The following applet is compiled and packed into jar which is then signed with a self-signed cert.
import java.applet.Applet;
import java.io.File;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
public class Test extends Applet {
private static final long serialVersionUID = -3127185193501384816L;
private final class DirectoryLister implements PrivilegedAction<File[]> {
private final String attachmentsFolder;
private DirectoryLister(String attachmentsFolder) {
this.attachmentsFolder = attachmentsFolder;
}
public File[] run() {
return new File(attachmentsFolder).listFiles();
}
}
public File[] getFiles() throws PrivilegedActionException {
String attachmentsFolder = getParameter("attachmentsFolder");
if (attachmentsFolder != null) {
return AccessController.doPrivileged(new DirectoryLister(
attachmentsFolder));
}
return null;
}
}
Applet is instantiated as follows:
<applet id="applet"
code="Test"
archive="applet.jar">
<param name="attachmentsFolder"
value="c:/test" />
</applet>
Applet is used as follows:
var files = applet.getFiles();
for (var file in files) {
// Do something to file.
}
The ff. error is encountered:
java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
... 4 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission c:\test read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.list(Unknown Source)
at java.io.File.listFiles(Unknown Source)
at Test$DirectoryLister.run(Test.java:20)
at Test$DirectoryLister.run(Test.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at Test.getFiles(Test.java:28)
... 14 more
Which leads me to ask if I still need to explicitly grant perms in one of the config files in the Java home directory to read c:/test? If so, can anyone point me to a guide on how to do this?