Accessing JAX-WS endpoints from Applets

Though the usecase for such an application is rare, some developers want to access JAX-WS web services via Applets - this is indeed possible. To demonstrate the steps, lets use the endpoint based on the "Using XML in the SOAP body" strategy described here. Assuming you have the endpoint deployed successfully, modify the client to work as an Applet. For our example we will have a simple TextArea and Button to make the web service call and display the results.The source for the Applet can be found in file JAXWSApplet.java To get this Applet running a few basic steps need take place

a) Package the Applet and artifacts generated by the wsimport in a Jar file

b) Make the JAX-WS runtime available to the client. If you're using Java SE 6.0 (Mustang) and the browser plugin for that, then you should be all set. However if you're using J2SE 1.5 or an older version of Java then the JAX-WS Jars need to be made available to the browser. You can make these available in one of two ways. i) Get the JAX-WS distribution from Java.net and get the jars from the lib directory or ii) If you're using JAX-WS with Glassfish then locate the appserv-ws.jar and javaee.jar files in the lib directory.

c) Sign all the necessary JAR files using keytool and the jarsigner utility. This is a two step process that involves key generation and Jar file signing. A good technical article detailing this can be found here
keytool -genkey -alias signFiles -keystore mystore -keypass mykeypass -dname cn=Sun -storepass mystorepass

jarsigner -keystore mystore -storepass mystorepass -keypass mykeypass -signedjar SignedApplet.jar JAXWSApplet.jar signFiles


d) Place the signed JAR files and the HTML page with the Applet tag on the web server. In Glassfish, simply place all these contents in the glassfish\\docroot directory

Run the above example using targets in the following order to first build deploy and test the endpoint using a stand alone client ant create-war deploy-war run-wsdl-client. Then run the target sign-jaxws-ri which packages the Applet , signs the applet and signs the Glassfish Jars, plaing them in the build/signedjars directory along with an HTML file. Place the contents of this directory on your web server.Access the web page through the browser or appletviewer and you should see a result similar to the screen below when the button is pressed.








Comments:

I did as told above, but i have still troubles in a real web-browser environment (Mozilla Firefox 2.0.0.3, Java 1.6.0 Plug-In). Some internal class (com.sun.xml.internal.ws.client.ContentNegotiation.initFromSystemProperties) tries to access some system properties which leads to an java.security.PrivilegedActionException. The whole trace is here:
java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
	at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
	... 4 more
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission com.sun.xml.ws.client.ContentNegotiation read)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
	at java.lang.System.getProperty(Unknown Source)
	at com.sun.xml.internal.ws.client.ContentNegotiation.initFromSystemProperties(Unknown Source)
	at com.sun.xml.internal.ws.client.ContentNegotiation.initialize(Unknown Source)
	at com.sun.xml.internal.ws.client.EndpointIFInvocationHandler.implementSEIMethod(Unknown Source)
	at com.sun.xml.internal.ws.client.EndpointIFInvocationHandler.invoke(Unknown Source)
	at $Proxy18.getCardReaders(Unknown Source)
	at at.arcs.arcsmed.ginaapplet.GinaApplet.getCardReaders(GinaApplet.java:62)
	... 14 more
Any little help would be nice, Christoph

Posted by Christoph Adl on April 04, 2007 at 10:38 PM EDT #

Hi I'm getting the same problem as the previous comment do you have any suggestions on how to solve the security problem in the real world?

java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
at com.sun.xml.internal.bind.v2.runtime.reflect.Accessor$FieldReflection.<init>(Unknown Source)
at com.sun.xml.internal.bind.AccessorFactoryImpl.createFieldAccessor(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.createFieldSeed(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.createFieldSeed(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ClassInfoImpl.findFieldProperties(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ClassInfoImpl.getProperties(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeClassInfoImpl.getProperties(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.getClassInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.model.impl.ModelBuilder.getTypeInfo(Unknown Source)
at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.getTypeInfoSet(Unknown Source)
at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(Unknown Source)
at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
at com.sun.xml.internal.bind.v2.ContextFactory.createContext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.xml.bind.ContextFinder.newInstance(Unknown Source)
at javax.xml.bind.ContextFinder.find(Unknown Source)
at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
at javax.xml.bind.JAXBContext.newInstance(Unknown Source)
at com.sun.xml.internal.ws.spi.ProviderImpl.getEPRJaxbContext(Unknown Source)
at com.sun.xml.internal.ws.spi.ProviderImpl.<clinit>(Unknown Source)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at javax.xml.ws.spi.FactoryFinder.newInstance(Unknown Source)
at javax.xml.ws.spi.FactoryFinder.find(Unknown Source)
at javax.xml.ws.spi.Provider.provider(Unknown Source)
at javax.xml.ws.Service.<init>(Unknown Source)
at it.infocamere.security.ws.MassiveCryptoManager.<init>(MassiveCryptoManager.java:36)
at it.infocamere.security.BIGMassiveSignature.signWS(BIGMassiveSignature.java:363)
at it.infocamere.security.BIGMassiveSignature.Sign(BIGMassiveSignature.java:323)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.ExceptionInInitializerError
at com.sun.xml.internal.ws.util.xml.XmlUtil.createDefaultCatalogResolver(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
at javax.xml.ws.Service.<init>(Unknown Source)
at it.infocamere.security.ws.MassiveCryptoManager.<init>(MassiveCryptoManager.java:36)
at it.infocamere.security.BIGMassiveSignature.signWS(BIGMassiveSignature.java:363)
at it.infocamere.security.BIGMassiveSignature.Sign(BIGMassiveSignature.java:323)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission xml.catalog.ignoreMissing read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.org.apache.xml.internal.resolver.CatalogManager.<init>(Unknown Source)
at com.sun.org.apache.xml.internal.resolver.CatalogManager.<clinit>(Unknown Source)
... 24 more
java.lang.Exception: java.lang.ExceptionInInitializerError
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

Posted by ricardo on July 03, 2008 at 04:21 AM EDT #

Sorry, I did not solve that problem - we used another technology....

Posted by Christoph Adl on July 06, 2008 at 08:39 PM EDT #

I encountered this same problem and found the following puzzling results:

Let us assume that the applet JAR is loaded by http://my.desktop/applet.html. In that case...

1. Accessing the applet from my.desktop at the URL http://my.desktop/applet.html will FAIL.
2. Accessing the applet from some.other.machine at the URL http://my.desktop/applet.html will SUCCEEED.
3. Accessing the applet from my.desktop at the URL http://127.0.0.1/applet.html will SUCCEED.
4. Accessing the applet from my.desktop at the URL http://localhost/applet.html will SUCCEED.

Of particular noteworthiness are #s' 1 and 2. One would suspect that XSS vulnerability concerns would disallow #2 while allowing #1, but this is not the case. My guess here is that there is either a bug or a non-intuitive feature at play in the case of #1 that results in a special case for the security provider, ultimately manifesting itself in the loss of signed permissions or something to that general effect. In this case, even a policy file would not help you as the entire security mechanism is acting under a broken (or simply non-intuitive) assumption.

There may also be some black magic going on here with redirection under the covers via apache/tomcat or something akin thereto. It is hard to say.

Posted by Andrew Hayden on August 12, 2008 at 11:38 AM EDT #

Personally, I don't think the applet should require being signed. However, it does because the XML parser that JAX-WS (Sun's implementation) uses (Apache) tries to read a system property which applets aren't allowed to do. I guess no one is using applets anymore, so, they don't bother to test with them, but, given the popularity of RIA now, maybe they will become popular again. In any case, the ability to make web service calls from an unsigned applet is a perfectly reasonable use case. In fact, this kind of thing is done a LOT in Flex and Silverlight. Seems like a major oversight on the Java side of things.

Posted by Jon on December 05, 2008 at 07:37 AM EST #

Just sign the applet.

Posted by Carlo de Rossi on November 08, 2009 at 11:56 PM EST #

JAX-WS, JRE 6, and signed applet is easy enough. Do you have any tips on doing the same with an unsigned applet? Having people give the applet permission is hurting the adoption rate.

Posted by Thomas on June 18, 2010 at 09:17 AM EDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

sameert

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today