Applet method calling from Javascript

java javascript security applet

I have an applet to upload some files from specific folder and delete them,but something is wrong when I call an applet function from my javascript code, when I call that function from init() it works fine.

My applet code :

public class Uploader extends Applet {
   String serverPath;
   String clientPath;
   private JSObject win;
   @Override
   public void init() {
       serverPath = getParameter("serverPath");
       clientPath = getParameter("clientPath");
       try {
           win = JSObject.getWindow(this);
       } catch (JSException e) {
           log.warning("Can't access JSObject object");
       }
       upload(topic,clientPath);
   }
   public void upload(String topic,String clientPath) {
       log.log(Level.SEVERE, "upload functiond");
       DefaultHttpClient client = new DefaultHttpClient();
       MultipartEntity form = new MultipartEntity();
       log.log(Level.SEVERE, "upload functiond2");
       try {
            File directory = new File(clientPath);
            log.log(Level.SEVERE, "upload functiond2.2");
            File[] files = directory.listFiles();
            log.log(Level.SEVERE, "upload functiond2.5");
            int i = 0;
            for (File file : files) {
                log.log(Level.SEVERE, "upload functiond2.6");
                i++;
                form.addPart("file" + String.valueOf(i), new FileBody(file));
                System.out.println("adding file " + String.valueOf(i) + " " + file);
                log.log(Level.SEVERE, "adding file " + String.valueOf(i) + " " + file);
            }
            log.log(Level.SEVERE, "upload functiond3");
            form.addPart("topic", new StringBody(topic, Charset.forName("UTF-8")));
            form.addPart("action", new StringBody(action, Charset.forName("UTF-8")));
            form.addPart("path", new StringBody(serverPath, Charset.forName("UTF-8")));
            HttpPost post = new HttpPost(serverPath);
      ....

and this is my javascript code:

document.applet.upload(title,"c:\scan");

When I called from javascript only log printed:

log.log(Level.SEVERE, "upload functiond2.2");

Note that when I call from init method of applet it works fine.

I wrap my code into a PriviligedAction, but goes only one step forward and hang on 

log.log(Level.SEVERE, "upload functiond2.5");

The interaction of Java and JS complicates security. The JRE cannot trust the JS, so it decides the entire 'chain of operations' that include your code is untrusted. There is a way to fix it.

The code needs to be wrapped in a PrivilegedAction and called using one of the AccessController methods that doPrivileged(..). Look at the top of the AccessController docs. (above the methods) to see example usage.

Related

Source not found Android?
Not allowed to execute sendEmail() from custom function, but OK in script editor
Is it possible in matlab to explicitly format the output numbers?
Newtonsoft JSON.Net SelectToken Issue
find multiple strings using str_extract_all
String replace not working [duplicate]
Word for saying something that people want to hear
How to say someone out of office in short time on phone call?
Should a comma be used in a scientific quantity such as wavelength?
proper usage of the word 'blitzkrieg'
Do the nights 'draw in' or 'pull in'?
Where does "X-factor" meaning: "noteworthy, special talent or quality" come from?