Search code examples
javaappletsftpaccesscontrolexception

AccessControlException when connecting to a SFTP server using JSch from an Applet


The applet will download file from a SFTP server. JSch libraries are used to create a session, connect to the SFTP server using it, create a SFTP channel and execute GET command for that file on that server. The applet is signed.

Code snippet for downloading a file:

    public static void prepareSession() throws JSchException {

  try {
   session = jsch.getSession(user,host,port);
   session.setConfig("StrictHostKeyChecking", "no");        
      session.setPassword(password);
  } catch (JSchException e) {
   e.printStackTrace();
   throw new JSchException(e.getLocalizedMessage(),e);
  }
 }

 public synchronized static void downloadFile() throws Exception {
  ChannelSftp channelSFTP = null;
  try {
   if (!session.isConnected()) {
    session.connect();
   }
   Channel channel=session.openChannel("sftp");
      channel.connect();
      channelSFTP=(ChannelSftp)channel;

      String destFile = SFTPImpl.destFolder + "/" + SFTPImpl.sourceFile + ".part";

      log.info("Downloading file: " + SFTPImpl.sourceFile + " -- START");
      channelSFTP.get(SFTPImpl.sourceFile,destFile,SFTPImpl.monitor,ChannelSftp.OVERWRITE);      

  } catch (JSchException e) {
   log.error("Error occurred within library", e);
   throw new JSchException(e.getMessage(),e);
  } catch (SftpException e) {
   log.error("Error occurred in SFTP communication. Error ID: " + e.id, e);
   throw new SftpException(e.id,e.getMessage(),e);
  } catch (Exception e) {
   throw new Exception(e.getMessage(),e);
  }finally {
   if (channelSFTP != null && channelSFTP.isConnected()) {
    channelSFTP.quit();
       channelSFTP.disconnect();
       session.disconnect();
   }
  }
 }

Applet is deployed using Java Deployment Toolkit. The HTML page code snippet for applet deployment is:

<script src="http://www.java.com/js/deployJava.js"></script>
  <script>
   var attributes = {code:'com.sftptest.applet.SFTPApplet', archive:'signedsftp.jar,jsch.jar,log4j-1.2.15.jar', width:400, height:400} ; 
         var parameters = {jnlp_href: 'sftpdownload-applet.jnlp'} ; 
         deployJava.runApplet(attributes, parameters, '1.6');
  </script> 

sftpdownload-applet.jnlp file:

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="" href="">
    <information>
        <title>SFTP Downloader</title>
        <vendor>local</vendor>
    </information>
    <resources>
        <!-- Application Resources -->
        <j2se version="1.6+"
              href="http://java.sun.com/products/autodl/j2se" />
        <jar href="signedsftpsftp.jar" main="true" />
        <jar href="jsch.jar" />
        <jar href="log4j-1.2.15.jar" />
    </resources>
    <applet-desc 
         name="SFTP Downloader Applet"
         main-class="com.sftptest.applet.SFTPApplet"
         width="400"
         height="400">
     </applet-desc>
     <update check="background"/>
</jnlp>

The applet contains a file chooser which is used to select the download location. As soon as the download location is chosen, the applet should start downloading the file. But after some time following error is coming in the console:

[Oct 12 20:39:16] ERROR (SFTPImpl.java:130) - Error occurred within library
com.jcraft.jsch.JSchException: java.security.AccessControlException: access denied (java.net.SocketPermission sftpcal.cognizant.com resolve)
 at com.jcraft.jsch.Util.createSocket(Util.java:341)
 at com.jcraft.jsch.Session.connect(Session.java:182)
 at com.jcraft.jsch.Session.connect(Session.java:150)
 at com.sftptest.SFTPImpl.downloadFile(SFTPImpl.java:111)
 at com.sftptest.ui.DownloadPanel$DownloadTask.doInBackground(DownloadPanel.java:316)
 at com.sftptest.ui.DownloadPanel$DownloadTask.doInBackground(DownloadPanel.java:1)
 at javax.swing.SwingWorker$1.call(SwingWorker.java:278)
 at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
 at java.util.concurrent.FutureTask.run(FutureTask.java:138)
 at javax.swing.SwingWorker.run(SwingWorker.java:317)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:637)

From the exception log I saw that the exception is coming from the JSch framework's Util.createSocket() method:

  static Socket createSocket(String host, int port, int timeout) throws JSchException{
    Socket socket=null;
    if(timeout==0){
      try{
        socket=new Socket(host, port);
        return socket;
      }
      catch(Exception e){
        String message=e.toString();
        if(e instanceof Throwable)
          throw new JSchException(message, (Throwable)e);
        throw new JSchException(message);
      }
    }

Please help & let me know if more information is required.


Solution

  • You have signed the applet, yes, but you've forgotten to request socket-creation permissions in your jnlp.

    <security>
      <j2ee-application-client-permissions/>
    </security>