comes in, but we
actually get a lot of email, and it's difficult to answer them all.
If you are using Microsoft software to connect to JDBC, perhaps MSFT
has a support line with examples, and so on? (I don't know.) I
myself have not tried to use the MS Access DB, so I am not an expert
in debugging that configuration.
Typically, however (as described on the SFAQ at
http://java.sun.com/sfaq), downloaded applets are not allowed to
instantiate packages in the sun.* or java.* namespace. (This is
"loosely speaking".) I'm not sure why your code on line 56
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
caused a security exception. That doesn't seem like a particularly
intrusive access.
What version of Java are you using? Are you using Microsoft's JVM?
If this is an instance where the MSFT JVM doesn't allow you to
instantiate a JDBC database, it could be for a couple reasons
a) they don't have JDK 1.1 support in their JVM yet
b) they have a bug in their JDBC support
I'm just guessing here. I'm cc'ing the JDBC group, in case they have
seen this problem.
Marianne
p.s. See also this web page for pointers to email addresses. I know
that the Java engineers don't have time to answer all the questions
that pour in on the aliases but we try to answer some of the
questions.
http://java.sun.com/mail/index.html
> Cc: java-security <java-security@web2.javasoft.com>
> From: "steven.j.blumfield" <steven.j.blumfield@ac.com>
> Date: 21 Aug 97 17:01:21
>
> This is the preamble of an RFC-1341 encoded, mixed message.
>
> ---- next item ----
> Content-Type: Text/Plain
>
> Hi again,
>
> I sent an email to you about a JDK1.1.2 security exception on 30 June. I never
> received a response. I retried exec of this very basic applet with JDK1.1.3
> yesterday and am getting a similar result. Please respond ASAP - the
> attachments should not take more than a few minutes to check out!
>
> I developed an applet that includes connection to and access from an MS Access
> DB on my local workstation. It didn't work. To test this further, I created a
> simple applet "HelloAuto" (based on a sample from book "Learn Java Now") - see
> attached. The offending line is:
>
> // load the jdbc-odbc driver
> Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
>
> Compiling: "javac HelloAuto.java <Enter>" works OK.
>
> Exec: Appletviewer HelloAuto.html <Enter> produces the following in the
> DOS window.
>
> Before try loop in init()
> sun.applet.AppletSecurityException: checkpackageaccess
> at
> sun.applet.AppletSecurity.checkPackageAccess(AppletSecurity.java:628)
> at
> sun.applet.AppletClassLoader.LoadClass(AppletClassLoader.java:187)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
> at HelloAuto.init(HelloAuto.java:56)
> at sun.applet.AppletPanel.run(AppletPanel.java:287)
> at java.lang.Thread.run(Thread.java:474)
> sun.applet.AppletSecurityException: checkpackageaccess
> at
> sun.applet.AppletSecurity.checkPackageAccess(AppletSecurity.java:628)
> at
> sun.applet.AppletClassLoader.LoadClass(AppletClassLoader.java:187)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
> at HelloAuto.init(HelloAuto.java:56)
> at sun.applet.AppletPanel.run(AppletPanel.java:287)
> at java.lang.Thread.run(Thread.java:474)
> Failed:sun.applet.AppletSecurityException: checkpackageaccess
>
>
> I would appreciate your feedback on this.
>
>
>
> Thanks and Regards,
> Steve
>
>
> ---- next item ----
> Content-Type:Text/Plain; Name="HELLOA~1.JAV"
>
> //******************************************************************************
> // HelloAuto.java: Applet
> //
> //******************************************************************************
> import java.applet.*;
> import java.awt.*;
> import java.sql.*;
> import java.util.*;
>
> //==============================================================================
> // Main Class for applet HelloAuto
> //
> //==============================================================================
> public class HelloAuto extends Applet
> {
>
> // HelloAuto Class Constructor
> //--------------------------------------------------------------------------
> public HelloAuto()
> {
> // TODO: Add constructor code here
> }
>
> // APPLET INFO SUPPORT:
> // The getAppletInfo() method returns a string describing the applet's
> // author, copyright date, or miscellaneous information.
> //--------------------------------------------------------------------------
> public String getAppletInfo()
> {
> return "Name: HelloAuto\r\n" +
> "Author: Steve Blumfield";
> }
>
>
> // The init() method is called by the AWT when an applet is first loaded or
> // reloaded. Override this method to perform whatever initialization your
> // applet needs, such as initializing data structures, loading images or
> // fonts, creating frame windows, setting the layout manager, or adding UI
> // components.
> //--------------------------------------------------------------------------
> public void init()
> { Connection dbConnection;
> // If you use a ResourceWizard-generated "control creator" class to
> // arrange controls in your applet, you may want to call its
> // CreateControls() method from within this method. Remove the following
> // call to resize() before adding the call to CreateControls();
> // CreateControls() does its own resizing.
> //----------------------------------------------------------------------
> resize(320, 240);
>
> // Inserted the following to test connection to ODBC DB
> System.out.println("Before try loop in init()");
> try
> {
> // load the jdbc-odbc driver
> Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
> // System.out.println("Connecting to jdbc:odbc:" + DSN+","+UID+","+ PWD);
> // make the connection to the supplied database
> // dbConnection = DriverManager.getConnection("jdbc:odbc:" + DSN, UID, PWD);
> }
> catch (Exception e) {
> System.out.println("Failed:"+e);
> }
>
> }
>
>
> // Place additional applet clean up code here. destroy() is called when
> // when you applet is terminating and being unloaded.
> //-------------------------------------------------------------------------
> public void destroy()
> {
> // TODO: Place applet cleanup code here
> }
>
> // HelloAuto Paint Handler
> //--------------------------------------------------------------------------
> public void paint(Graphics g)
> {
> g.drawString("Hello, World", 0, 20);
> }
>
> // The start() method is called when the page containing the applet
> // first appears on the screen. The AppletWizard's initial implementation
> // of this method starts execution of the applet's thread.
> //--------------------------------------------------------------------------
> public void start()
> {
> // TODO: Place additional applet start code here
> }
>
> // The stop() method is called when the page containing the applet is
> // no longer on the screen. The AppletWizard's initial implementation of
> // this method stops execution of the applet's thread.
> //--------------------------------------------------------------------------
> public void stop()
> {
> }
>
>
>
>
> // TODO: Place additional applet code here
>
> }
>
>
> ---- next item ----
> Content-Type:Text/Plain; Name="HELLOA~1.HTM"
>
> <html>
> <head>
> <title>HelloAuto</title>
> </head>
> <body>
> <hr>
> <applet
> code=HelloAuto.class
> id=HelloAuto
> width=320
> height=240 >
> </applet>
> <hr>
> <a href="HelloAuto.java">The source.</a>
> </body>
> </html>
>
>
> ---- next item ------
>