Java Applet AccessControlException: access denied (SocketPermission) - WHERE do I put the fix?

Question

All right, so I've got an applet I'm trying to embed into an HTML page and it's throwing:

AccessControlException: access denied (java.net.SocketPermission someTarget connect, resolve)

This is fine; I know that the fix for this is either:

grant {
   permission java.net.SocketPermission "someTarget", "connect, resolve";
};

Or

SocketPermission p1= new SocketPermission("someTarget", "connect,resolve");

What I want to know is this: Which of these two things do I need, and where in my code should I put this?

Answer 1

I suggest to connect back to the same host from which the applet was downloaded, this is allowed by Java security manager. The host should be exactly the same. Editing permission policy file will get you nowhere, since you will have to do it on every computer where you want the applet to run

Answer 2

The simplest fix is to sign the applet.

Answer 3

As mentioned by EJP, the way to gain trust is to digitally sign the code. See Signing and Verifying JAR Files for more details.

It is impractical to deploy policy files to the end user machine for an applet coming off the internet. When it comes to a network of machines all controlled by you, the question then becomes - why not just use a JWS app.? The JWS app. would still need to be digitally signed (or use a policy file), but would also be easier to develop & deploy.

Note that 'gaining trust' is not something that requires any changes in the code. Instead, the code needs to be signed by you, and trusted by he end user when prompted. The only 'gotcha' that comes to mind is that if an applet method is called using JS, it then becomes untrusted unless you make some code tweaks.