views:

1406

answers:

4

Can a JApplet use a JFileChooser so that the user can select a file on his hard-drive? Or would this violate Java applet security? (I'm assuming that the default security settings are being used. I don't want to ask my users to grant me extra permissions.)

+1  A: 

In that case (of using default settings), you're correct, the default security manager does not allow access to local files.

Chris Jester-Young
+2  A: 

This thread indicates that you need to digitally sign your applet before a JFileChooser is permitted.

Michael Myers
+1  A: 

You will probably have to use PrivilegedAction to read anything from the user's hard drive. Just as @mmyers said you'll have to sign your applet as well.

So your answer is yes, I've done this before so I know it can be done.

Eric Wendelin
A: 

As mentioned, you need to sign your applet, which result in a "vague security warning" when the user is presented the applet. When the user accept to run this applet, the applet is given full access and functions like an ordinary application with it's obvious security implications. I'm in the same dilemma regarding a web application I'm working on and is not yet sure if it'll get deployed.

You could alternatively use the built-in filebrowser in the webbrowser and bounce back the file-content from your server if you're working with smaller files.

Also, some security measures you can make regarding a signed applet are:

  • Validating the origin of the applet code.

    URL appletUrl = MyApplet.class.getProtectionDomain().getCodeSource().getLocation();
    if(appletUrl.toString().equalsIgnoreCase(safeAppletUrl) == false)
       return false;
    
  • Verifying the base URL from which the applet was run.

    URL documentUrl = this.getDocumentBase(); 
    if(documentUrl.toString().equalsIgnoreCase(safeDocumentUrl) == false)
       return false;
    
hishadow