We have a web application that uses a Java applet to manage files on a local drive. We have been developing it for quite some time, and we already know all types with problems that applets with modern OS and browsers may have, as well as the latest versions of Java and new security restrictions.
Yesterday, Apple released a new version of Mac OS 10.9 Mavericks with the new Safari browser (7.0). I tested our web application under Safari 7 / Mac OS X 10.9 to make sure that Safari 7 (maybe?) Blocks access to local files from the Java applet.
Despite the fact that the applet (signed with a valid Thawte certificate and with all the security requirements specific to Java 7u45 has been completed), works in unlimited mode with full access to the local file system (the Java security hint says this) when trying to access to the local file, it catches fileNotFoundException:
java.io.FileNotFoundException: /Users/yury/Pictures/Paris 2012/L1050258.jpg (Operation not permitted) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at com.trackntag.ava(Unknown Source)
Also, when you open the dialog box for opening a Java file from the applet, it does not display files, and folders in the folder selector do not have any icons (as a rule, they should have them). When you go to the root folder, you can see the top-level folders (bin, core, dev, home, etc.), but you cannot view them.
The applet has access to local files with the latest Firefox 24 for Mac on one computer (Java 7u45, Mac OS X 10.9). The same thing with Safari 6 and Mac OS X 10.8.5, not to mention Linux and Windows machines in various configurations: there are no problems accessing local files.
With all of the above, I must conclude that we are faced with a problem specific to Safari 7.
Do you have any ideas on this issue? Any thoughts are welcome.
Cheers, Yuri
EDIT (answer): Safari 7 has a new security setting: safe / unsafe mode (I think this is only for the Java plug-in). You can enable the Java plugin to operate in Unsafe mode for individual websites or for all websites. In unsafe mode, applets will have unlimited access to the local file system.
This security setting seems to work on top of its own Java security settings (limited / unlimited access).
This option is available through the Safari settings / Security tab / Internet Plugins: manage website settings (then select the Java plugin).
So, as soon as I answered my own original question, I would prefer to rephrase it: is it possible to set the mode to "Insecure" or to override the safe mode for a specific website / URL without asking the user to configure this security preference? Maybe something like an Apple Developer Certificate will help?
Thanks again!