Accessing privileged methods in a Java Applet via JavaScript

Posted by Dan on Feb 19, 2008 @ 9:58 AM

I've been working on a Java applet that can get images from the user's clipboard or take screenshots of the user's desktop and upload them to a server via HTTP. The last piece of the puzzle was to make sure I could access the task methods via JavaScript, as the interface will most likely be driven by HTML.

I've been using a self-signed cert to sign the Java Applet so that I can access the user's clipboard and take the screenshot. All of this was tested and working extremely well from if I used the Applet UI. However, as soon as I would try to invoke one of the sandboxed functions from JavaScript the applet started throwing the error:

AccessControlException is thrown: access denied (java.awt.AWTPermission accessClipboard)

I tried a number of things to get around this problem. I thought it was something I was doing wrong when I was signing the applet (since it was working fine from within the Applet's built-in UI controls.) After playing around with the cert signing process and getting no where, I finally came across the post JavaScripting in Applets - Getting Out of the Sandbox where a comment from Stéphane Bury pointed me to a solution.

public static void doSpecialWork(String param1){
    final String fParam1 = param1;
    java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() {
        public Object run() {
            // put the code of your method here
            ...
            ...
            return "";
        }
    });
}

My final solution was to write a command() method which I can use to trigger off the internal privileged methods:

/**
 * The method to invoke from JS to perform the privileged methods--which throw
 * security errors if you try to access them directly.
 *
 * @param command - the command you want to perform (clipboard, screenshot, upload)
 */
public void command(String command){
    final String cmd = command;

    java.security.AccessController.doPrivileged(
        new java.security.PrivilegedAction(){
            public Object run() {
                // execute the privileged command
                executeCommand(cmd);
                // we must return an object, so we'll return an empty string
                return "";
            }
        }
    );
}

As you can see the method is very basic, it just passes the command it received to a private method which actually executes the command. Now I can access any of the privileged methods in my applet with this little helper method.

Categories: Java, Source Code

3 Comments

  • Aron van Ammers's Gravatar
    Aron van Ammers
    Did you finish up your applet? I'd be interested in using it...
  • Dan G. Switzer, II's Gravatar
    Dan G. Switzer, II
    @Aron:

    Yes, I did finish the applet, but it's part of a commercial application and I don't think the applet will be released as stand alone product. I've been campaigning to release the applet as an open source project, but at this point don't think it will happen.
  • Tung Nguyen's Gravatar
    Tung Nguyen
    Hi Dan,

    it is great if you can teach us how to create a self-signed cert and how to use it to sign the applet. Thanks very much.

Comments for this entry have been disabled.