Hi Rakesh, I suppose this statement is not allowed in the default sand box:
Security.addProvider(new com.sun.crypto.provider.SunJCE()); Maybe you can singature your jar to expand your applet's privilege. Regards, Jerry 2005/11/21, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Hi, > > > > I am having a problem in using Security(JCE) packages in an Applet. I am > using IE and TomCat5.0 for deployment. > > > > The same piece of code(reproduced below) run as a Java Application in > Eclipse works fine. > > > > However, when the same applet is loaded through a .jsp page in IE, the > following exception is thrown - > > > > > > java.security.AccessControlException: access denied > (java.security.SecurityPermission insertProvider.SunJCE) > > at > java.security.AccessControlContext.checkPermission(Unknown Source) > > at java.security.AccessController.checkPermission(Unknown > Source) > > at java.lang.SecurityManager.checkPermission(Unknown Source) > > at java.lang.SecurityManager.checkSecurityAccess(Unknown > Source) > > at > sun.plugin.security.ActivatorSecurityManager.checkSecurityAccess(Unknown > Source) > > at java.security.Security.check(Unknown Source) > > at java.security.Security.insertProviderAt(Unknown Source) > > at java.security.Security.addProvider(Unknown Source) > > at > ClientSecurity.ClientMD5Digest.base64hashString(ClientMD5Digest.java:44) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown > Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown > Source) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown > Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at sun.plugin.javascript.JSClassLoader.invoke(Unknown > Source) > > at sun.plugin.com.MethodDispatcher.invoke(Unknown Source) > > at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source) > > at sun.plugin.com.DispatchImpl$1.run(Unknown Source) > > at java.security.AccessController.doPrivileged(Native > Method) > > at sun.plugin.com.DispatchImpl.invoke(Unknown Source) > > java.lang.Exception: java.security.AccessControlException: access denied > (java.security.SecurityPermission insertProvider.SunJCE) > > at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source) > > at sun.plugin.com.DispatchImpl$1.run(Unknown Source) > > at java.security.AccessController.doPrivileged(Native > Method) > > at sun.plugin.com.DispatchImpl.invoke(Unknown Source) > > > > The relevant piece of code resulting in this exception is - > > > > https://mytestapp.com/MyServletContainer/index.jsp makes a call to the > Applet as follows - > > > > newtext = HashUtil.base64hashString(TxnXml); > > > > The applet is defined as follows - > > > > <applet name="HashUtil" code="ClientSecurity.ClientMD5Digest.class" > > archive="base64.jar" width="0" height="0" alt="" ></applet> > > > > > > The applet code is as follows - > > > > public static String base64hashString(String in_str) > > { > > System.out.println("Loading com.sun.* package class"); > > Security.addProvider(new com.sun.crypto.provider.SunJCE()); > > > > String s = ""; > > try { > > in_str = in_str.toUpperCase(); > > > > MessageDigest m = > MessageDigest.getInstance(hash_method); > > byte[] encDigest = > encryptDigest(m.digest(in_str.getBytes())); > > > > //s = Base64.encode(m.digest(in_str.getBytes())); > > s = Base64.encode(encDigest); > > > > } catch(Exception e){ > > e.printStackTrace(); > > } > > > > return s; > > } > > > > > > private static byte[] encryptDigest(byte[] toBeEncrypted) { > > byte[] ret_array = null; > > try { > > Cipher l_cipher = Cipher.getInstance(enc_algorithm); > > SecretKeySpec skspec = new SecretKeySpec(seed, > enc_algorithm); > > l_cipher.init(Cipher.ENCRYPT_MODE, skspec); > > ret_array = l_cipher.doFinal(toBeEncrypted); > > l_cipher = null; > > skspec = null; > > > > } catch (Exception e) { > > e.printStackTrace(); > > } > > return ret_array; > > } > > > > I have added the SecurityPermission entries for InsertProvider.SunJCE > etc in the server.policy file as suggested in some google results. > > > > Nothing seem to work.....Any help would be greatly > appreciated......fast...... > > > > Regards, > > Rakesh. > > >
