Message-Id: <199801132049.MAA18883@crypto.eng.sun.com>
Date: Tue, 13 Jan 1998 12:49:05 -0800 (PST)
From: Roland Schemers <Roland.Schemers@Eng>
Subject: Re: acls
To: java-security@web2.javasoft.com, BSerr@tribune.com
Two quick comments:
1. sun.* classes are not supported by sun and should be considered
private APIs which are subject to change and/or go away. It is
very unfortunate that concrete implementations of java.security.acl
were not provided at the same time the interfaces were. It would have
been better to just leave them out.
2. most browsers will not allow access to sun.* APIs, as these APIs
are not meant to be used by applets, and may pose a security risk
if they are allowed to be used by applets. You may be able to
access them in Netscape by signing your code and enabling the privilege
it is checking for, but that might be dangerous. ie probably has
a similar mechanism.
I would suggest implementing your own ACL classes so you won't have any
problems. It is fairly trivial to do.
Hope this helps, even though its probably not the answer you wanted to hear.
thanks, roland
> Hi.
>
> A quick question about access control lists in 1.1.5.
>
> I am using the sun implementation of access control lists
> (sun.security.acl) since the java.security packages only include
> interfaces. I get the following exception when I try to run my applet
> in a browser (the latest version of Netscape):
>
>
> # Loading class sun.security.acl.PrincipalImpl
> # Security Exception: cannot define package:sun.security.acl
> netscape.security.AppletSecurityException: security.cannot define
> package:sun.security.acl
> # UniversalPackageDefinition privilege not enabled: Loading
> restricted Java system code
> # Applet disc.ap.test.AppletTest can't start: ERROR
>
> Do I need to secure my applet before I can use these classes? Is
> there something else that I need to do (besides compiling and running
> this like a regular applet)?
>
> I get a similar error when I run the applet in IE 4.0.
>
> Thanks,
>
> Bob Serr
> bserr@mcs.com