How do I permit my Java applet to use MySQL?

Question

I've recently gotten my hobby java project embedded into a page thanks to this very site, but now I'm having some security issues.

I have the include:

import java.sql.*;

and the line:

Class.forName("com.mysql.jdbc.Driver").newInstance();

as well as a mysql .jar file in my src directory, it works from the console, and in the applet works fine from the applet - up until that forName() line in my code, where it throws the exception:

    Exception: com.mysql.jdbc.Driverjava.lang.ClassNotFoundException: com.mysql.jdbc.Driver
    java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.-1)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkExit(Unknown Source)
    at java.lang.Runtime.exit(Unknown Source)
    at java.lang.System.exit(Unknown Source)
    at applet.Database.connectDB(Database.java:80)
    etc...

I think I may be able to fix it with a client.policy file, otherwise I might need to write an abstraction layer which uses a server-client network connection to query from the server-side...

I'm sure the Java gurus here probably know the best way about it.

Answer 1

I think the security exception is actually from a System.exit() call in your applet, after the Class.forName(). Generally you are not allowed to call System.exit() in unsigned applets as it shuts the whole JVM down. Have you checked if line 80 is actually the Class.forName() line, or does line 80 have some kind of exception handler which tries to call System.exit() if the driver does not load?

Anyway, in order to load the mysql jar file in your applet, you need to include it in an ARCHIVE attribute like this:

<APPLET ARCHIVE="mysql.jar" CODEBASE="./src/" ...

Once you get past this stage, you will still need to host the mysql server at the same IP number/hostname as the webserver, and open it to all the same people who can access your applet. As Tony said, this isn't how people normally do it, for security reasons. Better to write something on the server side, if you have control of the app server, and use XML or some other data exchange method to get the data out to the applet. Of course if you are just experimenting to learn about applets, then it's probably fine - but do take care to keep mysql behind your firewall if possible.