Welcome!

Java Authors: Loraine Antrim, Walter H. Pinson, III, Jason Dolinger, Miko Matsumura, Liz McMillan

Related Topics: Java

Java: Article

Stepping Out of the Sandbox

How a Java applet gets access to client resources
By Maha Sengottiyan
Article Rating:
December 8, 2008 06:30 PM EST
Reads:
 4,364

An applet, a Java program that runs in a browser, often has to access the client resources. However, the security manager prevents an applet from accessing client resources. To access client resources, the applet has to have the proper permission. With this permission the applet can then access the client system resources by way of the security manager. This phenomenon is called stepping out of the sandbox. The sandbox is the security manager.

To achieve this phenomenon the applet needs to be signed and the client user has to grant the applet permission. Signing the applet ensures that the bytecode isn't tampered with, and the client user can be assured that the contents of the applet are coming from a trusted source as stated by the certificate.

Microsoft Internet Explorer and Netscape no longer support their own JVMs, the ones they use to ship with their browsers. This makes life easier because now we don't have to maintain two different code-signing certificates and two different ways of signing the cab files and .jar files. This used to be the case when you wanted your applet to run in both Netscape and IE.

Applet: What, Where, and How
Applets run using a Java Virtual Machine (JVM) either built into the browser or by a Java plug-in. Applets are written in a special way by extending the base applet class in the Java SDK. The applets run in the sandbox of the JVM, i.e, the applets are restricted by the JVM's security manager in terms of what they can and cannot do when running in the client system. This restriction is maintained because applets are remotely downloaded programs that run in the browser.

Applets are normally used in situations where you'd like to have your application run as an applet rather than a traditional HTML-based application. The applet enables access to client file system resources in the client system. This is when the applet has to step out of the sandbox.

To use an applet in your application you have to do two things: write your applet in Java code and have a JavaServer Pages (JSP) page where you invoke the applet. To simplify JSP development, the JSP spec has a <jsp:plugin... directive that executes the applet. This methodology isolates the developer from browser-specific HTML tags to execute an applet.

See Listings 1 and 2 for a sample applet and a sample JSP, respectively. Figure 1 shows how an applet looks in a browser.

Published December 8, 2008 – Reads 4,364
Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

About Maha Sengottiyan

Maha Sengottiyan is a manager of software engineering for TriZetto. He has been working with Java technology for the last 8 years. Maha holds an MS in computer science and engineering and has the following certifications: PMP (Project Management Professional), SCEA (Sun Certified Enterprise Architect), SCBCD, SCWCD, SCJP and Microsoft Certified Professional (MCP).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.