I'm talking about the policy on the client. It is this policy file that dictates what the applet can and cannot do. One of the permissions it grants or denies is the connecting to a socket. (It also allows the user to grant permissions to access files and do others things as well)
By default the applet (or anything which uses the policy) has very restrictive permissions (for example, it can only connect back to the web server that the classes were downloaded from). To allow an applet to do things like open a socket to an arbitrary machine, the manager of the policy (ie. the user) must grant this permission in the policy file. Perhaps you should consider having a servlet provide a facade to your ejbs. The applet can post to the servlet without any policy changes. The servlet can then handle the request, perform any initial validation, and access the ejbs. On Wednesday 27 March 2002 03:23 am, Anatole Kulick wrote: > Hi Richard, > > >>The default policy file does not allow an applet to do much more than > >> > >> >>open a connection the web server the class was downloaded from. If > >> >>you need to do anything else (like open a connection to an EJB) then > >> >>the client will have to change their policy. There is no way round > >> >>this - If there were, it would > >> > >>defy the whole point of the policy which is to prevent untrusted code > >> > >> >>from doing anything potentially damaging. > > Which policy file you are talking about? On the server or on the client? > I understand about server. But why I have to change policy file on the > client? Applet do not access any files on the client. > > >The next best thing would be to have an installer that the client can > >download and run. This could update the policy file to whatever you > > wanted. > > My client don't want any players on his machine. Otherwise I would use > application+webstart. > Thanks > Anatole > > > From: "Richard S.Martin" <[EMAIL PROTECTED]> > > >To: "Anatole Kulick" <[EMAIL PROTECTED]> > >Subject: Re: Applet & JMS security > >Date: Tue, 26 Mar 2002 10:23:57 +0000 > > > >The default policy file does not allow an applet to do much more than open > >a > >connection the web server the class was downloaded from. If you need to do > >anything else (like open a connection to an EJB) then the client will have > >to > >change their policy. There is no way round this - If there were, it would > >defy the whole point of the policy which is to prevent untrusted code from > >doing anything potentially damaging. > > > >The next best thing would be to have an installer that the client can > >download and run. This could update the policy file to whatever you > > wanted. > > > >On Saturday 23 March 2002 18:09 pm, you wrote: > > > Hi all! > > > > > > I developed an applet which allows communications between clients using > > > >JMS > > > > > in J2EE environment. Everything works fine, but to my surprise every > > > >client > > > > > have to change his .java.policy file. Why? My applet is in a sandbox. > > > Apparently JMS vendors are doing this and I tried several. How to avoid > > > changing policy files on the client side? Any JMS experts here? I > > > guess the same thing will happen when applet will call EJB. Thanks. > > > > > > Anatole > > > > > > _________________________________________________________________ > > > MSN Photos is the easiest way to share and print your photos: > > > http://photos.msn.com/support/worldwide.aspx > > > >========================================================================== > >= > > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > > > >body > > > > > of the message "signoff EJB-INTEREST". For general help, send email to > > > [EMAIL PROTECTED] and include in the body of the message "help". > > > >========================================================================== > >==== This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they are > > addressed. All information is the view of the individual and not > > necessarily the company. If you are not the intended recipient you are > > hereby notified that any dissemination, distribution, or copying of this > > communication and its attachments is strictly prohibited. If you have > > received this email in error please notify: > >[EMAIL PROTECTED] > > > > > >========================================================================== > >==== > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > =========================================================================== > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff EJB-INTEREST". For general help, send email to > [EMAIL PROTECTED] and include in the body of the message "help". ============================================================================== This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. All information is the view of the individual and not necessarily the company. If you are not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication and its attachments is strictly prohibited. If you have received this email in error please notify: [EMAIL PROTECTED] ============================================================================== =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
