I have an applet which sends a base64-encoded serialized copy of its internal state (a bunch of graphical objects) to a web server, where it is stored in a databse. When the applet is reloaded, the base64 serialised string is supplied as a parameter to the applet. This works fine on some systems, but on others it comes up with an exception from the security manager (java.lang.RuntimePermission: accessClassInPackage.sun.awt.windows) at the point where I use readObject to deserialise the state.

I can overcome this by adding this line to my java.policy file:

permission java.lang.RuntimePermission "accessClassInPackage.sun.awt.windows";

However, I can't expect all client systems connecting to the web server to do this. The problem is happening when I use readObject to deserialise the state. Does anyone have any idea how I can overcome this please?