Java RMI security problems.

Energize

Energize

Energize

Caporegime
Joined
12 Mar 2004
Posts
29,962
Location
England
I keep getting this error message whenever I try to run the applet inside a web browser.
Code: 
java.sexurity.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
Code: 
import java.rmi.*;

public class ChatServer {
    public ChatServer() {
        try {
            ChatImplementation ci = new ChatImplementation();
            Naming.rebind("rmi://localhost/ChatService", ci);
		} catch (Exception e) {
            System.out.println(e);
		}
    }

    public static void main(String args[]) {
        new ChatServer();
    }
}

Code: 
import java.rmi.*;
import javax.swing.*;
import java.util.*;

public interface ChatInterface extends Remote {
    
    public void logOn(String name) throws RemoteException;

    public void sendText(String text) throws RemoteException;

    public JTextArea updateChat() throws RemoteException;

    public Vector getUsers() throws RemoteException;
}

Code: 
import java.util.*;
import java.rmi.*;
import java.rmi.server.*;
import javax.swing.*;

public class ChatImplementation extends UnicastRemoteObject implements ChatInterface {
    private Vector userList = new Vector();
    private JTextArea chatText = new JTextArea();

    public ChatImplementation() throws RemoteException {
        super();
    }
    
    public void logOn(String name) throws RemoteException {
        userList.add(name);
    }

    public void sendText(String text) throws RemoteException {
        chatText.append(text + "\n");
    }

    public JTextArea updateChat() throws RemoteException {
        return chatText;
    }

    public Vector getUsers() throws RemoteException {
        return userList;
    }
}

Code: 
package program;
import javax.swing.*;
import java.awt.*;
import java.awt.event.*;
import java.rmi.*;

public class ChatClient extends JApplet implements ActionListener {
        JTextArea userText;
        JTextArea chatText;
        JButton send;
        JList userList;
        ChatInterface c;
        String nick;

     public void init() {
        try {
            c = (ChatInterface) Naming.lookup("rmi://localhost/ChatService");
            JPanel contentPanel = new JPanel();
            setContentPane(contentPanel);
            contentPanel.setLayout(new BorderLayout());
            JPanel textEntry = new JPanel();
            userList = new JList(c.getUsers());
            JScrollPane usersList = new JScrollPane(userList);
            chatText = c.updateChat();
            JScrollPane chatScrollPane = new JScrollPane(chatText);
            contentPanel.add(chatScrollPane, BorderLayout.CENTER);
            contentPanel.add(textEntry, BorderLayout.SOUTH);
            contentPanel.add(usersList, BorderLayout.EAST);
            userText = new JTextArea (3, 30);
            JScrollPane userScrollPane = new JScrollPane(userText);
            textEntry.add(userScrollPane);
            send = new JButton("Send");
            send.addActionListener(this);
            textEntry.add(send);
            userList.setPrototypeCellValue("------------------------");
            chatText.setLineWrap(true);
            userText.setLineWrap(true);
            chatText.setEditable(false);
            c.logOn(JOptionPane.showInputDialog(null, "Please enter a user name"));
            updateUsers();
        } catch (Exception e) {
            JOptionPane.showMessageDialog(null, e);
        }
    }

     public void updateChat() {
        try {
            chatText.setText(c.updateChat().getText());
        } catch (Exception e) {
            JOptionPane.showMessageDialog(null, e);
        }
     }

     public void updateUsers() {
         try {
            userList.setListData(c.getUsers());
         } catch (Exception e) {
             JOptionPane.showMessageDialog(null, e);
         }
     }

     public void actionPerformed(ActionEvent ae) {
         if (! userText.getText().equals("")) {
            try {
                c.sendText(nick + ": " + userText.getText());
            } catch (Exception e) {
                JOptionPane.showMessageDialog(null, e);
            }
            userText.setText(null);
            updateChat();
        }
     }
}

However if I run the client as a swing application like this, it runs fine.

Code: 
import javax.swing.*;
import java.awt.*;
import java.awt.event.*;
import java.rmi.*;

public class ChatClient extends JFrame implements ActionListener {
        JTextArea userText;
        JTextArea chatText;
        JButton send;
        JList userList;
        ChatInterface c;
        String nick;

     public ChatClient() {
	super();
        try {
            c = (ChatInterface) Naming.lookup("rmi://localhost/ChatService");
            JPanel contentPanel = new JPanel();
            setContentPane(contentPanel);
            contentPanel.setLayout(new BorderLayout());
            JPanel textEntry = new JPanel();
            userList = new JList(c.getUsers());
            JScrollPane usersList = new JScrollPane(userList);
            chatText = c.updateChat();
            JScrollPane chatScrollPane = new JScrollPane(chatText);
            contentPanel.add(chatScrollPane, BorderLayout.CENTER);
            contentPanel.add(textEntry, BorderLayout.SOUTH);
            contentPanel.add(usersList, BorderLayout.EAST);
            userText = new JTextArea (3, 30);
            JScrollPane userScrollPane = new JScrollPane(userText);
            textEntry.add(userScrollPane);
            send = new JButton("Send");
            send.addActionListener(this);
            textEntry.add(send);
            userList.setPrototypeCellValue("------------------------");
            chatText.setLineWrap(true);
            userText.setLineWrap(true);
            chatText.setEditable(false);
        } catch (Exception e) {
            JOptionPane.showInputDialog(null, e);
        }
        nick = JOptionPane.showInputDialog(null, "Please enter a user name");
        logOn(nick);
	setVisible(true);
	pack();
	setDefaultCloseOperation(EXIT_ON_CLOSE);
    }

     public void logOn(String name) {
         try {
            c.logOn(name);
            updateUsers();
         } catch (Exception e) {
            JOptionPane.showInputDialog(null, e);
         }
     }

     public void updateChat() {
        try {
            chatText.setText(c.updateChat().getText());
        } catch (Exception e) {
            JOptionPane.showInputDialog(null, e);
        }
     }

     public void updateUsers() {
         try {
            userList.setListData(c.getUsers());
         } catch (Exception e) {
             JOptionPane.showInputDialog(null, e);
         }
     }

     public void actionPerformed(ActionEvent ae) {
         if (! userText.getText().equals("")) {
            try {
                c.sendText(nick + ": " + userText.getText());
            } catch (Exception e) {
                JOptionPane.showInputDialog(null, e);
            }
            userText.setText(null);
            updateChat();
        }
     }

    public static void main(String[] args) {
	new ChatClient();
	}
}

This is my html code.

Code: 
<html>
<applet code = 'program.ChatClient' 
    archive = 'Program.jar', 
    width = 600, 
    height = 600 />
</html>

The jar file contains the ChatClient and the ChatInterface classes and was created by netbeans, all the files are running from the same directory.
 
Last edited:
Doesn't the applet have a more restrictive security manager? I think instead of making an applet you could launch it using java webstart or if I recall rightly you can manually set more permissions on the security manager, although I think there are some things you just can't do on an applet - sockets are prolly one of them, I'd also suspect writing files willy nilly, but that last bit is just speculation.
 
Yeah I'm trying to override the permissions but I'm not getting very far. Adding this to the client and server
Code: 
System.setProperty("java.security.policy", "C:\\Program Files\\Java\\jdk1.6.0_18\\bin\\server.policy");
	System.setSecurityManager(new RMISecurityManager());
with this policy
Code: 
grant {
permission java.security.AllPermission;
};
gets me past the first error onto this one
Code: 
Java Plug-in 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Users\Ash
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.System.setProperty(Unknown Source)
	at program.ChatClient.init(ChatClient.java:16)
	at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
:(
 
Like I say, I don't think its an RMI problem. You need someone who does applets. A fast google shows that the security manager for an applet only allows you to open a socket to the originating webserver, your code opens a socket to the localhost and since the code runs client side then it'll try to be accessing the PC that it is running on.

You're trying to set an all permission on the security manager, yes, but you can't just do that for an applet otherwise you'd prolly find virus writers making 1 pixel wide applets which opens a socket and downloads and executes malicious code...

Anyway... I think your server app isn't running as an applet (which should be correct), if that is right and the firewall policy is correct on the server machine then try to change the code on the client applet to actually connect to that server not localhost of the machine running the applet? Other than that I'd research more into what the security manager in an applet does and doesn't allow.
 
If I try to run the applet in netbeans I get this error,
error777.png


could this be related?
 
I set everything up in netbeans and now everything works correctly using the netbeans program without any security modifications or anything.
 
You must log in or register to reply here.
Back
Top Bottom