Security

There are several positive features of using a Java Applet for the NADS program. The most important is that the latest version of the software is always available each time it is accessed. Another is that it is object oriented so it can take advantage of modules written by other people such as the Ptplot package for the 2-D plots. Also, security is an additional benefit of using an applet.

The security of an applet is designed around the idea that an applet can do no harm intentionally or accidentally. Generally, applets can not connect to machines other then their host, can not access local files, and can not access the system clipboard. However, there are ways of letting the applet gain this functionality. If you wish to save data to a local file or copy something to the clipboard, you may be directed to this help page. Some brief instructions follow on how to change the policies that regulate this applet.

Policytool

Java 1.2 or higher comes with an application called policytool. This tool allows for the user to modify permissions given to applets. To invoke this program, go to a command prompt and type policytool. If the file is in your PATH, then it should open a window for editing policies. If this doesn't work, then check to see if Java is in your path by typing java -version. If this does not work, then you may have to hunt for the policytool executable with the system find file. There is no policy tool for Java 1.1 or below. However, since this applet only works with Java 1.4 or higher, this should not be a problem.

Once the policytool is running, you may get a message like "Could not find policy file: C:\Documents and Settings\user\.java.policy". Remember or write down this file name for when you wish to save your new policy file.

Click on "Add Policy Entry". The first thing you need to enter is the codebase. This is the URL of the applet. Since the applet may be accessed from different locations, this needs to be set to the one you are using. If you are accessing the applet from NDG, type in the codebase field "http://ndg.llnl.gov:8080/quath/-". This specifies that you are giving permission to all applets in directory quath or any of its subdirectories. The codebase is given in "About NADS" in the Help menu. Make sure to add - to the end of the codebase.

Now click on "Add Permission". Click on "Permission" field and select AWTPermission. Then select accessClipboard from "Target Name:". Then click OK. Continue this for all permissions you wish to give. The following table shows what permissions may be given to gain certain features:

Once you have the policies set, then it is time to save the file. Depending on which version of policytool, the save options may be different. If the policy file was found when invoked, just save and quit. If the warning came up, then use that file name. If the option to save locally is present, you can use that as well.

Now that the policy has been changed, you can quit out of the browser and bring the applet back up with its new policies enabled. Or you can access the Java console and "reload policy configuration". In windows you do this by pressing "r" and then reload the applet.

Direct Editing Method

A more direct method is to edit or create the policy file with a text editor and save it manually. The contents of the file should contain

/* Adds permissions for Buckeye Web Server */
grant codeBase "http://buckeye.llnl.gov/quath/-" {
  /* Gives permission to cut and paste to the clipboard */
  permission java.awt.AWTPermission "accessClipboard";
  /* Gives permission to read and write files on the client computer */
  permission java.io.FilePermission "<<ALL FILES>>", "write, read";
  /* Gives permission to read in details such as home directory, user name, etc. */
  permission java.util.PropertyPermission "*", "read, write";
};

Where the codebase can be determined from "About NADS Plot" from the Help menu. Create or edit the following file:

UCRL-WEB-207296