Sorry Richard, I totally disagree with you. Why a client have to give security permissions to an applet residing on the server to access the same server. I wrote in the past an applet which talked to a J2EE server thru sockets, no problems. I is JMS server which gives me a problem. I'm using a servlet as a facade to an applet to perform security routines, but I'm making JMS calls in an applet. Alternative, making JMS calls in a servlet and call applet each time, will make all this thing very slow, I think.
>From: "Richard S.Martin" <[EMAIL PROTECTED]> >Reply-To: "Richard S.Martin" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: Applet & JMS security >Date: Wed, 27 Mar 2002 12:22:47 +0000 > >I'm talking about the policy on the client. It is this policy file that >dictates what the applet can and cannot do. One of the permissions it >grants >or denies is the connecting to a socket. (It also allows the user to grant >permissions to access files and do others things as well) > >By default the applet (or anything which uses the policy) has very >restrictive permissions (for example, it can only connect back to the web >server that the classes were downloaded from). To allow an applet to do >things like open a socket to an arbitrary machine, the manager of the >policy >(ie. the user) must grant this permission in the policy file. > >Perhaps you should consider having a servlet provide a facade to your ejbs. >The applet can post to the servlet without any policy changes. The servlet >can then handle the request, perform any initial validation, and access the >ejbs. > > >On Wednesday 27 March 2002 03:23 am, Anatole Kulick wrote: > > Hi Richard, > > > > >>The default policy file does not allow an applet to do much more than > > >> > > >> >>open a connection the web server the class was downloaded from. If > > >> >>you need to do anything else (like open a connection to an EJB) >then > > >> >>the client will have to change their policy. There is no way round > > >> >>this - If there were, it would > > >> > > >>defy the whole point of the policy which is to prevent untrusted code > > >> > > >> >>from doing anything potentially damaging. > > > > Which policy file you are talking about? On the server or on the client? > > I understand about server. But why I have to change policy file on the > > client? Applet do not access any files on the client. > > > > >The next best thing would be to have an installer that the client can > > >download and run. This could update the policy file to whatever you > > > wanted. > > > > My client don't want any players on his machine. Otherwise I would use > > application+webstart. > > Thanks > > Anatole > > > > > > From: "Richard S.Martin" <[EMAIL PROTECTED]> > > > > >To: "Anatole Kulick" <[EMAIL PROTECTED]> > > >Subject: Re: Applet & JMS security > > >Date: Tue, 26 Mar 2002 10:23:57 +0000 > > > > > >The default policy file does not allow an applet to do much more than >open > > >a > > >connection the web server the class was downloaded from. If you need to >do > > >anything else (like open a connection to an EJB) then the client will >have > > >to > > >change their policy. There is no way round this - If there were, it >would > > >defy the whole point of the policy which is to prevent untrusted code >from > > >doing anything potentially damaging. > > > > > >The next best thing would be to have an installer that the client can > > >download and run. This could update the policy file to whatever you > > > wanted. > > > > > >On Saturday 23 March 2002 18:09 pm, you wrote: > > > > Hi all! > > > > > > > > I developed an applet which allows communications between clients >using > > > > > >JMS > > > > > > > in J2EE environment. Everything works fine, but to my surprise every > > > > > >client > > > > > > > have to change his .java.policy file. Why? My applet is in a >sandbox. > > > > Apparently JMS vendors are doing this and I tried several. How to >avoid > > > > changing policy files on the client side? Any JMS experts here? I > > > > guess the same thing will happen when applet will call EJB. Thanks. > > > > > > > > Anatole > > > > > > > > _________________________________________________________________ > > > > MSN Photos is the easiest way to share and print your photos: > > > > http://photos.msn.com/support/worldwide.aspx > > > > > > >========================================================================== > > >= > > > > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in >the > > > > > >body > > > > > > > of the message "signoff EJB-INTEREST". For general help, send email >to > > > > [EMAIL PROTECTED] and include in the body of the message "help". > > > > > > >========================================================================== > > >==== This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they >are > > > addressed. All information is the view of the individual and not > > > necessarily the company. If you are not the intended recipient you are > > > hereby notified that any dissemination, distribution, or copying of >this > > > communication and its attachments is strictly prohibited. If you have > > > received this email in error please notify: > > >[EMAIL PROTECTED] > > > > > > > > > >========================================================================== > > >==== > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp. > > > > >=========================================================================== > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the >body > > of the message "signoff EJB-INTEREST". For general help, send email to > > [EMAIL PROTECTED] and include in the body of the message "help". > >============================================================================== >This email and any files transmitted with it are confidential and intended >solely for the use of the individual or entity to whom they are addressed. >All information is the view of the individual and not necessarily the >company. If you are not the intended recipient you are hereby notified that >any dissemination, distribution, or copying of this communication and its >attachments is strictly prohibited. If you have received this email in >error please notify: >[EMAIL PROTECTED] > > >============================================================================== > >=========================================================================== >To unsubscribe, send email to [EMAIL PROTECTED] and include in the body >of the message "signoff EJB-INTEREST". For general help, send email to >[EMAIL PROTECTED] and include in the body of the message "help". > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
