punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2012 Roedy Green, Canadian Mind Products
punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2012 Roedy Green, Canadian Mind ProductsThe capabilities scheme has been replaced by a totally different scheme controlled by a policy file in Java 1.2+. Capabilities are called permissions in 1.3+.
To get out of the Java sandbox using Netscape 4.79, you must digitally sign your Applet and you have to use the netscape.security. PrivilegeManager class. When you its enablePrivilege method for the first time, a dialog box will automatically be prompted to ask the user to grant this privilege. If the user grants it, the privilege will be enabled during the lifetime of the method. This means that you have to ask for this privilege again if you want to use it in another method. In this case, of course, if the user previously granted the privilege, the dialog box won’t be prompted again.
If the user denies the privilege, or if you misspell it, you will trigger a netscape.security. ForbiddenTargetException. If you attempt a restricted action without getting permission first, you will trigger a netscape.security. AppletSecurityException.
You must put the Netscape 4.79 security classes on your classpath when you compile. They live in:
\program files\netscape\communicator\program\java\classes\java40.jar
Netscape 7.1 does not use this scheme. It uses the Sun policy file based scheme instead.
According to RJHM van den Bergh <rvdb@nedernet.nl>, on Windows, there are some bugs in the Netscape capabilities. For example, you may have to ask for UniversalConnect when you really wanted UniversalFileAccess. I discovered that FullInstall is not recognised. However, by peeking inside \Program Files\netscape\communicator\program\java\classes\java40.jar at the target.class and AppletSecurity.class with a hex viewer, you can guess what those twits at Netscape really called their targets. For example FullInstall is actually called SoftwareInstall. UniversalClassLoaderAccess for letting you use a ClassLoader is both undocumented and it does not work.
When you run System.loadLibrary in static init code, you must disarm the Netscape security manager with:
PrivilegeManager.enablePrivilege( "UniversalLinkAccess" );
in the static init code, even though the code that is indirectly calling that static init code may have already disarmed it.
System.loadLibrary fails for some reason if the DLL (Dynamic Link Library) was not present at the time Netscape fired up. The System. .loadLibrary can’t seem to see a DLL installed dynamically. This makes no sense since the DLL is not loaded until System. .loadLibrary is called. Even more baffling is why System. load would show the same behaviour. Mark Leone tells me you must not have your app in a jar for System. load to work.
The Netscape documentation on capabilities is abominable. So I created this table by looking for human-readable strings in the binary file Target.class. I then tested all the strings to see which ones really worked in PrivilegeManager.. enablePrivilege and what the grant dialog said it was for. This list might not be complete. However, it is more accurate than Netscape’s.
| Capability Name | Purpose |
|---|---|
| 30Capabilities | Netscape Plug-in capabilities. |
| AccountSetup | Setup and configure browser. |
| AdministratorRegistryAccess | Access to the entire registry. |
| CanvasAccess | Display text or graphics anywhere on the screen. |
| CookieAccess | View cookies. |
| DatabaseAccess | File access for databases. |
| Debugger | Access to the debugger. |
| FullInstall | Not supported |
| GamesAccess | Limited registry access typically required by games. |
| IIOPRuntime | Implementing IIOP (Invocation over Internet Inter-Orb Protocol) remote object software. |
| LimitedFileAccess | Limited file access typically required by games. |
| LimitedInstall | Not supported |
| Netcaster | Access required by netcasting programs. |
| PresentationAccess | File access typically required by presentation programs. |
| PrivateRegistryAccess | Access to the vendor’s portion of your computer’s registry of installed software. |
| StandardRegistryAccess | Access to shared information in the computer’s registry. |
| SignonAccess | Signon Access typically required by signon viewers. |
| SilentInstall | Installing and running software without warning. This capability does not actually give you sufficient privilege to accomplish this task. |
| SiteArchiveTarget | Access to the site archive file. |
| SoftwareInstall | Installing and running software on your computer. |
| SpreadsheetAccess | FileAccess typically required by spreadsheets. |
| TerminalEmulator | Access required by Terminal emulators and other programs. |
| UniversalAccept | Accepting connections from other computers on the network. |
| UniversalAwtEventQueueAccess | Monitoring or intercepting mouse movements or keystroke events. |
| UniversalBrowserAccess | Modifying the browser in a potentially dangerous way, such as creating windows that may look like they belong to another program, or positioning windows anywhere on the screen. |
| UniversalBrowserRead | Access to browser data. |
| UniversalBrowserWrite | Modifying the browser. |
| UniversalClassLoaderAccess | Allowing ClassLoaders to share class methods and data. However, it does not appear to allow you to create ClassLoader in the first place, and I can’t find such a capability. It seems you can’t use custom ClassLoaders in web-loaded Applets, signed or unsigned. |
| UniversalConnect | Contacting and connecting with other computers over the network. You can talk to the server you were loaded from without a capability. Unfortunately, sometimes Netscape gets confused and thinks the server you are talking to is a stranger when it is actually Mom, and thus requires a capability even to talk to your home server. |
| UniversalConnectWithRedirect | Contacting and connecting with other computers over the network. |
| UniversalDialogModality | Displaying a dialog box that may temporarily disable the browser. |
| UniversalExecAccess | Starting programs stored on your computer. |
| UniversalExitAccess | Exiting the Communicator program. |
| UniversalFdRead | Reading data from a network connection. |
| UniversalFdWrite | Writing data to a network connection. |
| UniversalFileAccess | Reading, modifying or deleting any files. |
| UniversalFileDelete | deleting files. |
| UniversalFileRead | Reading Files. |
| UniversalFileWrite | Modifying Files. |
| UniversalLinkAccess | Using native code in DLLs DLL. Only works if the Applet was downloaded from the local hard disk and the DLL is on the client’s local hard disk. Even then it seems highly unreliable. |
| UniversalListen | Accepting connections from other computers on a network. |
| UniversalMulticast | Broadcasting information to multiple computers over a network. |
| UniversalPackageAccess | Not supported |
| UniversalPackageDefinition | Not supported |
| UniversalPreferencesRead | Read Preferences Setting. |
| UniversalPreferencesWrite | Write Preferences Setting. |
| UniversalPrintJobAccess | Printing from within Communicator. |
| UniversalPropertyRead | Reading properties such as user name. If you use System. getProperties to get a handle to all the system properties, that counts as a write, and you will need the UniversalPropertyWrite capability. If you use System.getProperty to get a single property, that counts only as a read. Unless you are accessing a restricted property, you won’t need the UniversalPropertyRead capability. See properties. |
| UniversalPropertyWrite | Modifying system properties. |
| UniversalSendMail | Send email. |
| UniversalSetFactory | Define protocol handlers for network connections. |
| UniversalSystemClipboardAccess | Reading and writing to system clipboard. |
| UniversalThreadAccess | Manipulating other Applets(threads) running on your computer. It does not seem to be necessary to run Thread. setPriority, however. |
| UniversalThreadGroupAccess | Manipulating other groups of Applets(threads) running on your computer. |
| UniversalTopLevelWindow | Displaying windows that don’t have the unsigned Applet label. |
| WordProcessorAccess | File Access typically required by word processing programs. |
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/jgloss/capabilities.html | J:\mindprod\jgloss\capabilities.html | |
 | Please email your feedback for publication,
letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording,
broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
 .
If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that.
Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it.
If you disagree with something I said, please quote it and cite the web page where you found it, tell me why you think it is wrong,
and, if possible, provide some supporting evidence. Threatening to kill me or spouting obscenities has yet to persuade me to change my mind. | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.179.213] | |
| Feedback | You are visitor number 20,709. | |