Applets cannot phone home any longer
Question
I tolerated the security restriction that applets cannot perform arbitrary HTTP requests.
It seems, however, that since a year or so ago, it isn't even possible to do an HTTP request to the URL where this applet itself is located. At least if the request is triggered by calling a method of the applet via JavaScript.
This would mean nothing less than that some security guys out there at Oracle decided to let applets not even "phone home" any longer. Can any readers confirm this policy change?
On my page I have a test applet which could be instrumented with JavaScript to perform an HTTP request. This used to work. Since some months ago, however, it is broken and ends with a security violation exception.
access denied (java.net.SocketPermission 91.90.146.25:80 connect,resolve)
This code shows the public method doing the HTTP request:
public class HttpRequestor extends Applet {
public String sendRequest(String urlstring) {
String response = "";
String line = "";
URL url;
try {
url = new URL( urlstring );
BufferedReader in = new BufferedReader(new InputStreamReader( url.openStream() ));
while ((line = in.readLine()) != null)
response += line + "\n";
return response;
}
catch (Exception ex) {
return ex.getMessage();
}
}
}
Tested on Java runtime version 1.6.0_29
I have seen the answers to this question , but this doesn't answer my question: what is the cause of this change of behaviour? (And also, I am not sure whether the solution of that question would solve this problem too).
1 answers
solution1
1 2011-12-19 21:25:04
What is the cause of this change of behaviour
A decision by Oracle.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.