Results 1 to 12 of 12
  1. #1
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Smile doPrivilege or signing?

    I need to run a netsh command though the Java applet sandbox environment obviously won't let me, what would be the best way to access the permissions? I've read up about granting permissions through security exceptions or using AccessController.doPrivileged, what is the best way to tackle this problem? This applet will be called from a HTML page and talked to with javascript...

    Sorry if this has been answered elsewhere, I've been searching this forum and googling for days!

    PHP Code:
     import java.applet.*;
     import java.awt.*;
     import java.io.*;
    import java.awt.event.*;
    import javax.swing.JApplet;
    import java.net.*;
    import java.security.*;
      
     public class wifox extends Applet {
    	private static final String CMD = "netsh.exe wlan show networks mode=bssid";
    	private static final long serialVersionUID = 1L;
    	public int count=0;
    	
    	public wifox() {
    		this.setSize(200,200);
    	}
    	
        public static void main(String args[]) {
    				try {
    					// Run "netsh" Windows command
    					Process process = Runtime.getRuntime().exec(CMD);
    
    					// Get input streams
    					BufferedReader stdInput = new BufferedReader(new InputStreamReader(process.getInputStream()));
    					BufferedReader stdError = new BufferedReader(new InputStreamReader(process.getErrorStream()));
    
    					// Read command standard output
    					String s;
    					System.out.println("Networks Found: ");
    					while ((s = stdInput.readLine()) != null) {
    						System.out.println(s);
    					}
    
    					// Read command errors
    					System.out.println("Errors: ");
    					while ((s = stdError.readLine()) != null) {
    						System.out.println(s);
    					}
    				} catch (Exception e) {
    					e.printStackTrace(System.err);
    				}
        }
    }

  2. #2
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    How is your code executed?
    It extends Applet but does not have an init or start method.
    It has a main method which is not called in applets.

  3. #3
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Default Re: doPrivilege or signing?

    Sorry, as you can probably tell I'm quite a novice when it comes to java programming.
    My goal is to just execute the scan, retrieve the results from the Applet using javascript and then process the information with javascript and PHP to be stored in a MySQL database.

    At the moment I'm having difficulty with the security limitations invoked on a Java applet to run the netsh command and then I need to return the bufferedReader readline as a string...?

    I'm sure it's an easy task for anyone experienced, though how would I go about converting the bufferedReader readLine() to a string so I can retrieve it with the getReturn() function using javascript?

    PHP Code:
     import java.applet.*;
     import java.awt.*;
     import java.io.*;
    import java.awt.event.*;
    import javax.swing.JApplet;
    import java.net.*;
    import java.security.*;
      
     public class wifox extends Applet {
        private static final String CMD = "netsh.exe wlan show networks mode=bssid";
        private static final long serialVersionUID = 1L;
        public int count=0;
    public String toReturn;
    
    public String getReturn() {
    return toReturn;
    }
        
        public wifox() {
            this.setSize(200,200);
        }
    
    public init() {
    
    }
    
    public static void scan() {
                    try {
                        // Run "netsh" Windows command
                        Process process = Runtime.getRuntime().exec(CMD);
    
                        // Get input streams
                        BufferedReader stdInput = new BufferedReader(new InputStreamReader(process.getInputStream()));
                        BufferedReader stdError = new BufferedReader(new InputStreamReader(process.getErrorStream()));
    
                        // Read command standard output
                        String s;
                        System.out.println("Networks Found: ");
                        while ((s = stdInput.readLine()) != null) {
                            System.out.println(s);
                        }
    
                        // Read command errors
                        System.out.println("Errors: ");
                        while ((s = stdError.readLine()) != null) {
                            System.out.println(s);
                        }
                    } catch (Exception e) {
                        e.printStackTrace(System.err);
                    }
    }
        
        public static void main(String args[]) {
        }
    
    
    }

  4. #4
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    how would I go about converting the bufferedReader readLine() to a string
    Have you read the API doc for the readLine method? It would tell you how to get a String.
    The API doc are here: Java Platform SE 6

    If you are running the applet on one PC then you could change the .java.policy file to give your applet permissions. If it is to run on any PC you need to sign your applet. The java tutorial has detailed instructions on how to do that.

    For more info on applets, go to this site and Find Applet:
    The Really Big Index

  5. #5
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Default Re: doPrivilege or signing?

    Thank you Norm! Your links helped a lot!

    I have compiled it to a class, packaged it into a jar file and signed it using jarsigner, now when I run the HTML file I was asked whether I wanted to run unsigned applications from an unknown author to which I clicked yes. Now when I click the test button and run test() - the correct String is returned and inserted into the <p> tag. Now when I click the scan button, it returns the following errors... do I need to use AccessController.doPrivileged or am I doing something wrong?

    I'm getting the following error readout from the java console
    Java Plug-in 10.0.0.147
    Using JRE version 1.7.0-b147 Java HotSpot(TM) Client VM
    Detected from bootclasspath: C:\\PROGRA~1\\Java\\jre7\\lib\\deploy.jar
    Trace level set to 5: all ... completed.java.security.AccessControlException: access denied ("java.io.FilePermission" "<<ALL FILES>>" "execute")
    at java.security.AccessControlContext.checkPermission (Unknown Source)
    at java.security.AccessController.checkPermission(Unk nown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkExec(Unknown Source)
    at java.lang.ProcessBuilder.start(Unknown Source)
    at java.lang.Runtime.exec(Unknown Source)
    at java.lang.Runtime.exec(Unknown Source)
    at java.lang.Runtime.exec(Unknown Source)
    at wifox.scan(wifox.java:27)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invok e(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.inv oke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$DefaultInvocationDelegate.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo.doObjectOp(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppl etInfo$LiveConnectWorker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    My compiled code looks like this
    PHP Code:
    import java.applet.Applet;
    import java.io.BufferedReader;
    import java.io.InputStreamReader;
    import java.io.PrintStream;
    
    public class wifox extends Applet
    {
      private static final String CMD = "netsh.exe wlan show networks mode=bssid";
      private static final long serialVersionUID = 1L;
      public int count = 0;
      public String toReturn;
      public String errors;
    
      public String getReturn()
      {
        return this.toReturn;
      }
    
      public String test() {
        return "this is a test";
      }
    
      public String scan()
      {
        try {
          Process localProcess = Runtime.getRuntime().exec("netsh.exe wlan show networks mode=bssid");
    
          BufferedReader localBufferedReader1 = new BufferedReader(new InputStreamReader(localProcess.getInputStream()));
          BufferedReader localBufferedReader2 = new BufferedReader(new InputStreamReader(localProcess.getErrorStream()));
    
          this.toReturn += "Networks Found: ";
          String str;
          while ((str = localBufferedReader1.readLine()) != null) {
            System.out.println(str);
            this.toReturn += str;
          }
    
          System.out.println("Errors: ");
          while ((str = localBufferedReader2.readLine()) != null)
          {
            this.errors += str;
          }
    
          localBufferedReader1.close();
          localBufferedReader2.close();
        } catch (Exception localException) {
          localException.printStackTrace(System.err);
        }
    
        return this.toReturn;
      }
    
      public static void main(String[] paramArrayOfString) {
        wifox localwifox = new wifox();
      }
    }
    The manifest of the jar file is:
    Manifest-Version: 1.0
    Created-By: Joel
    Main-Class: wifox

    Name: wifox.class
    SHA-256-Digest: NSaq6YjJ8cMEXSQwwkX/wBtOnYQplEWFpTpXjewzLkM=
    and the HTML is
    PHP Code:
     <html>
     <head>
    
     <script type='text/javascript'>
     
    function scan() {
    	document.getElementById('data').innerHTML = document.theapplet.scan();
    }
    
    function test() {
    	document.getElementById('test').innerHTML = document.theapplet.test();
    }
    </script>
     
     </head>
     
     <body>
     <p id='data'></p>
     <button onClick='scan()'>Scan</button>
     <p id='test'></p>
    	 <button onClick='test()'>Test</button>
    <applet code = 'wifox',
    		archive = 'wifox.jar', 
            width = 300, 
            height = 300 />
    </applet>
     </body>
     </html>

  6. #6
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    Your html is missing name="theapplet"

  7. #7
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    I added the following line to the empty codebase at the top of the .java.policy file and was able to try to execute the program:

    permission java.io.FilePermission "<<ALL FILES>>", "execute";

    I got this error message:
    The following command was not found: wlan show networks mode=bssid.

  8. #8
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Default Re: doPrivilege or signing?

    hmm what operating system are you running?
    I've managed to get it running on my Windows 7 Laptop.

    Thank you so much Norm!!!

    Now just to write in some code to detect the OS and execute the relative command - airport (MAC), netsh (Win7) etc.

    Am I able to store a Policy file or lines in the JAR?

  9. #9
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    hmm what operating system are you running?
    XP
    Am I able to store a Policy file or lines in the JAR?
    You could but it would NOT be used by the JVM.

  10. #10
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Default Re: doPrivilege or signing?

    One last thing, how would I go about granting those permissions for a remote (HTTP) classpath? I've done a search both on google and through these forums and the best post I can find is here Permission on policy file - though I don't know how this would pertain to my solution?

    the code works if I have the allPermission settings in the empty codebase, though when I try to specify a remote codebase I cannot get it to work. Can these permissions be granted to a remote file?

    example:
    grant codeBase "http://www.java-forums.org/wifiScan/-" {
    permission java.security.AllPermission;
    };
    grant codeBase "http://www.java-forums.org/wifiScan/*" {
    permission java.security.AllPermission;
    };
    grant codeBase "http://www.java-forums.org/wifiScan/wifiScan.jar" {
    permission java.security.AllPermission;
    };

  11. #11
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    16,544
    Rep Power
    23

    Default Re: doPrivilege or signing?

    I don't have a website to test with. My .java.policy file has this code base entry I might have tested with but I don't remember.

    grant codeBase "http://127.0.0.1:8080/Testing/-" {
    permission java.util.PropertyPermission "*", "read, write";
    };

  12. #12
    joelius is offline Member
    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Default Re: doPrivilege or signing?

    Hey norm, I've set up a little test site at http://www.wifox.dreamhosters.com/index.html that I'm using to try and grant permissions


    Thank you very much for your help, couldn't have done it without you.

Similar Threads

  1. Self signing for dummies?
    By lemmy101 in forum Java Applets
    Replies: 0
    Last Post: 03-18-2011, 11:32 AM
  2. applet signing
    By milkman128 in forum Java Applets
    Replies: 11
    Last Post: 10-06-2008, 02:05 PM
  3. Signing Java Applet
    By Agri in forum New To Java
    Replies: 8
    Last Post: 09-29-2008, 06:26 PM
  4. applet and signing
    By Preethi in forum New To Java
    Replies: 0
    Last Post: 06-05-2008, 03:17 PM
  5. Signing An Applet!!!!! Me Need Help!!!!! Plz!
    By marco in forum Java Applets
    Replies: 3
    Last Post: 07-29-2007, 05:45 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •