Setting policy for ManagerGUI Applet

Why setting policy is needed?

Being programs downloaded by (potentially) unsafe sources, applets have a really strict policy about what they can or cannot do (by default they can't interact with filesystem or even with your OS clipboard).

There are two ways to give permissions to applet:

  • Signing the applet: This is done by the applet author, it signs the applet to certificate its validity and declares which permissions his applet needs.
  • Using the policytool program: This is done by the final applet user, the user grants permissions to a particular applet stating exactly which permissions are given.

I decided to avoid the first option for a simple reason: With a signed applet, the final user may only choose to give permission or not at load time (with a yes/no dialog), if requested permissions are not given then the applet won't run while if permission are given then the applet will run with all requested permissions, there's no granularity in the choice, is just an all or none situation.

But permissions are requested only by a small number of applet features (actually just one: Printing the teamsheet) while other features (such as match viewer or roster/fixtures browsing) should be accessible even if final user doesn't want to grant special permissions to the applet. With these considerations in mind i preferred to let the final user decide because, as said, it's not a simple yes/no matter (he doesn't trust my code and therefore wants just to view matches online and continue making teamsheet with notepad? it's ok; he prefer to give applet only clipboard access without allowing disk access? perfect; or maybe he fully trust me and wants to use full load/save teamsheet features? no problem, as you can see it's up to the final user to decide)

Using the Java policy tool

If you've installed Java you've also installed the policytool program, just open a shell window and write policytool. At this point you should be rewarded with a screen similar to the following.

Policy Tool Startup

Describing in depth the policy tool is beyond the scope of this document because you can find all informations about the program offline in JRE documentation or online at Sun website. Anyway, I'll explain in the following two sections how to enable clipboard control and file access to the applet.

Enable clipboard access to ManagerGUI Applet.

The first operation you have to do when enabling a permission via policytool is to write down the URL of the applet you want to grant permission to. Then you've to launch policytool and to click the Add Policy Entry button. This will show you a new window as the following one (but empty):

Policy Add Screen

In the CodeBase section you should insert the Applet URL written down at the previous step. In the previous screenshot you can see that my codebase is "http://asiloleague.altervista.org/Applets/-", this means that i'm granting this permission to all applets found in directory Applets and subdirectories (this the meaning of the '-' character) on the http://asiloleague.altervista.org website.

Now we've to declare which permission are we going to grant to the applets matching the codebase and therefore we have to click the Add Permission button.

Permission Add Screen

The permission we're going to declare is the ability to read data from clipboardand therefore you should insert the following data in the Permission form (as in the previous screenshot):

Permission: AWTPermission
Name: accessClipboard

This is all, now cut & paste should work on your applet.

It's not clear if you need to restart your browser or your computer to make java notice the change in policy, personally (on WinXP) closing and reopening the browser was enough to enable modifications, but somebody told me that under win98 a reboot was necessary (i've not verified anyway, if you still use Win98, be warned)

Enable file-system access to ManagerGUI Applet.

The procedure is the same at the previous section but, since we've already a permission related to applet URL we launch policytool and choose to modify permission instead of adding a new one. This will bring us to the next screen (where you should have just the first line added in the previous section)

File Add Screen

As you can see from the previous screenshot this time we've to add two permissions:

The first one will allow applet to read/write (load/save) xml files from your local filesystem.

File Add Screen

The second one gave applet read-only access to the user.dir java property. This is necessary because applet use the standard java file dialog to load/save teamsheets and this dialog needs to read the user.dir property to detect the user home location (where the dialog will open) and therefore, if it fails reading the property, it won't be able to load or save any files.

File Add Screen