0 Replies Latest reply on Mar 2, 2004 8:21 AM by Kees van Dieren

    Call EJB from unsiged applet: possible?

    Kees van Dieren Newbie

      I've tried to make a call to a session EJB from an unsiged applet. How-ever, this seems to be impossible.

      At first I got the exception

      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)
      . This is fixed, by removing all client security checks in conf/standardjboss.xml. However, another exception occurs:
      access denied (java.io.SerializablePermission enableSubstitution)
      
      java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution)
      
       at java.security.AccessControlContext.checkPermission(Unknown Source)
      


      I know this could be fixed by adding an option in the java.polocy file:

       permission java.io.SerializablePermission "enableSubstitution";
      


      But that isn't a soluction, because every client has to do this before it's possible to use the applet :(.

      Is there a workaround available, for calling EJB's with applets, without signing the applet, and without adding entries to the java.polocy file? According to this example: http://jboss.sourceforge.net/doc-24/ch11s21.html it was possible in JBoss 2.4; but I cannot get this example working in JBoss 3.2.3.

      Thanks very much in advance