Search code examples
javaappletjschappletviewer

Testing JCTerm, java applet terminal emulator, works in Eclipse, but not in browsers


Testing an unmodified version of JCTerm (terminal emulator, can be used as an applet; I would like to use the applet functionality), everything seems to be working fine in Eclipse's AppletViewer, but testing the resulting jar file in an web page, all options display a message box with a flashing yellow warning symbol and do nothing. Some options display a "Establish the connection before this setting" error.

The option I'm interested in using is 'Open SHELL Session...' from the File menu. When trying 'Open SHELL Session...' option, the Java Console for the applet displays this stuff, which seems directly related. I don't have a clue as to what it means though.

    network: Connecting http://xxx.xx.xx.xxx/crossdomain.xml with proxy=DIRECT
    network: Connecting http://xxx.xx.xx.xxx:80/ with proxy=DIRECT
    java.security.PrivilegedActionException: java.net.ConnectException: Connection refused: connect
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at com.jcraft.jsch.Util$1.run(Util.java:354)
        at java.lang.Thread.run(Unknown Source)
    Caused by: java.net.ConnectException: Connection refused: connect
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(Unknown Source)
        at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
        at java.net.PlainSocketImpl.connect(Unknown Source)
        at java.net.SocksSocketImpl.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at sun.net.NetworkClient.doConnect(Unknown Source)
        at sun.net.www.http.HttpClient.openServer(Unknown Source)
        at sun.net.www.http.HttpClient.openServer(Unknown Source)
        at sun.net.www.http.HttpClient.<init>(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
        at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
        ... 10 more    

An example of this program working correctly can be found here, http://wiredx.net/jcterm/


Solution

  • This looks like a security problem.

    By default, an unsigned Java applet can only connect to the host if was loaded from. Additionally, if the host you want to connect to allows this with it's crossdomain.xml file, you can also connect to other hosts.

    Judging from the stack trace, you want to connect to a host which does not have an HTTP server, and thus can't provide a crossdomain.xml file. For this reason, you get this exception here.

    There are these ways out of this:

    • Put the applet on the same web server which you want to connect to with SSH later. (Every applet can connect to its own host.)
    • Let the SSH server have a minimal web server with a crossdomain.xml. (The crossdomain.xml must allow content from the applet's server to access this server.)
    • Sign the applet (and let the user trust it). (Signed and trusted applets are allowed to do everything.)

    The official WiredX sample applet you linked uses the last method, this is why it works even when connecting to your server.