doPrivilege or signing?

[joelius]

I need to run a netsh command though the Java applet sandbox environment obviously won't let me, what would be the best way to access the permissions? I've read up about granting permissions through security exceptions or using AccessController.doPrivileged, what is the best way to tackle this problem? This applet will be called from a HTML page and talked to with javascript...

Sorry if this has been answered elsewhere, I've been searching this forum and googling for days!

PHP Code:

 import java.applet.*;
 import java.awt.*;
 import java.io.*;
import java.awt.event.*;
import javax.swing.JApplet;
import java.net.*;
import java.security.*;
  
 public class wifox extends Applet {
	private static final String CMD = "netsh.exe wlan show networks mode=bssid";
	private static final long serialVersionUID = 1L;
	public int count=0;
	
	public wifox() {
		this.setSize(200,200);
	}
	
    public static void main(String args[]) {
				try {
					// Run "netsh" Windows command
					Process process = Runtime.getRuntime().exec(CMD);

					// Get input streams
					BufferedReader stdInput = new BufferedReader(new InputStreamReader(process.getInputStream()));
					BufferedReader stdError = new BufferedReader(new InputStreamReader(process.getErrorStream()));

					// Read command standard output
					String s;
					System.out.println("Networks Found: ");
					while ((s = stdInput.readLine()) != null) {
						System.out.println(s);
					}

					// Read command errors
					System.out.println("Errors: ");
					while ((s = stdError.readLine()) != null) {
						System.out.println(s);
					}
				} catch (Exception e) {
					e.printStackTrace(System.err);
				}
    }
}

[Norm]

How is your code executed?
It extends Applet but does not have an init or start method.
It has a main method which is not called in applets.

[joelius]

Sorry, as you can probably tell I'm quite a novice when it comes to java programming.
My goal is to just execute the scan, retrieve the results from the Applet using javascript and then process the information with javascript and PHP to be stored in a MySQL database.

At the moment I'm having difficulty with the security limitations invoked on a Java applet to run the netsh command and then I need to return the bufferedReader readline as a string...?

I'm sure it's an easy task for anyone experienced, though how would I go about converting the bufferedReader readLine() to a string so I can retrieve it with the getReturn() function using javascript?

PHP Code:

 import java.applet.*;
 import java.awt.*;
 import java.io.*;
import java.awt.event.*;
import javax.swing.JApplet;
import java.net.*;
import java.security.*;
  
 public class wifox extends Applet {
    private static final String CMD = "netsh.exe wlan show networks mode=bssid";
    private static final long serialVersionUID = 1L;
    public int count=0;
public String toReturn;

public String getReturn() {
return toReturn;
}
    
    public wifox() {
        this.setSize(200,200);
    }

public init() {

}

public static void scan() {
                try {
                    // Run "netsh" Windows command
                    Process process = Runtime.getRuntime().exec(CMD);

                    // Get input streams
                    BufferedReader stdInput = new BufferedReader(new InputStreamReader(process.getInputStream()));
                    BufferedReader stdError = new BufferedReader(new InputStreamReader(process.getErrorStream()));

                    // Read command standard output
                    String s;
                    System.out.println("Networks Found: ");
                    while ((s = stdInput.readLine()) != null) {
                        System.out.println(s);
                    }

                    // Read command errors
                    System.out.println("Errors: ");
                    while ((s = stdError.readLine()) != null) {
                        System.out.println(s);
                    }
                } catch (Exception e) {
                    e.printStackTrace(System.err);
                }
}
    
    public static void main(String args[]) {
    }


}

[Norm]

how would I go about converting the bufferedReader readLine() to a string

Have you read the API doc for the readLine method? It would tell you how to get a String.
The API doc are here: Java Platform SE 6

If you are running the applet on one PC then you could change the .java.policy file to give your applet permissions. If it is to run on any PC you need to sign your applet. The java tutorial has detailed instructions on how to do that.

For more info on applets, go to this site and Find Applet:
The Really Big Index

[joelius]

Thank you Norm! Your links helped a lot!

I have compiled it to a class, packaged it into a jar file and signed it using jarsigner, now when I run the HTML file I was asked whether I wanted to run unsigned applications from an unknown author to which I clicked yes. Now when I click the test button and run test() - the correct String is returned and inserted into the <p> tag. Now when I click the scan button, it returns the following errors... do I need to use AccessController.doPrivileged or am I doing something wrong?

I'm getting the following error readout from the java console

Java Plug-in 10.0.0.147
Using JRE version 1.7.0-b147 Java HotSpot(TM) Client VM
Detected from bootclasspath: C:\\PROGRA~1\\Java\\jre7\\lib\\deploy.jar
Trace level set to 5: all ... completed.java.security.AccessControlException: access denied ("java.io.FilePermission" "<<ALL FILES>>" "execute")
at java.security.AccessControlContext.checkPermission (Unknown Source)
at java.security.AccessController.checkPermission(Unk nown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkExec(Unknown Source)
at java.lang.ProcessBuilder.start(Unknown Source)
at java.lang.Runtime.exec(Unknown Source)
at java.lang.Runtime.exec(Unknown Source)
at java.lang.Runtime.exec(Unknown Source)
at wifox.scan(wifox.java:27)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invok e(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.inv oke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

My compiled code looks like this

PHP Code:

import java.applet.Applet;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintStream;

public class wifox extends Applet
{
  private static final String CMD = "netsh.exe wlan show networks mode=bssid";
  private static final long serialVersionUID = 1L;
  public int count = 0;
  public String toReturn;
  public String errors;

  public String getReturn()
  {
    return this.toReturn;
  }

  public String test() {
    return "this is a test";
  }

  public String scan()
  {
    try {
      Process localProcess = Runtime.getRuntime().exec("netsh.exe wlan show networks mode=bssid");

      BufferedReader localBufferedReader1 = new BufferedReader(new InputStreamReader(localProcess.getInputStream()));
      BufferedReader localBufferedReader2 = new BufferedReader(new InputStreamReader(localProcess.getErrorStream()));

      this.toReturn += "Networks Found: ";
      String str;
      while ((str = localBufferedReader1.readLine()) != null) {
        System.out.println(str);
        this.toReturn += str;
      }

      System.out.println("Errors: ");
      while ((str = localBufferedReader2.readLine()) != null)
      {
        this.errors += str;
      }

      localBufferedReader1.close();
      localBufferedReader2.close();
    } catch (Exception localException) {
      localException.printStackTrace(System.err);
    }

    return this.toReturn;
  }

  public static void main(String[] paramArrayOfString) {
    wifox localwifox = new wifox();
  }
}

The manifest of the jar file is:

Manifest-Version: 1.0
Created-By: Joel
Main-Class: wifox

Name: wifox.class
SHA-256-Digest: NSaq6YjJ8cMEXSQwwkX/wBtOnYQplEWFpTpXjewzLkM=

and the HTML is

PHP Code:

 <html>
 <head>

 <script type='text/javascript'>
 
function scan() {
	document.getElementById('data').innerHTML = document.theapplet.scan();
}

function test() {
	document.getElementById('test').innerHTML = document.theapplet.test();
}
</script>
 
 </head>
 
 <body>
 <p id='data'></p>
 <button onClick='scan()'>Scan</button>
 <p id='test'></p>
	 <button onClick='test()'>Test</button>
<applet code = 'wifox',
		archive = 'wifox.jar', 
        width = 300, 
        height = 300 />
</applet>
 </body>
 </html>

[Norm]

Your html is missing name="theapplet"

[Norm]

I added the following line to the empty codebase at the top of the .java.policy file and was able to try to execute the program:

permission java.io.FilePermission "<<ALL FILES>>", "execute";

I got this error message:
The following command was not found: wlan show networks mode=bssid.

[joelius]

hmm what operating system are you running?
I've managed to get it running on my Windows 7 Laptop.

Thank you so much Norm!!!

Now just to write in some code to detect the OS and execute the relative command - airport (MAC), netsh (Win7) etc.

Am I able to store a Policy file or lines in the JAR?

[Norm]

hmm what operating system are you running?

XP

Am I able to store a Policy file or lines in the JAR?

You could but it would NOT be used by the JVM.

[joelius]

One last thing, how would I go about granting those permissions for a remote (HTTP) classpath? I've done a search both on google and through these forums and the best post I can find is here Permission on policy file - though I don't know how this would pertain to my solution?

the code works if I have the allPermission settings in the empty codebase, though when I try to specify a remote codebase I cannot get it to work. Can these permissions be granted to a remote file?

example:

grant codeBase "http://www.java-forums.org/wifiScan/-" {
permission java.security.AllPermission;
};

grant codeBase "http://www.java-forums.org/wifiScan/*" {
permission java.security.AllPermission;
};

grant codeBase "http://www.java-forums.org/wifiScan/wifiScan.jar" {
permission java.security.AllPermission;
};

[Norm]

I don't have a website to test with. My .java.policy file has this code base entry I might have tested with but I don't remember.

grant codeBase "http://127.0.0.1:8080/Testing/-" {
permission java.util.PropertyPermission "*", "read, write";
};

[joelius]

Hey norm, I've set up a little test site at http://www.wifox.dreamhosters.com/index.html that I'm using to try and grant permissions


Thank you very much for your help, couldn't have done it without you.