applet. java.lang.reflect.InvocationTargetException

Question

I have applet which use jna Pointer class. The applet code is:

import com.sun.jna.*;
public class Applet1 extends Applet{
    public void test() {
        try {
            Pointer p = new Memory(73);
        } catch (Exception e) {
        e.printStackTrace();
        }
    }
}

In html code I declared applet this way:

<applet
    codebase=/pki/
    code=Applet1.class 
    archive=/pki/jna-3.2.3.jar
    id=Applet1
    width=100 
    height=100 >
</applet>

When i call document.getElementById("Applet1").test() by javascript the java.lang.reflect.InvocationTargetException arise. I cant call e.getCause() in the java class side, because applet try/catch dont catch the error (I dont understand why). But javascript try/catch catch this error. If move Pointer p = new Memory(73); line it will be ok. The matter is this line. Please, help to fix the problem.

EDIT: if replace this block:

try {
    Pointer p = new Memory(73);
} catch (Exception e) {
    e.printStackTrace();
}

to

try {
    Pointer p = new Memory(73);
} catch (Throwable e) {
    System.out.println(e.getCause());
}

I got java.security.AccessControlException: access denied (java.util.PropertyPermission jna.boot.library.path read)

Answer 1

Okay, now we come to the root of the problem. (You still could have used printStackTrace - this should have printed the stack trace of the cause , too.).

1. Unsigned applets have only access to a limited number of system properties - the jna properties are not part of these.

2. In an unsigned applet you can't load native libraries anyways, so no way to use JNA (or JNI, by the way).

3. If you sign the applet (and tell the plugin to accept the signature), your applet has the necessary rights to use JNA. But the rights of any single running code is effectively the intersection of the rights of all methods which called the current code.

   Applet methods called from JavaScript have extremely limited permissions (since the Plugin can't really check that the JavaScript code has the necessary permissions, if your browser even has such a concept).

   You can go around this by wrapping the part of the code, which needs to run with your applet's permissions, with AccessController.doPrivileged(...) . But first make sure this can't do anything dangerous (which is easy with JNI/JNA), even when called from malicious JavaScript code.