Re: Applets, JAXB and security policy
Myriam Abramson wrote:
Please refrain from top-posting. I find it most confusing.
I get this message without a java.policy granting all permissions.
No. You get that message..
1) When the code is running with a security manager and
2) Lacks 'full trust', when
3) Attempting things that require full trust.
The situation you describe is *one* way to get around
that trust issue, but not a very good one.
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.util.PropertyPermission javax.xml.bind.JAXBContext read)
OK - how exactly is the applet attempting to read the JAXBContext?
Is it something done directly in your code (URL or File, perhaps) or is
it invoked by other (e.g. JAXB) code over which you have no control?
An URL should be able to work sandboxed, whereas the File will
*not* be practical for an applet reading data off a remote server.
JAXB tries to read something ..
That is sounding more like 'invoked from code beyond your control',
but I'd be interested to hear how the initial connection is formeD (URL
or File) as that might influence other later decisions between using Files
or URLs.
..so it becomes a security issue for the
applet if I understand it correctly?
It is not entirely clear to me yet, some 'read's will be allowed,
but it seems (from the scant evidence so far) that this applet
is trying to establish File objects, which makes little sense
in an applet (ever).
Can you provide a self contained code example that shows
the same effect?
--
Andrew Thompson
http://www.physci.org/
Message posted via JavaKB.com
http://www.javakb.com/Uwe/Forums.aspx/java-general/200712/1