DFS UCF connection applet

trw

Hello,

I am attempting the DFS example outlined in the dfs developer guide and am having permission issues with my signed applet.  The applet connects fine (makes UCF connection) when run in eclipse but when run from browser I get the following message:

...java.security.AccessControlException: access denied (java.util.PropertyPermission dot.net.is.invoker read)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
    at java.lang.System.getProperty(Unknown Source)
    at com.emc.documentum.fs.rt.ucf.UcfIdRetrieverFactory.dotNetIsInvoker(UcfIdRetrieverFactory.java:34)
    at com.emc.documentum.fs.rt.ucf.UcfIdRetrieverFactory.getRetriever(UcfIdRetrieverFactory.java:22)
    at com.emc.documentum.fs.rt.ucf.UcfConnection.<init>(UcfConnection.java:150)
    at org.csagroup.SampleApplet.<init>(SampleApplet.java:17)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
    at java.awt.event.InvocationEvent.dispatch(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
basic: Applet loaded....

I have modified the java.policy and the catelina.policy by adding:

grant codeBase "file:${catalina.home}/webapps/dfsWebApp/com/documentum/ucf/client/install/installer/-" {
    permission java.security.AllPermission;
};

Is there anything else I am missing or have I not modified the policy files correctly?

Thanks,

Trevor

mszurap

Hi,

In your SampleApplet's init method modify some lines of code

// this code allows us to run the code with the Applet security privstry {Object retVal = AccessController.doPrivileged(new PrivilegedExceptionAction() {public Object run() {//check permissions, user.home property should be enoughAccessController.checkPermission(new PropertyPermission("user.home", "read"));yourPrivilegedMethod();}}); } catch (AccessControlException e) {//not enough permission: user denied it, or applet is not signedlog(e);} catch (PrivilegedActionException e) {log(e);}

So put your code which needs extra privilege in the "yourPrivilegedMethod" method.

That should do if your applet is really signed. I think you don't need to modify the tomcat's policy files.

mszurap

Hi,

In your SampleApplet's init method modify some lines of code

// this code allows us to run the code with the Applet security privstry {Object retVal = AccessController.doPrivileged(new PrivilegedExceptionAction() {public Object run() {//check permissions, user.home property should be enoughAccessController.checkPermission(new PropertyPermission("user.home", "read"));yourPrivilegedMethod();}}); } catch (AccessControlException e) {//not enough permission: user denied it, or applet is not signedlog(e);} catch (PrivilegedActionException e) {log(e);}

So put your code which needs extra privilege in the "yourPrivilegedMethod" method.

That should do if your applet is really signed. I think you don't need to modify the tomcat's policy files.

trw

Thanks!  This solved the problem.  Applet now runs fien and creates the UCF connection

mszurap

I'm glad it's working!