Re: Axis and Applet coexistence?

[Bjørn Magnus Mathisen]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> firstly i have two questions, what is "Job Console" and how does >> one sign a applet? > > > This is usually an add-on to a browser. For Firefox you can > download it toos-->Downloads and it will allow you to see the > output of an applet whille it runs on the browser. For signing, > check the keytool and jarsigner tools that come with your jdk, they > will allow you to play with a certificate and then sign your > applet. > >> On another note, im working on this from a different angle, im >> going to hack org.apache.axis.components.logger.LogFactory to not >> do a "doPrivileged" and also hack it to simply return a fake >> implementation of org.apache.commons.logging.Log, just in case >> Log actually needs the doPrivileged thing. > > > Well, this will only solve part of the problem I believe, because > as you will realize after you hack the LogFactory, there are a lot > of permissions that the axis library needs to run in an Applet. For > testing just sign your applet and write a simple SecurityManager > that will grant all permissions. > > --Luis R. > do you have any examples on how to write a simple SecurityManager that garnts all permissions, and how to make my apple/axisclient use it? any examples/urls/tips would be of great help :) regards Bjørn Magnus Mathisen >> >> as many of you will notice, i have no clue about privileged >> actions or why they are used, but this is not my main target, i >> am simply trying to get this to work so that i can test something >> else:) >> >> regards Bjørn Magnus Mathisen Telenor ASA R&D >> >> Luis Rivera wrote: >>> Hi, >>> >>> Well, now I found out that I had a bad certificate and a bad >>> configuration or instalation of the Job Console. After >>> generating a new certificate and reinstalling my browser I >>> found out that signing the applet and using the All Permited >>> Seucrity Manager allows it to work "without the custom security >>> policy file". You still need to security manager, which is not >>> exactly good and I am still hoping that this temporal >>> solutions is acceptable for the clients of out WS. >>> >>> Still, I am going to rebuild axis to see if I can get rid of >>> the logger dependencies that create so much problems for >>> applets. Of course, if somebody knows an easier way or a >>> shortcut, let me know :). >>> >>> --Luis R. >>> >>>> From: Bjørn Magnus Mathisen <[EMAIL PROTECTED]> Reply-To: >>>> axis-user@ws.apache.org To: axis-user@ws.apache.org Subject: >>>> Re: Axis and Applet coexistence? Date: Thu, 14 Jul 2005 >>>> 12:34:38 +0200 >>>> >> >>> hi >>> >>> i'm currently working on a project heading in the same >>> direction; a applet running axis-osgi client SOAP calls. i >>> would be really interested in a source patch or something >>> alike, if you get this working :) >>> >>> regards Bjørn Magnus Mathisen Telenor ASA R&D >>> >>> Luis Rivera wrote: >>> >>>> Thanks for the reply. I actually did. Using the allow all >>>> custom security manager that only overrides those two methods >>>> work fine when the applet is allowed to set a new security >>>> manager. But that's the problem, to allow the applet to do >>>> this I still have to add a couple of lines to the policy file >>>> or use a new one that has those permissions and is loaded >>>> when the applet is loaded too. >>> >>>> I know that should not be a problem if I had complete control >>>> of what I can install and modify in the client. But in our >>>> case, I have been told that's a no no, I have to make and >>>> break axis to let it work in the sandbox What I don't >>>> understand is why not to alow an option in axis to prevent it >>>> from doing things like createClassLoader and that kind of >>>> stuff that is just prohibited in an applet. It works >>>> beautifully outside of the applet, no problem (ok, after >>>> loading and deploying the right stuff in the right place). >>> >>>> Now I have to make it work in an applet, because the >>>> alternative cost $2000 bucks per client, so I have to make it >>>> work. If any of you have any advise that will make my task >>>> easier, I will greatly appreciate it :). >>> >>>> Thanks again, --Luis R. >>> >>> >>>>> From: "Baker, Jay" <[EMAIL PROTECTED]> Reply-To: >>>>> axis-user@ws.apache.org To: <axis-user@ws.apache.org> >>>>> Subject: RE: Axis and Applet coexistence? Date: Wed, 13 Jul >>>>> 2005 16:43:48 -0500 >>> >>>>> Yeah, I don't think the sandbox is going to go for that. >>>>> I'm pretty sure that you can't give a policy file to your >>>>> client in an applet. >>> >>>>> Did you override #checkPermission (both methods - it is >>>>> overloaded) with a no-op? That's what worked for us ... >>>>> along with the signing of course. >>> >>>>> -----Original Message----- From: Luis Rivera >>>>> [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 13, >>>>> 2005 4:04 PM To: axis-user@ws.apache.org Subject: RE: Axis >>>>> and Applet coexistence? >>> >>> >>> >>>>> Hi, >>> >>>>> Well, it seems that with a custom security manager I still >>>>> have the problem of having to modify the security policy >>>>> file to allow the applet to use the new security manager. >>>>> However, in my case I don't think I can go into each axis >>>>> client's machine to install this new file. >>> >>>>> So, I want to ship it (custom policy file) with the cient >>>>> jar file and if possible upload it along the applet when it >>>>> is loaded by the browser. However I don't know how to do >>>>> this, or even if it is possible. It is possible to pass the >>>>> policy file as a parameters to the appletviewer, but how >>>>> do you pass it when it is loaded by the browser each time >>>>> the applet is loaded? >>> >>>>> Thansk in advance for any help, --Luis R. >>> >>>>>> From: "Baker, Jay" <[EMAIL PROTECTED]> Reply-To: >>>>>> axis-user@ws.apache.org To: <axis-user@ws.apache.org> >>>>>> Subject: RE: Axis and Applet coexistence? Date: Mon, 11 >>>>>> Jul 2005 17:24:50 -0500 >>>>>> >>>>>> That's what we did. We installed a custom security >>>>>> manager that >>>>>> >>>>> just grants >>>>>> access to all. YOu might run into other issues, but the >>>>>> sandbox >>>>>> >>>>> end of >>>>>> things should be solvable with this kind of an approach. >>>>>> >>>>>> -----Original Message----- From: Luis Rivera >>>>>> [mailto:[EMAIL PROTECTED]] Sent: Monday, July 11, 2005 >>>>>> 5:21 PM To: axis-user@ws.apache.org Subject: Axis and >>>>>> Applet coexistence? >>>>>> >>>>>> >>>>>> Hi all, >>>>>> >>>>>> I have been reading the posts regarding applets and axis. >>>>>> It looks >>>>> like >>>>>> there is a solution but I am not sure I understand how. I >>>>>> have a >>>>> signed >>>>>> applet and I even unpacked all the library jars files >>>>>> into a >>>>> single huge >>>>>> jar file, which I signed and I am using to start the >>>>>> applet. However, the LogFactory created by the Logging >>>>>> mechanisms is breaking the >>>>> applet ... >>>>>> seems like I need to either hack the library or to use a >>>>>> new security policy? ... would it be enough to use a >>>>>> custom security manager? >>>>>> >>>>>> Thanks in advance, --Luis R. >>>>>> >>>>>> _________________________________________________________________ >>>>>> FREE pop-up blocking with the new MSN Toolbar - get it >>>>>> now! >>>>>> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ >>>>>> >>>>>> >>>>>> >>>>>> >>> >>>>> _________________________________________________________________ >>>>> Express yourself instantly with MSN Messenger! Download >>>>> today - it's FREE! >>>>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>>>> >>>>> >>>>> >>> >>> >>>> _________________________________________________________________ >>>> On the road to retirement? Check out MSN Life Events for >>>> advice on how to get there! >>>> http://lifeevents.msn.com/category.aspx?cid=Retirement >>> >>> >>>> >> >>> _________________________________________________________________ >>> Don?t just search. Find. Check out the new MSN Search! >>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/ >> >> >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) >> Comment: Using GnuPG with Thunderbird - >> http://enigmail.mozdev.org >> >> iD8DBQFC23v9QRm7yJAC45gRAs/+AJ9m/Eblwi0ksJ513pbz/IaXWcm4VgCgjNiO >> 2TEIVz2mpq6YovevNTnK7eI= =w21p -----END PGP SIGNATURE----- >> > > _________________________________________________________________ > Is your PC infected? Get a FREE online computer virus scan from > McAfee® Security. > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC3KFGQRm7yJAC45gRAnL1AJ9Omq8F1HFUEko474EnTHNUoKZxdACgyBrD fRoDQCrHoepMjHHzOWWRZg4= =0W98 -----END PGP SIGNATURE-----