JNLP file services denied access to local files
-
12-10-2022 - |
Question
I am trying to write a small java applet to read user browsing history. Thus all I need to do is to read files on the user's local filesystem.
I haven't succeeded in it though. When I try to use JNLP API's ExtendedService openFile(), the getInputStream() fails with an IOException. I tried to use the FileOpenService openFileDialog(), but when the dialog opens, directories appear either empty, or with a non-accessible icon.
Screenprints here : http://timewitnesser.com/publisher/screenshot1.png and here http://timewitnesser.com/publisher/screenshot2.png
Some details on how I built and deployed it : I basically followed Java applet's deployment guidelines here : docs.oracle.com/javase/tutorial/deployment/applet/deployingApplet.html
I used a jnlp file to launch the applet. I tried both with security set to all-permissions or not specified. Here's the code of jnlp file :
<?xml version="1.0" encoding="UTF-8"?> <jnlp spec="1.0+" codebase="" href=""> <information> <title>History Reader</title> <vendor>QualityWeb</vendor> </information> <resources> <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se" /> <jar href="HistoryReaderApplet.jar" main="true" /> </resources> <security> <all-permissions/> </security> <applet-desc name="History Reader Applet" main-class="historyreaderapplet.HistoryReaderApplet" width="300" height="300"> </applet-desc> <update check="background"/> </jnlp>
In my html page, I launch it with this code :
<script src="https://www.java.com/js/deployJava.js"></script> <script> var attributes = { code:'historyreaderapplet.HistoryReaderApplet', width:300, height:300} ; var parameters = {jnlp_href: 'historyreader_applet.jnlp'} ; deployJava.runApplet(attributes, parameters, '1.7'); </script>
I build the jar using the jar command, including a manifest in which I specify the 3 lines mentioned in the java guidelines, including the "Permission one". The command I use is
jar cvfm HistoryReaderApplet.jar mymanifest.txt historyreaderapplet
- I sign the jar using jarsigner, although I have generated my keys myself with keytool, I don't have a certificate signed by a certificate authority
- I have even tried to set my local java machine security settings to medium and I have added my domain to the list of trusted domains.
- I have tried both running the page from a local server, and uploading to a remote server
- When I run the page, it prompts with an authorization box, where I allow the app. When I run in sandbox mode, when it reaches the fileopendialog thing, it prompts me again for whether I want to authorize the app to read and write on local file system, which I do. But then even with all these confirmations, it doesn't work.
Any idea what could be the problem?
EDIT : Here is the report from Janela, I included only the red parts :
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security'. One of '{resources, application-desc, applet-desc, component-desc, installer-desc}' is expected.
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security'. One of '{resources, application-desc, applet-desc, component-desc, installer-desc}' is expected.
Codebase '' is a malformed URL! Defaulting to http://timewitnesser.com/publisher/historyreader_applet.jnlp
Codebase '' is a malformed URL! Defaulting to http://timewitnesser.com/publisher/historyreader_applet.jnlp
Codebase '' is a malformed URL! Defaulting to http://timewitnesser.com/publisher/historyreader_applet.jnlp
Codebase '' is a malformed URL! Defaulting to http://timewitnesser.com/publisher/historyreader_applet.jnlp
It seems to me that the first lines could be the reason, but I don't understand them. Isn't the "security" tag supposed to be direct child of the jnlp tag ?
No correct solution