---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- I'm having a bit of a security problem when I try to contact a servlet from a Java class running in a VRML Script node. I'm using some Client-Servlet code i've used before with applets. I've adopted the Client part of this code to working as a Script object instead of as an Applet. Basically, the VRML scene ROUTEs a TouchSensor to the Script node, which is my Java Client class. The client does a little parsing, and then sends the information about the mouse click to my Servlet. (Specifically, the Client uses HTTP Tunnelling to send a Serialized Java object to the Servlet.) The Servlet does something with this info, and sends back a reply Object of some kind. (Ultimately, the servlet will query a database for information about the location where the mouse click occurred and send back the results of the query.) Unfortunately, I get a strange problem. First of all, the Servlet logs show that it never receives anything (specifically, it's doPost method is never called, nor does it initialize). Second of all, my Client has no complaints about opening an Output stream to my servlet, and believes that it has successfully written an Object to that stream; but as soon as I try to open an input Stream, it throws a Security Exception. The security exception I get is what I would expect if I were using an applet and having it contact a server other than the one from which it originated. In this case though, the server I am contacing is the same one that the Script/Client class came from. I've tried running my client as a standalone, sending a faked mouse click to my servlet, and things work fine then. I've tested my server setup (Apache 1.3.9 with JServ 1.1) using my old CLient-Servlet applet, and that seems to be in order. So, there's something odd going on with the Security of a Script. Has anyone run into this before? Here is the relevant code from my Client: /** * Submits the a mouse click to the GeoServlet for processing. */ protected synchronized void submitMouseClick(Vector click) { URL server = null; URLConnection con; ObjectOutputStream req = null; ObjectInputStream res = null; Object result = null; try { server = new URL (servletLocation); System.out.println("Client trying: "+server); } catch (MalformedURLException ex) { System.out.println("Client problem with URL"); ex.printStackTrace (); } try { con = server.openConnection (); con.setDoOutput (true); req = new ObjectOutputStream (new BufferedOutputStream (con.getOutputStream ())); req.writeObject (click); req.flush (); req.close (); try{ con.setDoInput(true); }catch (Exception e) { e.printStackTrace(); } try{ res = new ObjectInputStream (new BufferedInputStream (con.getInputStream ())); }catch (Exception e) { e.printStackTrace(); } result = res.readObject (); if(result.equals(null)) { System.out.println("Result was null"); result = "null"; } } catch (IOException ignored) { System.out.println("IOException: "); ignored.printStackTrace (); } catch (ClassNotFoundException ex) { System.out.println("ClassNotFoundException: "); ex.printStackTrace (); } finally { try { res.close (); } catch (IOException ex) {} } String[] rep = {(String)result}; reply = new MFString(rep); System.out.println("result was: " + reply); } I introduced the additional try/catch methods within the one that catches the IOException and ClassNotFoundException so that I could see the StackTrace of the security exception (which I get when I try to create the ObjectInputStream.) The SecurityException StackTrace looks like: java.lang.SecurityException at java.lang.Throwable.<init>(Compiled Code) at java.lang.Exception.<init>(Compiled Code) at java.lang.RuntimeException.<init>(Compiled Code) at java.lang.SecurityException.<init>(Compiled Code) at java.lang.ClassLoader.getCodeBase(Compiled Code) at netscape.security.AppletSecurity.checkURLConnect(Compiled Code) at java.lang.SecurityManager.checkURLConnect(Compiled Code) at netscape.net.URLConnection.connect(Compiled Code) * at netscape.net.URLConnection.getInputStream(Compiled Code) at GeoClient.submitMouseClick(Compiled Code) at GeoClient.processEvent(Compiled Code) at vrml.node.Script.processEvents(Compiled Code) thanks! john -- John Brecht SRI International Center for Technology in Learning 333 Ravenswood Avenue Menlo Park, CA 94025 650-859-2325 (voice) 650-859-3673 (fax) [EMAIL PROTECTED] -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]
