Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (499)
Games in Android Showcase (118)
games submitted by our members
Games in WIP (567)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Google appengine + applet AccessControlException  (Read 5002 times)
0 Members and 1 Guest are viewing this topic.
Offline ShannonSmith
« Posted 2010-09-07 15:21:45 »

I am having a problem getting my applet to connect back to a google appengine servlet. The HttpURLConnection always fails with:
java.security.AccessControlException: access denied (java.net.SocketPermission 72.14.213.141 resolve)

I have tried a bunch of stuff to get it working (can't even connect to the applet getCodebase() URL) and I'm out of ideas. One thing that is interesting is the exception has an IP address in it rather than the host name, is google doing some funny redirect that is confusing the applet or have I done something stupid?
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #1 - Posted 2010-09-07 15:28:07 »

Start with plain socket access:
1  
  new Socket(Applet.getDocumentBase().getHost(), 80);
and check whether that works.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #2 - Posted 2010-09-07 15:52:14 »

Nope that doesn't work either.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline SimonH
« Reply #3 - Posted 2010-09-07 16:44:43 »

You have to use URLConnections; (NB fragmentary code only - omitted error trapping &c for clarity)
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
String data="Hello Servlet!";
url = new URL(codeBase+appName);
urlConnection = url.openConnection();
// inform servlet that this is a service request
urlConnection.setRequestProperty("Content-Type", "application/service");
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
// disable caching
urlConnection.setDefaultUseCaches(false);
urlConnection.setUseCaches(false);
outputStream = urlConnection.getOutputStream();
outputStream.write(data.getBytes());
outputStream.flush();
outputStream.close();

// get response
inputStream = urlConnection.getInputStream();
&c.


People make games and games make people
Offline ShannonSmith
« Reply #4 - Posted 2010-09-07 16:53:32 »

Why would a URLConnection work and an HttpURLConnection not work?
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #5 - Posted 2010-09-07 16:55:08 »

There is nothing magical about URLConnection. It creates a Socket under the hood.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #6 - Posted 2010-09-07 16:57:32 »

So the security manager complains about: "72.14.213.141"

Could you check the hostname in the addressbar of your browser and see what it IP it resolves to? (ping it). Please make sure you use exactly the same (sub)domain.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #7 - Posted 2010-09-07 17:04:48 »

Yeah, that is what I don't get. The URL is constructed with a hostname / path and the security manager is complaining about an IP address. Google uses load balancing so I assume each request could go to a different IP address.

Visiting again I get error with :
74.125.127.141
Pinging the hostname gives me the same IP.

How does the applet sandbox check addresses?
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #8 - Posted 2010-09-07 17:16:10 »

The sandbox is pretty silly actually. It checks the IP address only. It grabs the IP from the browser, through the plugin, and compares any domainname/IP you try to connect to, to that IP. If it's not the same IP, an exception is thrown.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #9 - Posted 2010-09-07 17:16:40 »

Yeah, that is what I don't get. The URL is constructed with a hostname / path and the security manager is complaining about an IP address. Google uses load balancing so I assume each request could go to a different IP address.
The should go to the same load-balancing machine first though, even if that routes it to a different box on the backend.

Are you connecting back to the *exact* same host, or is it a subdomain? I know that in theory the sandbox should allow applets served from "host.com" to connect to subdomains "appengine.host.com", but in practice the security manager doesn't like that.  Undecided

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #10 - Posted 2010-09-07 17:20:44 »

I know that in theory the sandbox should allow applets served from "host.com" to connect to subdomains "appengine.host.com", but in practice the security manager doesn't like that.  Undecided

Actually, the rules are quite clear: it's all IP based. If the subdomain has the same IP as the domain, you can connect to it.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #11 - Posted 2010-09-07 17:32:04 »

I am using a subdomain of appspot.com (the google appengine host) and if I ping the mysubdomain.appspot.com I get the same IP address as it is complaining about in the AccessControlException. What gives?

Why would
1  
new Socket(Applet.getDocumentBase().getHost(), 80);

ever fail?
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #12 - Posted 2010-09-07 17:40:04 »

1  
2  
3  
4  
5  
6  
String host=Applet.getDocumentBase().getHost();
System.out.println(host);

InetAddress addr=InetAddress.getByName(host);
System.out.println(addr);
System.out.println(addr.getHostAddress());


What is printed?

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #13 - Posted 2010-09-07 17:54:45 »

synthpatches.appspot.com
synthpatches.appspot.com/74.125.127.141
74.125.127.141
java.security.AccessControlException: access denied (java.net.SocketPermission 74.125.127.141:80 connect,resolve)

Any ideas?
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #14 - Posted 2010-09-07 19:23:09 »

Are the JAR files hosted on the same IP?

1  
MyApplet.this.getClass().getProtectionDomain().getCodeSource().getLocation();

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #15 - Posted 2010-09-07 19:44:13 »

The jar is located at the same IP.

Can't getProtectionDomain() from applet sandbox.
java.security.AccessControlException: access denied (java.lang.RuntimePermission getProtectionDomain)
   
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #16 - Posted 2010-09-07 19:56:13 »

Please read this thread and try to see whether that works:
http://www.java-gaming.org/topics/applet-can-t-connect-to-own-host-in-firefox/18652/view.html

Especially:
http://www.java-gaming.org/topics/applet-can-t-connect-to-own-host-in-firefox/18652/msg/146559/view.html#msg146559

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #17 - Posted 2010-09-07 20:39:57 »

Yay, got it working! Just not quite sure how. Did about a million things (including operating system upgrade) cleaned every cache I could find, re-deployed everything and all of a sudden it works. It would be really nice if those AccessControlExceptions were a bit more specific (telling me the IP it is expecting to match for example).

Thanks for you help Riven.


Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #18 - Posted 2010-09-07 20:51:24 »

Please *also* apply my suggested nonsense-fix in that thread.

There will be a lot more people with that ACE in *your* applet, if you don't.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #19 - Posted 2010-09-07 21:03:07 »

Will do, I did make a few other changes to the applet that may have fixed this because of that issue. I moved some code from the Applet constructor into init() and also changed the URL constructor to use the 3-argument protocol,server,file. The applet/server networking seems very brittle and is a nightmare to debug also there is precious little documentation about it on the web.

 
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #20 - Posted 2010-09-07 21:16:40 »

Have you considered signing your JARs? It will cause a security-popup, but it's a lot more stable (across JRE versions).

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ShannonSmith
« Reply #21 - Posted 2010-09-07 22:10:34 »

Signing makes things a lot easier but I think the number of people turned away by scary security dialog would be higher than the number of people who have issues running the unsigned version because of sandbox problems (assuming lots of testing on several different computers/operating systems).
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Pippogeek (37 views)
2014-09-24 16:13:29

Pippogeek (29 views)
2014-09-24 16:12:22

Pippogeek (18 views)
2014-09-24 16:12:06

Grunnt (41 views)
2014-09-23 14:38:19

radar3301 (24 views)
2014-09-21 23:33:17

BurntPizza (60 views)
2014-09-21 02:42:18

BurntPizza (30 views)
2014-09-21 01:30:30

moogie (35 views)
2014-09-21 00:26:15

UprightPath (49 views)
2014-09-20 20:14:06

BurntPizza (52 views)
2014-09-19 03:14:18
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!