{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 闹够了就滚 的问题《Java: Using Gson in an Applet causes SecurityExcep》','https://www.manongdao.com/q-409666.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to use Google Gson in my Java Applet, but when I do I get
Exception in thread "Thread-19" java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:74) at com.google.gson.MappedObjectConstructor.getNoArgsConstructor(MappedObjectConstructor.java:85) at com.google.gson.MappedObjectConstructor.constructWithNoArgConstructor(MappedObjectConstructor.java:62) at com.google.gson.MappedObjectConstructor.construct(MappedObjectConstructor.java:53) at com.google.gson.JsonObjectDeserializationVisitor.constructTarget(JsonObjectDeserializationVisitor.java:40) at com.google.gson.JsonDeserializationVisitor.getTarget(JsonDeserializationVisitor.java:56) at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:109) at com.google.gson.JsonDeserializationContextDefault.fromJsonObject(JsonDeserializationContextDefault.java:73) at com.google.gson.JsonDeserializationContextDefault.deserialize(JsonDeserializationContextDefault.java:51) at com.google.gson.Gson.fromJson(Gson.java:495) at com.google.gson.Gson.fromJson(Gson.java:444) at com.google.gson.Gson.fromJson(Gson.java:396) at com.google.gson.Gson.fromJson(Gson.java:372) at org.jblux.client.network.GsonParser$1.run(GsonParser.java:32) at java.security.AccessController.doPrivileged(Native Method) at org.jblux.client.network.GsonParser.parseJson(GsonParser.java:36) at org.jblux.client.network.PlayerDataFactory.getDataFromBase64(PlayerDataFactory.java:36) at org.jblux.client.states.MainMenuState.update(MainMenuState.java:155) at java.util.Observable.notifyObservers(Observable.java:142) at org.jblux.client.network.ResponseWaiter.responseReceived(ResponseWaiter.java:33) at org.jblux.client.network.ServerListener.notify_observers(ServerCommunicator.java:236) at org.jblux.client.network.ServerListener.doCommand(ServerCommunicator.java:252) at org.jblux.client.network.ServerListener.run(ServerCommunicator.java:218)
There were two other related questions I found here.
GSON on Google App Engine throws a Security Exception
Reflection Permission problems when using the GSON library in a applet
But neither of them had an answer for me. One just said to not use Gson.
Is there any way to grant Reflection permission to my applet?
Update: I'm in the process of switching my application to use JNLP file and Java Web Start because I haven't been able to figure out how to make the Applet work. I'll leave this question open in case anybody figures it out, but using a JNLP may be the only option if you don't want to give up Gson.
I have found the answer here.
Adding to static main helped me. Of course, all-permissions in jnlp and so on must be.
I solved this problem using a custom deserializer.
I had a class with two members, a timestamp and a list of doubles. This is the code that worked for me.
Hope this can help anyone!
Further to @Chrizzz, I'm doing two way command object exchange between a Java web server and an unsigned applet. As such I am using both Gson toJson() and fromJson() within my applet code.
I've found that both deserialization and serialization in an unsigned applet throw security exceptions and that implementing custom serializers and deserializers can work-around those problems.
The biggest pain is not being able emulate the applet environment (SecurityManager) for Unit testing. It seems that there are no frameworks available to do this: see e.g. How to unit test Java code that is expected to run within an applet Security Manager