Trouble writing file from within a java applet

Question

Hello, I have created simple Java class to test file writes from applets:
update appeared

public class localfile extends Applet{
public localfile(){
    try {
        File f = new File("testfile.txt");
        BufferedWriter out = new BufferedWriter(new FileWriter(f,true));
        out.write("test");
        out.close();
    }
    catch(Exception x)
       System.err.println(x.toString());
   }
}

I have created and signed jar:

jar cvf localfile.jar localfile.java
jarsigner localfile.jar yourkey

html looks like: <applet code="localfile.class" archive="localfile.jar", width=300, height=600>

The error I get every time I run this applet is:

java.lang.SecurityException: trusted loader attempted to load sandboxed resource from file:/home/w/test/
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(CPCallbackHandler.java:308)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(CPCallbackHandler.java:121)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(CPCallbackHandler.java:473)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Plugin2ClassLoader.java:701)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Applet2ClassLoader.java:206)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Plugin2ClassLoader.java:520)
at sun.plugin2.applet.Plugin2Manager.createApplet(Plugin2Manager.java:2940)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1444)
at java.lang.Thread.run(Thread.java:619)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from file:/home/w/test/

What is strange: I have created similar applet to read files and it works ok.

Any thoughts?

---

I was running this applet on both browser and applet viewer. What is strange given applet doesn't work on applet viewer and throws exception, but on browser it is fine.

java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:725)
at localfile.<init>(localfile.java:15)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:785)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:714)
at sun.applet.AppletPanel.run(AppletPanel.java:368)
at java.lang.Thread.run(Thread.java:619)

So, beside this strange behaviour I consider my problem solved. Thanks everyone:)

Answer 1

Did you provide a policy to allow reading files from the filesystem?

Seems that you only signed the jar but didn't use policytool.

Answer 2

http://java.sun.com/docs/books/tutorial/security/tour1/step2.html

This should help you out with creating the policy file and associating with your code base

Answer 3

With some finagling, you can include a policy file in a jar. Refer to the SO question jar policy file for more information.

Otherwise, consider making a Java WebStart application, which can read/write files more easily.

Answer 4

I believe your problem is that directory including the file you are trying to load is within the codebase where class files and application resources are looked up. So, you end up mixing trusted and untrusted resources, which is not secure. If the applet is hosted on an http, or better https, server then the issue doesn't arise for files.

Note you can use the JNLP APIs for applets to "open" or write files through a file dialog.

Your resource handling leaves the file open in the case of exceptions. Resource handling should be written in the style:

Resource resource = acquire();
try {
     use(resource);
} finally {
     resource.release();
}

In your specific case:

final FileOutputStream rawOut = new FileOutputStream(file);
try {
    ...
    out.flush();
} finally {
    rawOut.close();
}