From: Roland.Schemers@Eng (Roland Schemers)
Message-Id: <199709291756.KAA27833@crypto.eng.sun.com>
Subject: Re: JDK1.2EA1 and Digital Signatures
To: paul.andrighetti@Central (PAUL ANDRIGHETTI)
Date: Mon, 29 Sep 1997 10:56:19 -0800 (PDT)
In-Reply-To: <342FCE44.7B6A080A@Central.Sun.COM> from "PAUL ANDRIGHETTI" at Sep 29, 97 09:50:29 am
>
> I am trying to use appletviewer to load the digitally signed applet, but
> keep getting the following:
>
> /home/pandrigh> appletviewer sl303/digsig/demo/DigitalSig.html
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission accessProperties )
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:154)
> at
> java.security.AccessController.checkPermission(AccessController.java:248)
> at
> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:840)
> at java.lang.System.getProperties(System.java:393)
> at DirectoryLister.init(DirectoryLister.java:44)
> at sun.applet.AppletPanel.run(AppletPanel.java:283)
> at java.lang.Thread.run(Thread.java:472)
>
The answer to your problem is right there in the exception.
If you look at DirectoryLister.init, line 44, you have:
// Attempt to get the current directory
Properties p = System.getProperties();
Which applets should not be able to access by default. In JDK 1.1, signed
applets that were marked as "trusted" could do anything, but in JDK 1.2,
we have fine-grained access control. You'll have to edit your policy
to give accesss to properties. I noticed you don't even use "p" after
getting it, so I suggest removing the call to getProperties.
You then have:
String dir = System.getProperty("user.dir");
Which will also invoke a security check. And in getListing, you
have:
java.io.File f = new java.io.File(dir);
files = f.list();
Which will also invoke a check. You'll need to modify your policy
so that it allows access to the user.dir property, and so that it
can read files in the user.dir directory. I don't have an ea1 workspace
handy, and I can't recall the exact format of the policy file, as it
changed for beta. It might be:
// the "-" gives read access to all files.
permission java.io.FilePermission "-", action "read", signedBy "alias";
permission java.util.PropertyPermission "user.dir", signedBy "alias";
The format for beta would be:
grant signedBy "alias" {
permission java.io.FilePermission "-", "read";
permission java.util.PropertyPermission "user.dir";
};
roland