ActiveX bridge uses applet security model???

Hello,
During execution my ActiveX bean has no permissions to make something, but I need it at least able to access files. ActiveX bridge documentation says that the bean is executed with all permissions. Is something was changed in 1.5 release?
Anton

Seems like axbridge doesnt use the applet security model if you have the following folder structure:
<JRE>\axbridge\bin\mybean.dll
<JRE>\axbridge\lib\mybean.jar
But then there are a lot of bugs, and the bug workaround is to rename the lib folder after registering the dll (and updating the path to the jarfile in the registry):
<JRE>\axbridge\bin\mybean.dll
<JRE>\axbridge\bug_workaround_lib\mybean.jar
But then we get another problem: the applet security model is turned on...

Similar Messages

  • Error during JNDI lookup Accessing Remote EJB (access to web service restricted using declarative security model)

    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my web
    service with a declarative security model by implementing steps provided in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. When prompted
    to accept the digital certificate, click Yes, when prompted for network
    authentication information, enter username and password, navigate to the
    Test Form tab of Test View, invoke the method by clicking the button and I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I tested my
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order to get
    that working. Has anyone seen similar behavior? Is there a known resolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

    Andre,
    It would be best if this issue is handled as an Eval Support case. Please
    BEA Customer Support at http://support.beasys.com along with the required
    files, and request that an Eval support case be created for this issue.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Anurag,
    I removed "t3", still get an error but a different one (Unable to create
    InitialContext:null):
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
    .jws:67) </jwErrorDetail>
    </detail>
    </error>
    Note: inter-domain communication is configured properly. The Web Service to
    remote EJB works fine without a declarative security.
    Any other ideas?
    Thank you for your help.
    Andre
    "Anurag" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    It seems you are using the URL
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
    whereas you should not be specifying the "t3:" protocol.
    The URL should be like
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
    Please do let me know if you see any issues with this.
    Note that this will only allow you to access remote EJBs in the same WLS
    domain. For accessing EJBs on another domain, you need to configure
    inter-domain communication by
    following a few simple steps as mentioned at
    http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
    been provided in the EJB Control Workshop documentation.
    Regards,
    Anurag
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Raj,
    I tried that before, it didn't help. I got similar error message:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
    ing>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    Anything else should I try?
    P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
    restricted.
    I hope there is a solution.
    Thanks,
    Andre
    "Raj Alagumalai" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    Can you try using the following url with username and password
    jndi://username:password@host:7001/my.resource.jndi.object ?
    once you add webapp level security, the authenticated is the user who
    invokes the EJB.
    http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
    CreatingANewEJBControl.html?skipReload=true
    has more info on using remote EJB's.
    Hope this helps.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Alla Resnik" <[email protected]> wrote in message
    news:[email protected]...
    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my
    web
    service with a declarative security model by implementing steps
    provided
    in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. Whenprompted
    to accept the digital certificate, click Yes, when prompted for
    network
    authentication information, enter username and password, navigate tothe
    Test Form tab of Test View, invoke the method by clicking the buttonand
    I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during
    JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I testedmy
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order
    to
    get
    that working. Has anyone seen similar behavior? Is there a knownresolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

  • Catching Events from Com side using ActiveX bridge

    Hi,
    I have packaged a java swing application into an activex control using the ActiveX bridge. I now need to be able to fire events from my java code which the com/VB code needs to be able to trap. The event handler on the com side looks like this: function(BSTR param1, BSTR param2, BSTR param3), but the java event model only allows passing the EventObject in the param for the introspector to work. How do I fire an activex event that the com client is able to trap??

    Thanks, beders. Your solutions above works, although I found the only way to install the SDK was to the use following URL rather then the one beders suggested:
    http://www.microsoft.com/msdownload/platformsdk/sdkupdate/XPSP2FULLInstall.htm
    This SDK is the full one and not just the Core SDK so may take a little longer to download.
    You also need to ensure that the location to cmd.exe (ie. C:\WINDOWS\system32) is on the path variable otherwise SetEnv.bat fails when it calls cmd.
    J

  • Problems with the ActiveX bridge for Java beans when using third-party .jar

    I encountered the following problem when using the ActiveX bridge for a java bean:
    I am using JDK 1.4.2_09 and MS Visual Basic 6.0 (SP6). I wrote a java bean called ProcessViewer (my class ProcessViewer inherits from JComponent and implements the interfaces Serializable and AdjustmentListener) which I would like to use within a VB 6.0 application. I used the ActiveX bridge (packager.exe) to generate a DLL (ProcessViewer.dll) and registered it successfully. The java bean GUI-control works fine within my VB 6.0 application unless my java bean (ProcessViewer.jar) uses any third-party .jar files.
    But when I tried to add a reference to some third-party class (com.sap.xxx.xxx....) I got some problems. I could solve the problem with packager.exe by setting the correct CLASSPATH. But at runtime my VB 6.0 application does not work. It crashes or it reports an error like this: "The control ... could not be loaded from axbridge.dll" (although I deployed my .jar file correctly to the directory C:\Programme\Java\j2re1.4.2_09\axbridge\bin and lib). Setting the CLASSPATH environment variable before calling my VB 6.0 application (exe) did not solve the problem.
    How can I teach my VB 6.0 application (containing the Java bean ActiveX control) where to find the third-party .jar file? Copying the third-party .jar file to the JRE lib-folder or to the axbridge\lib folder did not solve the problem either.
    I studied the documentation about the ActiveX bridge given at:
    http://java.sun.com/j2se/1.4.2/docs/guide/beans/axbridge/developerguide/index.html
    but I am missing informations on how the third-party .jar files can be found during runtime of the ActiveX container (e. g. a VB 6.0 application).

    See how to solve your problem with JNI:
    http://codeproject.com/cpp/OOJNIUse.asp
    More examples (for SWING) in tools setup:
    http://www.simtel.net/product.php[id]95126[SiteID]simtel.net
    http://www.simtel.net/product.php[id]94368[SiteID]simtel.net
    http://www.simtel.net/product.php[id]93174[SiteID]simtel.net

  • Interfacing problems using the Activex Bridge

    I have a bean that's based on a JPanel. I am packaging it and then using it in Visual Basic as an OCX component.
    I have to adhere to an interface on the VB side so that the bean will plug into the rest of our product.
    I'm hitting several problems, all of which I'm attributing to to the fact that the packager introspects the interface for the typelib instead of asking me what I want to expose and how I want to expose it.
    1) Getter/Setter methods for properties which contain additional attributes arent recognised as such.
    e.g. for property foo:
    public int getFoo() is fine
    but
    public int getFoo(int extraCriteria) doesn't work.
    The packager doesn't recognise it as a valid getter and so doesn't bind it to Foo in the typelib.
    NB: I've also tried explicitly binding the methods in the bean's beanInfo, (using PropertyDescriptors), but to no effect.
    2) Typelib is only generated for the top level bean so how do I provide a similar interface for any java object that it returns?
    Any java objects that I return from methods in my bean cannot be interfaced:
    Therefore I have to deal with them all as VB Object and I'm also back to square one with my getFoo instead of "= Foo" problem.
    3) The packager arbitrarily listens to, and exposes, any events that my class throws. This includes events that are fired from any of the classes that I'm extending. Therefore I'm getting 20+ events showing up from my JPanel on the VB side, NONE of which I'm interested in. When the packager finds an event firing method it automatically exposes it AND registers the activex bridge as a listener of it. Again this is a case of the packager introspecting instead of asking the programmer what they want to expose...
    Basically I need help in either a) solving these specific problems, or b) coming at it from the opposite end and finding a way of getting control over what is exposed to VB. (Although this doesn't help me with problem 2)
    Any suggestions?
    Cheers
    Paul James

    See inline
    >
    I have a bean that's based on a JPanel. I am packaging
    it and then using it in Visual Basic as an OCX
    component.
    I have to adhere to an interface on the VB side so
    that the bean will plug into the rest of our product.
    I'm hitting several problems, all of which I'm
    attributing to to the fact that the packager
    introspects the interface for the typelib instead of
    asking me what I want to expose and how I want to
    expose it.Did you make sure that you marked the bean in the jar
    correctly? (The manifest.mf must declare the bean as bean
    so that the corresponding bean info can be found in the same jar)
    >
    1) Getter/Setter methods for properties which contain
    additional attributes arent recognised as such.
    e.g. for property foo:
    public int getFoo() is fine
    but
    public int getFoo(int extraCriteria) doesn't work.
    The packager doesn't recognise it as a valid getter
    and so doesn't bind it to Foo in the typelib.
    NB: I've also tried explicitly binding the methods in
    the bean's beanInfo, (using PropertyDescriptors), but
    to no effect.That might be a COM restriction? IN that prop get and prop put
    have to have a certain signature. If your method is public
    and part of the bean info, then you should at least have the method.
    (That always worked for me...)
    >
    2) Typelib is only generated for the top level bean so
    how do I provide a similar interface for any java
    object that it returns?Run the packager over all additional beans.
    >
    Any java objects that I return from methods in my bean
    cannot be interfaced:
    Therefore I have to deal with them all as VB Object
    and I'm also back to square one with my getFoo instead
    of "= Foo" problem.Once you start with your first bean, all subsequent objects
    you receive from your first bean can be analyzed via the
    java reflection mechanism on the VB side. Somewhere in the
    documentation for the ActiveX Packager, there is sample code
    on how to do this (how to get the class, find a method, invoke the
    method, create new objects for some other class, pass it to your bean
    etc).
    >
    3) The packager arbitrarily listens to, and exposes,
    any events that my class throws. This includes events
    that are fired from any of the classes that I'm
    extending. Therefore I'm getting 20+ events showing
    up from my JPanel on the VB side, NONE of which I'm
    interested in. When the packager finds an event
    firing method it automatically exposes it AND
    registers the activex bridge as a listener of it.
    Again this is a case of the packager introspecting
    instead of asking the programmer what they want to
    expose...The reason is that VB only knows one event interface (
    marked as dispinterface). This interface has to contain all
    events for the bean. I suppose the packager just goes and
    collects all events it finds for the bean, including all the
    inherited ones. The bridge has to be registered for all of them,
    otherwise no event could pass through.
    >
    Basically I need help in either a) solving these
    specific problems, or b) coming at it from the
    opposite end and finding a way of getting control over
    what is exposed to VB. (Although this doesn't help me
    with problem 2)
    Any suggestions?
    Cheers
    Paul James

  • OWB Security Model Using WBSecurityServiceImpl

    Hi,
    I'm currently trying to implement the extended security model using the WBSecurityServiceImpl package in OWB v10.2.0.2.
    However I'm having a few difficulties in creating user roles using this method as I do not have a complete list of OBJECT_TYPE_ID's and OPERATION_TYPE_ID's - does anyone know where I can get hold of these?
    Any help with this would be much appreciated.

    Hi,
    I'm currently trying to implement the extended security model using the WBSecurityServiceImpl package in OWB v10.2.0.2.
    However I'm having a few difficulties in creating user roles using this method as I do not have a complete list of OBJECT_TYPE_ID's and OPERATION_TYPE_ID's - does anyone know where I can get hold of these?
    Any help with this would be much appreciated.

  • Using ActiveX bridge

    Hello!
    Has anyone used the ActiveX Bridge with TopLink? Does it work???

    Well, I would like to take advantage of TopLink and create my business components all in Java and reuse them in any programming language for Windows, like Delphi or Visual Basic for example. If I encapsulate my queries into JavaBeans is it possible to package it into an ActiveX with Sun's ActiveX bridge?
    So I would have only an windows interface in any language and all the business in Java...

  • Apparent gap in java applet security on client machine

    I know about signing applets, and both the new and original security models for applets. For my purposes, the original security model for applets is just about perfect. My applets do not need access to the client machine hardware, nor do they need to access any machine other than that which provides them to the client (at least at present).
    What I have been told is that it is not possible for a server of any kind (DB, servlets, &c.) to authenticate an applet. The claim was made that all the security was designed for client security and that a developer's only option is to trust the client machine.
    I can exchange information among my servers over SSL, and secure communications between by servers and applet clients. However, what is there to prevent a bad guy from breaking into a client machine and then capturing and modifying the applet I am relying on to protect the client's sensitive data? Signing the applet tells the user that the applet has not been modified from what I have produced, and so the user should feel confident enough to run it. But what if the applet and related web page is cached, and someone who has, legitimately or not, access to the machine and tries to use the cached copy for inappropriate purposes?
    If my servers can not verify that the applet code accessing them is mine, rather than a variant created to mimic my applet, then that certainly creates a risk for my code, but doesn't it also create a security risk for the client? After all, it is the client's sensitive data I am trying to protect, and I can envision a situation in which a bogus applet mascerades as mine and sends that sensitive data to a bad guy's machine; all this while giving the user the illusion that his data is safe.
    The gap here is either in my understanding of this technology or a gap in java security, so I'll put the question another way also. Is it possible for a server (e.g. an application server such as Tomcat or Sun's application server) to verify that the applet code used to try to connect with them is in fact the applet code that was signed on and served from the same machine and not malicious code masceraing as my code? If so, how does that work, and how does the programmer do it?
    Thanks,
    Ted

    the jar file reqiured is jmf.jar this jar file will there in
    jmf_home/lib
    for example in my mechine
    C:\Program Files\JMF2.1.1e\lib this jar file contain all the file reqired to run the application
    i think you may need some of the dll files also to run see
    if reqiured the then it may throw exception
    java.lang.UnsatisfiedLinkError then put respective dll file to workiing folder or the system32 folder

  • Java Security Model: Java Protection Domains

    1.     Policy Configuration
    Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
    o     Configurable policies -- no longer is the security policy hard-coded into the application.
    o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
    o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
    o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
    o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
    2.     X.509v3 Certificate APIs
    Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
    3.     Protection Domains
    The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
    When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
    4.     Access Decisions
    Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
    Sandbox model for Security
    Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
    The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
    While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
    Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
    java.security.ProtectionDomain
    This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
    A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
    A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
    Classes that have the same permissions but are from different code sources belong to different domains.
    A class belongs to one and only one ProtectionDomain.
    Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
    Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
    It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
    jarsigner and keytool
    example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
    The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
    One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
    The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
    Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
    1. First generate a key pair for our Certificate:
    keytool -genkey -keyalg rsa -alias AppletCert
    2. Generate a certification-signing request.
    keytool -certreq -alias AppletCert > CertReq.pem
    3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
    4. Import the chain into keystore:
    keytool -import -alias AppletCert -file SignedCert.pem
    5. Sign the CyberVote archive �TeleVote.jar�:
    jarsigner TeleVote.jar AppletCert
    This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
    1. Generate a key pair for root CA:
    openssl genrsa -des3 -out CyberVoteCA.key 1024
    2. Generate an x509 certificate using the above keypair:
    openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
    3. Import the Certificate to keystore.
    keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
    Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
    openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
    However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
    The Important Classes
    The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
    � It should be computationally infeasible to find two messages that hashed to the same value.
    � The digest does not reveal anything about the input that was used to generate it.
    Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
    The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
    � Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
    � The signature and the public key do not reveal anything about the private key.
    A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
    ----Cheers
    ---- Dinesh Vishwakarma

    Hi,
    these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
    cheers,
    Charles(jGuard team).

  • Please Migrate to the java 2 Security Model.

    HI, this is my first post BTW, I dont know much about Java its just that when i try to access my work from home(united Airlines). It was working fine until i had to format My hd and since u can no longer download java from the microsoft site i had to come here to download the newer version and havent been able to access it since. Is there a site or anywhere that i can download hte old version perhaps or get this one to work? when i tyr to login i get this Error in the Java Console:
    ipsNetletStatus.init()
    Netlet Starting (16)
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet found Netscape
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet config: https://gw-r5.airline.compuserve.com:443/http://as-r5.airline.compuserve.com:8080/NetletConfig?func=loadResources
    ipsNetletStatus.start()
    ...ipsNetletStatus.run() is starting
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    netscape.javascript.JSException: Failure to evaluate netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead");navigator.preference("network.proxy.ssl");
    at sun.plugin.javascript.ocx.JSObject.eval(Unknown Source)
    at BrowserProxyInfo.<init>(BrowserProxyInfo.java:58)
    at SServer.loadParameters(SServer.java:140)
    at SServer.start(SServer.java:111)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Lokk at this thread http://forum.java.sun.com/thread.jsp?forum=31&thread=297109
    and search the Forums using the term "java 2 security model" (include the quote marks)

  • Migrate to the Java 2 security model instead...

    Since I installed Java 4 ver 1.4 on my computer, I have not been able to access my homebanking. In the Java console I get the following message:
    1.4.0 on Windows XP
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    What does it mean, and how do I fix the problem???
    Thanks in advance!

    This is a real pain. I can't roll out Java 1.4 inside our company because we use several applets for which we do not have the source code, and they no longer work because of this limitation. Sun needs to fix this if they want people to upgrade to Java 1.4.

  • Migrate to the Java 2 security model

    Hi, I've tried to use signed applets but I always get the following message:
    Java (TM) Plug-in: Version 1.3.1_02
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    I'm using IExplorer 5.5 with the Java Plug-In 1.3.1_02.
    What does it mean 'migrate to the Java 2 security model'?
    How can I migrate?
    thanks in advance.

    So you mean your applet is working in Netscape 6.2 after editing prefs.js. In that case, one possible solution is take away the support of netscape.security.* in your applet . Because netscape.* packages 'might' use the Netscape Security model, which is no longer supported(check out). Hence the system asks you to migrate to the current java security model. Even if you remove the netscape.* support, your applet will work, if you have signed it properly. In that case, you don't have to touch prefs.js or java.policy or anything from your client machine.(provided you use standard certificates like verisign).
    Since you have only class file of the applet and not the source, decompile the class file and make the alteration and compile it back. A decompiler Jad is available here http://midlet.org/jsp/category.jsp?parentLevel=137.
    Let me know if this has helped you.
    Rajesh

  • UCM Folders custom alternate security model

    Hi All,
    Im working on a Proof of Concept using UCM 10GR3 and we need help from you guys.
    The content will be categorized using the Folders structure from the Oracle Folders Component.
    Let’s look this example:
    1. The user DANIEL creates the folder A and sets who will have access (R,RW,RWD,RWDA);
    2. DENIS another user from UCM get permission to access the folder A and starts to create his own Folders (A1, A2, A3) and defines who will access these Folders and their permissions but if he doesn’t set access permission to DANIEL he (DANIEL) won’t be capable to see these Folders content .
    So, this security model is defined for each Folder and won’t be hierarchical.
    I`ve already explained for the customer about possible problems with inappropriate content stored inside some users Folders and the lack of permission from their superiors to control this.
    But they don’t want to go another way.
    This customer didn’t like UCM Collaboration Manager concept of Projects, Dashboards and so on.
    They prefer Folders with this ‘ Custom’’ security model because simplicity and not hierarchical security model are crucial points.
    Is there any case about the use of this security model or some ideas about how do that for Oracle Folders?
    Best Regards
    Daniel

    I think accounts can do the trick. You'll have to write a component that automaticcly creates account if someone adds a folder.
    With accounts you can give someone permission in a hierarchical way. You define for example an account A/1 A/2 A/3
    If Daniel creates a folder your component can automaticlly create an account A
    If Denis creates a folder A/1 your component would create A/1
    If daniel grants denis the A account he gets permission to the A folder
    if Denis don't grant daniel the A/1 account. he doesn't have acces to that folder. Is that what you wnat?
    There is a small problem with this construction and that is that a user normally can't grant, revoke accounts. It's done in the user admin applet so you're component would normally add some functionallity so users could add delete accounts but that't kinda tricky...

  • Print string to client printer using applet

    How to print a string directly to the client printer after clicking a button from my jsp/html page?
    I have posted a similar question here and someone(pqeuens) advised to use applet. I have been reading about applet & created one.
    I tried running it as a Java application & it prints as expected. However when i put it inside a jsp/html page, it will not print.
    Can anyone help me out on this? Perhaps share a code. That will be very much appreciated...
    Thank you

    I said you couldnt just print from JSP but you might be when you use a SIGNED applet.
    But then you need to move to the java applet forum and ask question there.
    Furthermore a standard applet cannot print because of the security invloved in applets. Nor will you be allowed to write files onto the client.

  • Error while confgiuring Siebel Bi Publisher Security Model..

    Hi,
    Steps Done
    1)     Imported the BIPSiebelSecurityWS.XML
    2)     Replaced Existing address with the specific address of the Siebel Server
    3)     Enabled Local Super user checkbox, entered a Super user name and password
    4)     Configured the Siebel Security Model by pointing the Siebel Web Service end point with Siebel Username/Pwd
    5)     Restarted the Bipublisher
    6)     When I try to login to Bi Publisher with Siebel Credentials I am getting the error
    The server cannot be used due to configuration error, please contact admin..
    Please let us know the necessary steps ..

    Login using the credentilas used for super user. Siebel user do not work here, it will only fetch the responsibilities here as a roles for that super user.
    Thanks,
    Ravi kanth

Maybe you are looking for