Hi,
I am having a problem in using Security(JCE) packages in an Applet. I am
using IE and TomCat5.0 for deployment.
The same piece of code(reproduced below) run as a Java Application in
Eclipse works fine.
However, when the same applet is loaded through a .jsp page in IE, the
following exception is thrown -
java.security.AccessControlException: access denied
(java.security.SecurityPermission insertProvider.SunJCE)
at
java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkSecurityAccess(Unknown
Source)
at
sun.plugin.security.ActivatorSecurityManager.checkSecurityAccess(Unknown
Source)
at java.security.Security.check(Unknown Source)
at java.security.Security.insertProviderAt(Unknown Source)
at java.security.Security.addProvider(Unknown Source)
at
ClientSecurity.ClientMD5Digest.base64hashString(ClientMD5Digest.java:44)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown
Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown
Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native
Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.Exception: java.security.AccessControlException: access denied
(java.security.SecurityPermission insertProvider.SunJCE)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native
Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
The relevant piece of code resulting in this exception is -
https://mytestapp.com/MyServletContainer/index.jsp makes a call to the
Applet as follows -
newtext = HashUtil.base64hashString(TxnXml);
The applet is defined as follows -
<applet name="HashUtil" code="ClientSecurity.ClientMD5Digest.class"
archive="base64.jar" width="0" height="0" alt="" ></applet>
The applet code is as follows -
public static String base64hashString(String in_str)
{
System.out.println("Loading com.sun.* package class");
Security.addProvider(new com.sun.crypto.provider.SunJCE());
String s = "";
try {
in_str = in_str.toUpperCase();
MessageDigest m =
MessageDigest.getInstance(hash_method);
byte[] encDigest =
encryptDigest(m.digest(in_str.getBytes()));
//s = Base64.encode(m.digest(in_str.getBytes()));
s = Base64.encode(encDigest);
} catch(Exception e){
e.printStackTrace();
}
return s;
}
private static byte[] encryptDigest(byte[] toBeEncrypted) {
byte[] ret_array = null;
try {
Cipher l_cipher = Cipher.getInstance(enc_algorithm);
SecretKeySpec skspec = new SecretKeySpec(seed,
enc_algorithm);
l_cipher.init(Cipher.ENCRYPT_MODE, skspec);
ret_array = l_cipher.doFinal(toBeEncrypted);
l_cipher = null;
skspec = null;
} catch (Exception e) {
e.printStackTrace();
}
return ret_array;
}
I have added the SecurityPermission entries for InsertProvider.SunJCE
etc in the server.policy file as suggested in some google results.
Nothing seem to work.....Any help would be greatly
appreciated......fast......
Regards,
Rakesh.
