Applet and dependency jars signing

Similar Messages

• Applets, Policy Files, jar signing, JNI, etc

  Hi,
  I need an Applet to be able to connect to sockets and use some JNI. Hence, as far as I can tell, I need to use a Policy File. In a standalone application, I have written my policy file tried it out by switching on the security manager. However I am not sure how I do this with an applet.
  I have read many examples of Jar signing, yet every example uses appletviewer and the -J-Djava.security.policy to show the security policy in action.
  However I want this to work through a normal browser, so how do I achieve this?
  Do I specify a URL to the java.security.file in the embed/object/applet tags in the HTML?
  Do I put the policy file in the jar and reference it via the Manifest?
  Any ideas much appreciated,
  John B

  The standard AccessControlException:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
  at java.security.AccessController.checkPermission(AccessController.java:401)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
  at java.lang.ClassLoader.getParent(ClassLoader.java:701)
  Or something like that.
  That's what I'm trying to solve, I wish to use the Java Security Policy system to allow my applet access to various resources, such as writing files. Now I've seen that signing an applet will give it full access (in my view, this is rather insecure, but anyway), however following the steps to sign an applet two or three times has still presented me with the same problem. The signing is ignored, and the exception is thrown.
  Applet signing aside, I fail to see any documentation stating how the policy file is used by the VM when running on a browser. I assumed it might be an entry in the Jar's manifest file, but again, I can find no documentation.
  It's all very annoying, and Sun have done quite a bad job at documenting this. For example, their example talkes about -D-Jjava.security.policy=.... being passed to appletviewer. Who on earth uses appletviewer! If policies only work with that, then they are useless. I want them to work with whatever browser the applet is being run within.
  Surely this isn't too much to ask? :)

• Unable to resolve setting of dependent jar file in ear

  Hi,
  I have an .ear file which as an ejb.jar and dependent.jar file. Now i set the classpath in MANIFEST.MF of ejb.jar and tried to deploy in weblogic server7.0 but my ejb is not able to identity my dependent.jar its throwing class not found error. I even tried setting up classpath even @ my MANIFEST.MF of ear also. still not able to resolve.
  So let me know does dependent.jar in ear is suppoted are not?

  Hello Sanjay,
  This should work without any problems. Can you provide your manifest.mf file?
  Meanwhile, refer to the following link for more documentation about WebLogic classloading
  and how to specify a manifest.mf file to do what you're trying to achieve:
  http://edocs.bea.com/wls/docs70/programming/classloading.html#1073491
  Best regards,
  Ryan LeCompte
  [email protected]
  http://www.louisiana.edu/~rml7669
  Sanjay <[email protected]> wrote:
  Hi,
  I have an .ear file which as an ejb.jar and dependent.jar file. Now
  i set the classpath in MANIFEST.MF of ejb.jar and tried to deploy in
  weblogic server7.0 but my ejb is not able to identity my dependent.jar
  its throwing class not found error. I even tried setting up classpath
  even @ my MANIFEST.MF of ear also. still not able to resolve.
  So let me know does dependent.jar in ear is suppoted are not?

• Signed applet and javascript communication

  Hi All,
  I have an (jar) signed applet which I use to access system properties (e.g user.home). I also have a javascript code that communicates (call to a public function) with the applet to get the property "user.home" from the applet. Everything works fine in Java plugin 1.3 but since I have installed the latest plugin 1.4.2_01 from http://www.java.com/en/download/windows_automatic.jsp website I can not access the system properties even though everything in the code is same.
  I can however still access public functions/variables from the same applet which do not access system properties in the new plugin 1.4.2_01.
  The browser I am using is IE and OS is Windows 2000.
  Does anybody know if Sun has changed the security policy for 1.4.2_01, in the new plugin for java-javascript communication to block access to functions which uses system property,fileIO, socket etc. even if they are signed applet??
  Thanks in advance..

  When invokin applet methods via javascript, you are accessing privileged actions from an unsafe source.
  Depending on your needs, you could either load the system variables in applet init into class variables and return the information contained in the class variables to javascript or wrap the method calls inside AccessController.doPrivileged() calls.

• IIS, Javascript, Signed Applet and ASP Blank Page Problem

  Hi,
  I'm having a problem using a Signed Applet in a site that runs in a IIS (Windows Server 2003).
  My aspx web page uses the applet to read my smart card and get information from it.
  This applet uses an auxiliar dll (stored in a second Signed Jar file) in order to read the information from my smart card.
  The way the solution is design:
  1) Aspx page is asked from server
  2) Internet Explorer recieve the page and asks the server for it content (images, applet, javascripts, etc)
  3) After this the JVM runs (console opens)
  4) After the Aspx page render fully a javascript register onload fires and call an applet method
  5) Applet receive the call and run the logic of the method:
       - reads the smart card;
       - calls Javascript function in order to fill aspx fields with information from smart card
       - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
  5) The server makes some logic with the information receive and responds to client registering in aspx page a call to another Javascrit function
  6) The client received the asnwer from server and runs the Javascript function registered on step 5)
       This Javascript calls another method from applet and runs the following logic:
       - reads more information from smart card;
       - call javascript function in order to fill more fields of aspx page with the information readed
       - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
  7) The server makes some logic and call another pages with no Applets
  8) Client asks for a second page with the same applet and we start with another logic express on steps 1);2);3),4);5) and then 7).
  This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
  When this happens the server just responds with a blank page.
       - with fiddler I can seer the request for the aspx page (that uses the applet)
       - but server responds with a blank html page
  The JVM doesn't fire.
  The IIS log don't show errors.
  The eventviewer doesn't show errors.
  The problem is solved with an IIS reset or a Application Pool reset.
  After a while the problem returns.
  This problem occours for other user in another machine, the server just stops responding correcly to request regarding pages with applets, the other pages still continue to work.
  If we disable Java Control Panel->Advanced->Java Plug-in->Enable the next-generation Java Plug-in the problem seend to stop, but we can't force all clients to disable this option right?
  Or there is a way to force the Applet to run with this option disabled?
  As anyone experience similar problem?
  Regards,
  OF

  This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
  When this happens the server just responds with a blank page.
  - with fiddler I can seer the request for the aspx page (that uses the applet)
  - but server responds with a blank html pageWell, if http requests look identical in case of success and failure (pay attention to cookies, etc) then it has to be something on the server side.
  It could be that server gets into this wrong state because of previous requests made by applet but it is hard to tell.
  I am not clear how old/new plugin can make a difference unless your applets run in the legacy mode (i.e. you are actually trying to reuse SAME instance of the applet when
  it is loaded next time).
  I'd start with
  1) carefully comparing good/bad sessions
  2) checking whether server will serve correct response to another client when it serves "bad" page for current client
  3) add debug statements to aspx - it is scripted page, may be some condition is not met and then it returns blank?
  4) record all http requests in one session until you get to "error" state and then use any http server testing tool to "replay" this set of requests.
  You should be able to get server into the same state without use of applet. Then you can try to tweak set of requests to see what makes a difference.

• Signed applet and HTML parameters

  I've created a signed applet and everything works fine, except for the fact that i can't add parameters to the applet.
  Without the parameters in the HTML the applet inits and starts and can be used without problems. But when I add paramaters, the applet reports a "class not found exception".
  I used HTML-converter to convert the applet tag to object/embed tags.
  Has anyone had the same problem or knows what I'm doing wrong? I'd really appreciate some help.
  Thanks in advance,
  Erik
  My HTML source:
  <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = CODE VALUE = "TNA" >
  <PARAM NAME = ARCHIVE VALUE = "TNA.jar" >
  <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3.0">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>
  -->

  Try this:
  OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = "java_code" VALUE = "TNA.class" >
  <PARAM NAME = "java_archive" VALUE = "TNA.jar" >
  <PARAM NAME = "java_type" VALUE="application/x-java-applet;version=1.3.1">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>

• Problem with a signed applet and a user machine.

  Hello. I´m having some problems with a signed applet with some dependences.
  In one particular computer the applet doesn´t load.
  The java version installed in that computer is 1.6.0_25.
  The invocation tag:
  <applet name=applet id="applet" code=Applet/RequestApplet.class width=155 height=21 archive="RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The RequestApplet.jar and dependences:
     bcmail-jdk13-145.jar(signed by bouncy castle), jce-ext-jdk13-145.jar(signed by bouncy castle), AbsoluteLayout.jar, plugin.jar, RequestApplet.jar(signed by me)*this files are all in the same folder.
  The requestApplet.jar manifest:
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.7.1
  X-COMMENT: Main-Class will be added automatically by build
  Class-Path: bcmail-jdk13-145.jar jce-ext-jdk13-145.jar plugin.jar Abso
  luteLayout.jar
  Created-By: 10.0-b23 (Sun Microsystems Inc.)
  Main-Class: Applet.RequestApplet
  Name: Applet/ResponseApplet$1.class
  SHA1-Digest: fO5IPiwEH3OhvlprhBecmMIAVJI=
  Name: Applet/NewJApplet.class
  SHA1-Digest: 6XSpm7lQEQRi39TegoUYv2aFJrk=
  Name: Applet/ResponseApplet.class
  SHA1-Digest: v1EbKUFB+QdvO05xx8UzAMNIyRs=
  Name: Applet/ResponseApplet$4.class
  SHA1-Digest: XH4I67psXZTelpz0AMAYc/Ej8QY=
  Name: Applet/RequestApplet$1.class
  SHA1-Digest: KAP5sAC4Thv/6GClkFAdGUVzgYA=
  Name: Applet/ResponseApplet$5.class
  SHA1-Digest: CVPnKrW2SgNEkRzYnVnQe3KGrIU=
  Name: Applet/ResponseApplet$3.class
  SHA1-Digest: SjfW1k1K7BA9m3AxmHi+jvRE+9o=
  Name: Applet/ResponseApplet$2.class
  SHA1-Digest: 3Pu18CZMLuEh7/n3y7XxFSkuNQY=
  Name: Applet/RequestApplet.class
  SHA1-Digest: Tky85es5+o371adetH9XVEI2Z+o=The error:
  java.lang.RuntimeException: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at java.lang.Class.getDeclaredConstructors0(Native Method)
       at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
       at java.lang.Class.getConstructor0(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
       at java.awt.event.InvocationEvent.dispatch(Unknown Source)
       at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
       at java.awt.EventQueue.access$000(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       ... 20 more

  Thanks. I´ll try with your tips. But if i put all the dependences in archive I get this error.
  The tag:
  <applet name=applet id="applet" CODEBASE="." code="Applet/RequestApplet.class" width=155 height=21 archive="bcmail-jdk13-145.jar, jce-ext-jdk13-145.jar, AbsoluteLayout.jar, plugin.jar, RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The error:
  Java Plug-in 1.6.0_25
  Usar versión JRE 1.6.0_25-b06 Java HotSpot(TM) Client VM
  Directorio local del usuario = C:\Documents and Settings\Administrator
  c:   borrar ventana de consola
  f:   finalizar objetos en la cola de finalización
  g:   liberación de recursos
  h:   presentar este mensaje de ayuda
  l:   volcar lista del cargador de clases
  m:   imprimir sintaxis de memoria
  o:   activar registro
  q:   ocultar consola
  r:   recargar configuración de norma
  s:   volcar propiedades del sistema y de despliegue
  t:   volcar lista de subprocesos
  v:   volcar pila de subprocesos
  x:   borrar antememoria del cargador de clases
  0-5: establecer nivel de rastreo en <n>
  basic: Receptor de progreso agregado: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@f39b3a
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/bcmail-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/jce-ext-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/AbsoluteLayout.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/plugin.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/RequestApplet.jar

• JRE 1.4.x Plugin - Signed Applets and Weird Behaviour (Policy)

  Hello.
  I have recently experienced some strange behaviour related to signed applets and policy files in JRE 1.4.2-b28 ( a friend got the same behaviour in a flavour of 1.4.1-xx as well ). Both tests were on Windows 2000 Professional platforms.
  Initially my unsigned applet, which attempts socket connections to a server different from the download location, fails with security exceptions ( as expected ). Then I did the following to sign the applet jar and configure my environment
  Steps: 1) Import "trusted CA" certificate into ${java.home}/lib/security/cacerts. (JRE home outside the JDK)
  2) Signed the jar using jarsigner and a certificate generated from the "trusted CA" (Entrust CA and certificate).
  3) Imported the signing certificate into the Java plugin using import in the plugin control panel.
  4) Created a new keystore (keytool,jks) and imported the signing certificate into the keystore with alias "developer". The keystore is stored in the user home as .keystore.
  5) Created a .java.policy for the user and attaching the keystore in 4) to it. ( also stored in user home ).
  6) Used the policy tool to grant socketpermissions to the specific codebase ( testing with file:/C:/test/* initially ) signed by "developer"
  After this, when I ran the test page under IE 5.5SP2 and Netscape 7.1 it worked without any security exception. Ditto for using the appletviewer and the policy file I created for the user.
  The weird part occurred when I removed the policy entry from the user policy file. After doing this, Netscape and IE still allow the applet to execute - somehow remembering that it was granted permissions at some point. The appletviewer does not allow it to execute, generating security exceptions.
  It appears the old policy is being cached somewhere, but I cannot find where. If I replace the applet jar with an unsigned version it does fail in IE and Netscape. I tried cleaning the plugin cache and removing the "deployment.certs" files related to the users but still get the same behaviour.
  Does anyone know where the old policy information is being stored ? Does anyone know how to revoke the permissions so that I am restored to my original base environment ( no permissions for "designer" signed applets ) ? Would attempting to utilize the AccessController.doPriveleged( xxxx ) operations in JDK 1.4 avoid all of this confusion with policy files, keystores and certificate storage ? After all the messing about I would like a zero-footprint alternative ( or minimzed footprint anyway ).
  Any ideas would be most welcome.
  Regards,
  James.

  Hello Again.
  I am either enlightened or confused at this point. I found that as long as all of my related Jars are signed ( even by self-signed certificates ) I am granted SocketPermissions for calls outside of the originating server. Unsigned code is refused, but even when the Jars were signed using a self-signed certificate the Socket calls were allowed.
  Am I experiencing the appropriate behaviour in this case ( which would mean not having to utilize policy files to distribute an applet that uses calls to arbitrary servers - e.g. JavaMail ) or am I suffering from something damaged in my environment ?
  It has been a long time since I played with signed applets and I am having difficulty determining what operations require policy file entries/AccessController.doPrivileged() calls and which are granted when a user elects to trust a signed applet without policy.
  Any assistance in clearing up my confusion would be appreciated.
  Regards,
  James.

• How to create signed applet and make it work with browser

  i hav an applet that needs to write a file to onto local system resource. i came to know that the applet needs to be signed. so i searched some guides to create a signed applet but most of them specify how to use it with applet viewer and not on a browser. plz help me with how to sign an applet and and allow it to write a file from within a browser.

  On linux, something like this:
  keytool -genkey -alias signSocket -keystore socketstore -keypass abc123 -dname "cn=your name" -storepass abc123
  jar cvf Socket.jar *.class
  jarsigner -keystore socketstore -storepass abc123 -keypass abc123 -signedjar SSocket.jar Socket.jar signSocket
  And in html:
  CODE = "YourClass.class"
  ARCHIVE = "SSocket.jar"
  ...

• Navigating between applets from the same signed jar (trusted CA) gives err

  See [http://www.chrisnewland.com/java-7-update-21-signedunsigned-error-switching-between-applets-in-the-same-signed-jar-trusted-ca-339] for my investigations so far.
  Clicking a link to navigate between applets contained in the same signed jar (signed by a trusted CA) pops up an error dialog complaining about a signed/unsigned code mix.
  Loading each applet in a fresh browser works fine.
  If you click from applet 1 to applet 2 via a non-applet page then both applets run without problem.
  [EDIT: This is behaviour is new to 7u21]
  Edited by: Chris Newland on Apr 17, 2013 3:19 AM

  I tried that (Adding Trusted-Library true) to the jars and even the 3rd party jars.  I still get the pop up and this error:
  Exception in thread "thread applet-com/travelers/prefillapplet/PrefillApp.class-1" java.lang.NoClassDefFoundError: org/apache/log4j/Logger
  Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Logger
  at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)

• Signed applets and commandline import problems

  Hi!
  I'm working on an applet that uses SVNKit. Because of SVNKit (subversion system, written in java) my applet needs to be signed. My signing script works fine until I want to use the svnkit.jar. I don't get any error messages using the svnkit.jar file either, but the applet won't load. How do import this library properly in my signing process?
  My bash-script that does the signing:
  #!/bin.sh
  javac -classpath .:SVNKitLibs/svnkit.jar SVNApplet.java
  jar cvf SVNApplet.jar SVNApplet.class
  rm stormstore
  keytool -genkey -alias signFiles -keystore stormstore -keypass apasswd -dname "cn=storm" -storepass apasswd
  jarsigner -keystore stormstore -storepass apasswd -keypass apasswd -signedjar SignedSVNApplet.jar SVNApplet.jar signFiles
  keytool -export -keystore stormstore -storepass apasswd -alias signFiles -file storm.cer

  Thanks for your help, Surendra. For some reason I could not make it work in any other way than actually extracting all contents of svnkit.jar and then moving the org-folder to project root folder. The command is now:
  jar cvf SVNApplet.jar SVNApplet.class org

• Signed Applet and native code

  Hi all,
  I have an application which I deploy with webstart and includes native code. This all works perfectly with webstart. I now want to deploy it as an applet. This works accept for the native code. I have done heaps of searching and cannot determine the most appropriate way to make the native code visible to the applet.
  Ultimately I am at the point where i recieve a UnsatisfiedLinkError when calling loadLibrary(...) for the native code. Currently i have the native code (dll's for windows, so's for Solaris etc) in independent jars which are also signed (as needed for webstart).
  Could anyone give me some advise or a reference to more info on this topic.
  I am using Java 1.5 and am happy to use 1.6 if neccessary.
  Thanks,
  Dave

  Andrew - of course you were correct about the signed cert - I misspoke when the CA signed applet didn't show a warning. (You were also right that I must have checked 'always accept' the certificate on the server I had the CA signed cert on).
  I think you guys are on to something about the privileged actions. It would explain where one popup has the icon and the other doesn't. We have Javascript making calls into the applet and we do use JNI (although I don't think there are any calls back). We do wrap these calls in privileged actions but maybe we missed something. What I've seen before is a security exception is thrown if we don't wrap them - but maybe there are areas where we don't and it doesn't throw an exception or it does and we eat it somehow (and for whatever reason doesn't cause anything noticeable).
  Now that I know it could likely be the applet code and not necessarily a build issue with signing the jars, I have another place to look...
  I'll check it out and let you know what I find.

• Signed applet and security; a question

  I was wondering if you somebody has any experience packaging a signed applet within BEA? If so, Im wondering if I could ask you a few quick questions regarding MYAPP.
  MYAPP uses an applet that needs to be signed. This applet makes use of an external library for some of its client screens. Currently, I have packaged the applet classes, including the library contents as part of the root in the war file (i.e. exploded out of their archive and simply placed in the WAR file as fully path qualified classes).
  To sign the applet normally you would sign the jar file in which the applet is contained. But, when I place the jar file in the WAR file, the client cannot find the applet, even with the codebase and archive attributes filled in on the HTML page.
  My questions are as follows:
  Is there another mechanism for me to package the applet within the EAR file (i.e. a CAR file instead of the WAR?) such that I can package the applet within its JAR files and sign the JAR as I normally would?
  In lieu of anything on (1), how do I sign the applet? Should I be signing the WAR file or the individual classes?
  Please let me know if you would bee able to help, thanks much and again.
  Best regards,

  Thanks.
  The only server available we have is BEA 81 sp3
  appserver. We are not using webservers so we have to
  stick to BEA. Either it has a webserver included or you're screwed.
  Moreover, MYAPP.ear contains a huge amount of other
  JSPs and other stuff. My goal was to create a SINGLE
  ear file with MYWEBAPP and MYAPPLET contained in the
  same EAR file ?The point is that you have to point your applet's code base to a directory on the webserver. With dynamic web-app mapping and stuff you might not know where that is.
  So, is it doable to contain both MYWEBAPP and
  MYAPPLET in the same EAR file .... please correct me
  if iam wrong ?http://info.borland.com/techpubs/jbuilder/jbuilder9/webapps/webapps_context.html
  Look at the bottom of the page. Google is your friend.

• Signed applets and dialogs

  hi all,
  question to clarify my understanding of signed applets.
  got a bog-standard applet. nothing clever or special.
  got myself a bog-standard cert from thawte.
  signed the applet and put it on a webserver.
  displays the correct security notice on first load. continue and "Always trust this company" etc...
  all runs fine.
  in the applet init, i've put in
  java.awt.AWTPermission perm = new java.awt.AWTPermission("showWindowWithoutWarningBanner");
  try {
    AccessController.checkPermission(perm);
    System.out.println("access allowed?");
  } catch (AccessControlException ex) {
    ex.printStackTrace();
  }open the main frame, and all is good. no banner or access denied exception.
  show a popup menu, or tooltip. no banner.
  display a dialog. oops, a banner "Java Applet Window" and the bottom section of the dialog is covered with the warning msg.
  so i'm confused.
  does this mean that this permission does not apply to dialogs? (if so, what?)
  even with a cert, this msg cannot be removed? (please tell me no)
  wrap and recode all dialog openings with AccessController.doPrivileged? (i dont wanna do this)
  or i missed something with the setup.
  i've been searching the forums for some info, but seem to be going in circles. editing the policy file on all client comps is not a valid option, unless there is sometrick i dont know about .
  tia
  -a

  hi,
  i got the answer from the link
  http://www.javaworld.com/javaworld/jw-12-2000/jw-1215-security.html

• Applets and classes in jar files

  I have placed an applet and a group of classes that the applet uses in a jar file.
  The classes are grouped in their own files in a short directory tree within the jar file.
  When the applet is loaded by the browser on a client with the usual CODE="appletname.class" and ACRCHIVE="jarname.jar" statements, are the related class files and the directory tree also loaded into the client? Or do they remain at the server to be used by the applet as necessary?

  I'd say the entire JAR will be downloaded.