Troubleshooting Applet Security problems
When you are using applets with a browser, you may run into problems with the Applet Security Manager. For security reasons, an applet cannot open a socket on a machine other than the machine that is the applet's source. There are workarounds for this, depending on what you are trying to do. Read on.
What is the Applet Security Manager?
When you run an applet, you bring the classes for that applet across the wire from the host machine so that they operate on your local machine. The Java Applet Security Manager sets certain limits on the bytecode that can be downloaded to the local machine for an applet, and disallows certain behaviors by applets to protect applet users. For example, an applet developer can't embed a program in an applet that will erase files from the user's local drive.
Debugging an Applet Security problem
If Appletviewer works and Netscape does not, it is an indication that you are violating a Netscape security restriction; in this case, the violation is that an applet cannot open a socket to a machine other than the one from which it loaded the applet. To solve this problem, you will have to serve your applet code from the same machine that hosts the WebLogic Server.
Some common questions
I'm trying to use WebLogic jDriver for Oracle from an applet, but I get errors and my applet doesn't work. I've heard rumors that you can't use two-tier drivers from applets. Why not?
The rumors are correct. Within an unsigned applet -- and there aren't any other kinds of applets yet -- you cannot load any native libraries over the wire, or access the local file system, or connect to any host except the host from which you loaded the applet. The applet security manager enforces these restrictions on applets as protection against applets being able to do unsavory things to unsuspecting users.
If you are trying to use WebLogic jDriver for Oracle from an applet, then you are violating the first restriction. Your applet will fail when it attempts to load the "native" (non-Java layer) library that allows WebLogic jDriver for Oracle to make calls into the non-Java Oracle client libraries. If you look at the Exception that is generated, you will see that your applet fails in java.lang.System.loadLibrary, because the security manager determined that you were attempting to load a local library and halted the applet.
You can use WebLogic Express for applet access. WebLogic/JDBC is WebLogic's pure-Java implementation of JDBC that operates within WebLogic's pure-Java framework. With WebLogic Express, you will need one copy of WebLogic jDriver for Oracle (or any other two-tier JDBC driver) for the connection between the WebLogic Server and the DBMS; WebLogic Express will provide a pure-Java JDBC connection to the WebLogic Server that is appropriate for applet use.
I notice when I run a WebLogic example applet, I get a Netscape security violation, although the applet seems to work okay otherwise. Why is this?
If an applet is using WebLogic Express (which the WebLogic example applets use), Netscape will report a security violation caused by the JDBC DriverManager looking for a property. It doesn't affect the applet. You can ignore the security violation.
For more information on applets and applet security, check out
of Applets and their Java
Tutorial. For another excellent article, see Innovation's How the
Applet Network Security Policy works.
Copyright © 2000 BEA Systems, Inc. All rights reserved.