如何解决Applet对本地文件的AccessControlException

CrazyJavar 2003-01-15 12:00:45

//程序如下
import java.awt.*;
import java.applet.*;

/**
*
*/
public class AWTPaintOverrider extends Applet
{
public void init()
{
ImageCanvas imageCanvas = new ImageCanvas("C:\\1.gif");
add(imageCanvas);
}
}

class ImageCanvas extends Canvas
{
Image image;

public ImageCanvas(String imageName)
{
image = Toolkit.getDefaultToolkit().getImage(imageName);

MediaTracker mt = new MediaTracker(this);
try
{
mt.addImage(image, 0);
mt.waitForID(0);
}
catch (InterruptedException ex)
{
ex.printStackTrace();
}
}

public void paint(Graphics g)
{
g.drawImage(image, 0, 0, null);
}

public Dimension getPreferredSize()
{
return new Dimension(image.getWidth(null), image.getHeight(null));
}
}

//异常如下：
java.security.AccessControlException: access denied (java.io.FilePermission C:\1.gif read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at sun.awt.SunToolkit.getImageFromHash(SunToolkit.java:486)
at sun.awt.SunToolkit.getImage(SunToolkit.java:500)
at ImageCanvas.<init>(AWTPaintOverrider.java:30)
at AWTPaintOverrider.init(AWTPaintOverrider.java:19)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)

...全文

98 5 打赏收藏转发到动态举报

写回复

用AI写文章

5 条回复

切换为时间正序

请发表友善的回复…

发表回复

Billy_Chen28 2003-01-20

打赏
举报

关注!

colors 2003-01-19

打赏
举报

学习

bluehawaii 2003-01-15

打赏
举报

你的applet需要签名，applet和application不同，不能随意的访问本地文件资源，我建议你去看看sun的tutorial,上面写的很清楚。

highreport 2003-01-15

打赏
举报

你没有给applet设置权限，
在dos命令下输入policytool，
单击add policy entry,在codebase中输入具有权限的目录（你的applet所在的目录），再单击addPersion,选一个权限就行拉

Patrick_DK 2003-01-15

打赏
举报

Frequently Asked Questions - Java Security

Security Top | Security Bug Chronology | Security Q & A Archive

The goal for the JDK is to enable browsers to run untrusted applets in a trusted environment. Our approach is to be conservative at first, and to add functionality when it can be added securely. The intent is to prevent applets from inspecting or changing files on the client file system. Also, the intent is to prevent applets from using network connections to circumvent file protections or people's expectations of privacy.
JDK 1.1 provides the basic technology for loading and authenticating signed classes. This enables browsers to run trusted applets in a trusted environment. This does not make obselete the need to run untrusted applets in a secure way. In the release following JDK 1.1, we will provide tools for finer-grained control of flexible security policies.

--------------------------------------------------------------------------------

See the chronology page to check on the status of security-related bugs.

--------------------------------------------------------------------------------

Applet Security
Applets
What are applets prevented from doing?
Can applets read or write files?
How do I let an applet read a file?
How do I let an applet write a file?
What system properties can be read by applets, and how?
How do I hide system properties that applets are allowed to read by default?
How can I allow applets to read system properties that they aren't allowed to read by default?
How can an applet open a network connection to a computer on the internet?
How can an applet open a network connection to its originating host?
How can an applet maintain persistent state?
Can an applet start another program running on the client?
What features of the Java language help people build secure applets?
What is the difference between applets loaded over the net, and applets loaded via the file system?
What's the applet class loader, and what does it buy me?
What's the applet security manager, and what does it buy me?
Is there a summary of applet capabilities?
If other languages are compiled to Java bytecodes, how does that affect the applet security model?
Examples
Tiny applet examples that demonstrate the security features of your web browser.
Glossary
Terms used in this FAQ.
See Also
Other references on Java security

--------------------------------------------------------------------------------

Applets
What are applets prevented from doing?
In general, applets loaded over the net are prevented from reading and writing files on the client file system, and from making network connections except to the originating host.

In addition, applets loaded over the net are prevented from starting other programs on the client. Applets loaded over the net are also not allowed to load libraries, or to define native method calls. If an applet could define native method calls, that would give the applet direct access to the underlying computer.

There are other specific capabilities denied to applets loaded over the net, but most of the applet security policy is described by those two paragraphs above. Read on for the gory details.

Can applets read or write files?
In Java-enabled browsers, untrusted applets cannot read or write files at all. By default, downloaded applets are considered untrusted. There are two ways for an applet to be considered trusted:

The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets.

The applet is signed by an identity marked as trusted in your identity database. For more information on signed applets, refer to an example of using signed applets, and to a short description on using javakey.
Sun's appletviewer allows applets to read files that reside in directories on the access control lists.

If the file is not on the client's access control list, then applets cannot access the file in any way. Specifically, applets cannot

check for the existence of the file
read the file
write the file
rename the file
create a directory on the client file system
list the files in this file (as if it were a directory)
check the file's type
check the timestamp when the file was last modified
check the file's size

How do I let an applet read a file?
Applets loaded into a Java-enabled browser can't read files.

Sun's appletviewer allows applets to read files that are named on the access control list for reading. The access control list for reading is null by default, in the JDK. You can allow applets to read directories or files by naming them in the acl.read property in your ~/.hotjava/properties file.

Note: The "~" (tilde) symbol is used on UNIX systems to refer to your home directory. If you install a web browser on your F:\ drive on your PC, and create a top-level directory named .hotjava, then your properties file is found in F:\.hotjava\properties.
For example, to allow any files in the directory home/me to be read by applets loaded into the appletviewer, add this line to your ~/.hotjava/properties file.

acl.read=/home/me

You can specify one file to be read:
acl.read=/home/me/somedir/somefile

Use ":" to separate entries:
acl.read=/home/foo:/home/me/somedir/somefile

Allowing an applet to read a directory means that it can read all the files in that directory, including any files in any subdirectories that might be hanging off that directory.

JAVA小程序运行特权的安全获取

java 安全技术大权

AccessControlException 是 Java 编程语言中的一个安全异常，它通常发生在 Java 应用程序尝试执行一些受安全策略限制的操作时。这种异常特别常见于 Applet 项目，因为 Applet 属于网页加载的代码，其安全级别被严格限定，许多操作需要特定的权限才能执行。

首先声明，我是个Java初学者，在这里谈一谈Applet和数字签名的问题。据我所知Applet实现对本地文件进行读写的方法有两种。1.修改Java_Home/lib/security/java.security文件，并把自己写好的.policy文件放到指定的目录中。2.对Applet所在的Jar包进行数字签名。先说说修改Policy文件的方法。这个方法实现起来比较简单，而且只要在.

在使用applet进行与socket通信的过程中,即使使用数字签名,也不能正常的与socket进行通信. 当与socket进行通信的时,回报出如下错误: java.security.AccessControlException: access denied (java.net.SocketPermission *.*.*.*:* connect,resolve)