Java applet can't open files under Safari 7 (Mac OS X 10.9)

49

15

We have a web app that uses Java applet to manipulate files on local disk. We develop it for quite a while and we already know all types with issues an applet may have with modern OS'es and browsers and latest Java versions and new security restrictions.

Yesterday Apple rolled out its new Mac OS 10.9 Mavericks with new Safari browser (7.0). I tested our web app under Safari 7 / Mac OS X 10.9 just to find that Safari 7 (probably?) blocks access to local files from Java applet.

Although the applet (signed with valid Thawte certificate, and with all security requirements specific to Java 7u45 fulfilled) runs in unrestricted mode with full access to local file system (Java security prompt says that), on attempt to access the local file it catches fileNotFoundException:

java.io.FileNotFoundException: /Users/yury/Pictures/Paris 2012/L1050258.jpg (Operation not permitted)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.<init>(FileInputStream.java:146)
    at com.trackntag.a.v.a(Unknown Source)

Also when opening Java file open dialog from the applet, it displays no files and the folders in the folder selector do not have any icons (normally they should have them). When you traverse back to the root folder, you can see top level folders (bin, cores, dev, home, and so on), but you cannot browse into them.

The applet does have an access to local files with latest Firefox 24 for Mac, on the same machine (Java 7u45, Mac OS X 10.9). Same with Safari 6 and Mac OS X 10.8.5, not to mention Linux and Windows machines in various configurations: no issues with accessing local files.

Having all of above, I must conclude that we have ran into the problem specific to Safari 7.

Do you have any ideas on this issue? Any thoughts are greatly appreciated.

Cheers, Yury

EDIT (Answer): In Safari 7 there is a new security setting: Safe/Unsafe mode (I think it's for Java plug-in only). You can allow Java plugin to work in Unsafe mode either for individual websites or for all sites. In Unsafe mode the applets will have unrestricted access to local file system.

It appears that this security setting works on top of Java's own security settings (restricted/unrestricted access).

This setting is available through Safari preferences / Security tab / Internet plugins: manage website settings (then select Java plugin).

So once I already answered my own original question, I would rather rephrase it: is that possible to set Unsafe mode or override Safe mode for specific web-site / URL without asking user to set this security preference? Maybe something like Apple developer certificate would help?

Thanks again!

JetLizard

Posted 2013-10-23T13:01:31.023

Reputation: 389

Awesome, your EDIT comment fixed it for me. Thanks for doing the leg work. – David Clarke – 2013-10-30T08:43:33.350

Answers

4

I had a similar problem with another Java app today. I think you may need to add your app to the "Allow the apps below ..." list in this dialog (System Prefs -> Security & Privacy -> Accessibility):

enter image description here

Paul R

Posted 2013-10-23T13:01:31.023

Reputation: 174 605

1Thank you, that's good idea, will definitely look that way. By the way, in my case the reason is in new security setting specific to Safari 7 (I updated my original question with more details). But hopefully, if your approach would work, it could override that setting without need for the user to alter that security setting manually. – JetLizard – 2013-10-23T13:42:42.877

OK - I think I may have misunderstood the question slightly, but hopefully the info may be useful to someone else in future. – Paul R – 2013-10-23T14:12:43.673

1Similar issue on Safari 6.1.1 on OSX 10.8.5. In this case, it won't exec() without the "unsafe mode" setting. Thanks so much for posting the fix! – Mark Phillips – 2014-02-05T22:49:51.413

3

For Safari 11:

  1. go to Safari Preferences->Websites->Plug-ins, and select Java
  2. at the right side you can see list of 'Allow websites to use this plug-in with settings below'
  3. now select the website
  4. press and hold Option button and then click the three option (Ask, Off, On), you will see additional option 'Run in safe mode' - un-check this option.

enter image description here

fycth

Posted 2013-10-23T13:01:31.023

Reputation: 2 713