1.  Home
  2. JAVA400-L
  3. July 2008

Re: using jt400 in a java applet

Mike Cunningham wrote:
Has anyone ever used the IBM supplied jt400.jar in a java applet application that is sent to the client and executed from the PC? I have a java application that will run from my PC but when I deploy it as an applet it fails with a permissions error. It is acting like the jt400.jar files is trying to run outside the JRE and is being denied permission.

Error Message: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)

Your vendor ought to be helping you with this, but I can point you in the right direction. Basically, the JT400 code is trying to use reflection to access something it normally wouldn't be able to access using the setAccessible method. I haven't looked at that code in some time, so I don't know why it's doing it, but generally that requires some pretty good security access.

As of JDK1.2, if you have a security manager installed and don't have a security policy in place, you will get exactly this message. This usually isn't an issue, because in most cases people don't have a security manager installed. However, applets by definition run with a security manager; in fact, that's pretty much what it was designed for - to protect client computers from rogue code. This is what is called the applet "sandbox".

So you need to circumvent the sandbox. AFAIK, you can do this by either using a signed applet as Paul suggested, or you can put a java.policy file in your JRE security folder. The latter needs to be done on every machine using the applet.

I'll try to stay off my sandbox, but generally speaking applet technology is being replaced by AJAX. Between the powerful UI provided by the new JavaScript frameworks and the fact that you can get data in small chunks from the server using AJAX, there are far fewer situations where downloading actual Java applications is required.

On the other side of the coin, Sun just announced a major upgrade in applet technology in which applets take advantage of Sun's Java Web Start technology. I don't know if your vendor is aware of this new technology; if so, it makes applets a more viable alternative, although I sense this is really Sun's response to JavaScript, since it's the first major change to applets in a decade.

Anyway, enough editorializing. I think your best bet is signing your applets, although if you have complete control over all your client PCs, a java policy file is a possibility.

Joe

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.