I have a Java Applet which is digitally signed.
I need to be able to call a function from javascript which writes an xml file into the user folder.
I have got code in the applets init function which creates a sub-folder, creates a file and appends to that file. This runs without error. When the same code is inside a function(below) which is called directly from javascript an Access Control Exception is thrown:
public boolean createLocalXMLFile(String XML) {
String path = BaseDirectory.baseDirectory + "\\TestFolder";
try {
boolean status;
status = new File(path).mkdir();
UUID fName = UUID.randomUUID();
FileWriter fstream = new FileWriter(path + "\\"+fName+".xml");
BufferedWriter out = new BufferedWriter(fstream);
out.write(XML);
//Close the output stream
out.close();
return true;
}catch (Exception ex) {
System.out.println("createXMLError \n"+ex.toString());
return false;
}
}
*note base directory refers to the user home path
Java Console Error java.security.AccessControlException: access denied (java.io.FilePermission C:\Users\Richard\Hytec\AppStore\0d927ab7-74ba-449a-9db4-98e62cd0f53b.txt write)
If you call your applet's methods from JavaScript, the resulting permissions are the intersection of your applet's permissions and the JavaScript bridge's permissions - which means in your case, no permissions to access the local file.
To run the code with your applet's permissions, wrap the critical code in AccessController.doPrivileged(...). Of course, first check that this can't do anything malicious, even if called by malicious code.