Applet Signed
Hi, Q. if i get my applet signed with all premissions can my applet then open a socket connection with another applet on the Internet that's listening. apart from the server the applet came from. Also how do i sign a jar file does this mean that the applet is signed is it free and for how long is it signed and is the any limits or restrictions if i get it do free
Both applets must be signed in order to make a connection between them. Signing an applet just verifies the applet can only be run from a location containing the correct keys. Here's more info on what it is and how to do it:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
Similar Messages
-
Hi
I have an applet which has the functionality to print images.when i am working with appletviewer on local machine it works. when i tried to print through browser i am getting access denied error...i came to know that my applet has to get signed so that it prints data to printer. Pls tel me how to achieve it...
And one more thing is i want to run my applet in a JSP so that i can access the file from different machine.
For this i tried using jsp:plugins..but it is also giving error...
Can u suggest me at this moment. how to get my applet signed...and how to resolve the plugin error...
thanks
type Exception report
Error message :.....................
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: /view.jsp(9,0) jsp:plugin not closed
at org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:94)
at org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:428)
at org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:126)
at org.apache.jasper.compiler.Parser.parsePlugin(Parser.java:643)
at org.apache.jasper.compiler.Parser.parseAction(Parser.java:669)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:803)
at org.apache.jasper.compiler.Parser.parse(Parser.java:122)
at org.apache.jasper.compiler.ParserController.parse(ParserController.java:199)
at org.apache.jasper.compiler.ParserController.parse(ParserController.java:153)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:227)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:369)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:473)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:190)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)Don't know about your second question but signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post -
Four Java Applet signing questions
hi all;
I'd like to ask a few quick questions about applet signing. As you know there is a "Security Warning" Gray Alert box that appears when the user tries to load your signed applet.
1. When the alert window asks someone to accept the signed applet, is it possible to some how capture the Yes or No button click event by javascript or something like that ? I noticed that the Yes and No Response seems to be saved in an in-memory cookie? Is it possible to figure out wht the person clicked ?
2. Is it possible to keep that "Security Warning" Alert box on top so that the user will not be able to accidentally ignore it (it goes under the browser and stays there).
3. Is there some way to inspect the PC to determine weather your applet loaded properly - apart from seeing a properly working applet ? For example , If I want to make sure it is being cached properly.
4. When a new version of the applet is available on the server ? how does the browser know to download something ? is that something I would code for manually or would is this automatically handled behind the scenes.
Thanks in advance
StephenI can only reply to nr 1 but looking at java.security.AccessControl there is a method called checkPermission() you can use.
-
I support some users that go onto a secure website and use certificates. They used the java 1.4.1 plugin and all is fine. Now they have a new machine, and the new Java plugin 1.4.2 throws up an error when you hit a button to select the certificate, runtime error line 53 bla bla bla, and at the bottom of the screen it says applet notinited. I don't know how to fix this error. I uninstalled the 1.4.2_07 and used the 1.4.1 and it still doesn't work, am confused, have 10 working machines and this one is causing a problem. I no nothing of Java apart from installing it.
Sorry I don't know much about Java, how would I go about doing that? The error I get is line 54 char 9 error Object doesn't support this property or method. Here is the page source don't if this helps or not?
<head>
<title>Login with a Certificate</title>
<link rel="stylesheet" href="/ecom/login/stylesheets/hmce.css" type="text/css">
<link rel="stylesheet" href="/ecom/login/stylesheets/hmceForms.css" type="text/css">
<script LANGUAGE="JavaScript1.1">
var intervalId;
var isAppletLoaded = false;
var intervalSet = false;
var isPosted = false;
function appletIsLoaded()
isAppletLoaded = true;
document.data.SignButton.disabled=false;
function checkStatus()
if (isAppletLoaded == false)
return;
if (document.signer.signComplete())
clearInterval(intervalId);
document.post.gatewaydata.value = document.signer.getSignedBase64Xml();
if (document.signer.getStatus() == 0)
if (isPosted == false)
document.post.submit();
isPosted = true;
else {
// do-nothing in this sample.
function signXML()
if ((document.signer.signComplete()) && (document.signer.getStatus() == 0))
return true;
} else {
var B64XML = document.data.xml.value;
var B64UTF8fragment = document.data.xmlsigblock.value;
document.signer.signXml(B64XML, B64UTF8fragment);
if (intervalSet == false)
intervalId = setInterval("checkStatus()", 1000);
intervalSet = true;
return false;
function doSubmit()
document.frm.submit();
</script>
</head>
<body topmargin="10" bgcolor="#FFFFFF" onLoad="appletIsLoaded()">
<OBJECT ID="GGSecSign" CLASSID="CLSID:2D9F7B63-EC7C-43FF-A41D-6E9EC984A5B9" CODEBASE="/ecom/login/ggsecsign.cab#version=5,1,7,1"></OBJECT>
<APPLET CODE="com.govgateway.UKOnLineSigningApplet.class" archive="/ecom/login/XMLSigningApplet.jar.zip" name="signer" width="0" height="0" VIEWASTEXT id="signer">
<PARAM NAME="profile" value="c:entrustprofiles">
<PARAM NAME="namespace" value="UKOnLineSigningApplet">
<PARAM NAME="useslibrary" value="UKOnLineSigningApplet">
<PARAM NAME="useslibrarycodebase" value="/ecom/login/UKOnLineSigningApplet.cab">
<PARAM NAME="useslibraryversion" value="5,1,7,1">
</APPLET>
<img src="/ecom/login/images/1px.gif" width="1" height="1" border="0">
<table width="733" border="0" cellspacing="0" cellpadding="0" height="52">
<tr>
<td>
<img src="/ecom/login/images/hmce_logo.jpg" width="733" height="52" border="0" alt="HM Customs and Excise">
</td>
</tr>
</table>
<br>
<table width="733" border="0" cellspacing="0" cellpadding="5">
<tr>
<td>
<h1>Login with a Certificate</h1>
</td>
</tr> -
Hi all
Have a signed applet that runs under IE 6, java 1.5. The applet is basically used for printing purpose.
My problem is that the applet shows a dialog box "Applet would like to print. Do you want to proceed?"
How can I get rid of the dialog box?
I don't want to change the Java file.
Thanks in advanceAn Applet runs in a sandbox which without proper authentication, will not allow any actions outside the sandbox, i.e. on the local filesystem.
You cannot print from an unsigned applet.
The signing process is very simple using Jarsigner and the Java Plugin.
You can generate your own certificates too, no need to purchase one. -
Applet signed w/ self-signed cert - different behaviors w different servers
Folks,
I'd really appreciate your help with the following.
I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
Thanks much,
Matthew Fleming
DermVision, LLCDouble post answer has been given and ignored:
http://forum.java.sun.com/thread.jspa?threadID=569012&messageID=2812525#2812525 -
Applet signed w/ self-signed cert - different behavior w/ different servers
Folks,
I'd really appreciate your help with the following.
I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
Thanks much,
Matthew Fleming
DermVision, LLCpolicy files or Runtime Parameters could change the default behavior.
The java.policy could have a line like this:
permission java.lang.RuntimePermission "usePolicy";
A full trace might show you what's going wrong.
To turn the full trace on (windows) you can start the java console, to be found here:
C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
In the advanced tab you can fill in something for runtime parameters fill in this:
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
if you cannot start the java console check here:
C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
I think for linux this is somewhere in youruserdir/java (hidden directory)
add or change the following line:
javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
for 1.5:
deployment.javapi.jre.1.5.0.args=Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
The trace is here:
C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
I think for linux this is somewhere in youruserdir/java (hidden directory) -
Hi Members,
* I am trying to uplaod a file to FTP server using apache API in Applet...
* I have Signed the JAR(TestApplet.jar) file by the following steps,
Generated the keytool for my created JAR file by the following command,
keytool -genkey -alias TestApplet -validity 365
Signed the JAR file by the following command,
jarsigner TestApplet.jar TestApplet
* The following is my HTML code to call my signed JAR file,
+<HTML>+
+<HEAD>+
+</HEAD>+
+<BODY>+
+<APPLET ALIGN="CENTER" CODE="AppletExample.class" archive="AppletExample.jar" WIDTH="800" HEIGHT="500"></APPLET>+
+</BODY>+
+</HTML>+
* The below is the my code in applet to upload a file to FTP server,
public void upload(){
try {
FTPClient client = new FTPClient();
FileInputStream fis = null;
client.connect("ftp.tnq.co.in");
client.login("workflow", "workflow");
String filename = "D:/Temp/upload.txt";
fis = new FileInputStream(filename);
client.storeFile("/home/workflow/TEST/javaupload.txt", fis);
client.logout();
fis.close();
System.out.println("File Uploaded Susccessfully.........");
} catch (SocketException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}* The File is successfully uploaded to FTP server machine while running it in Eclipse IDE, but not in browser(Mozilla FireFox)
* When i run it by browser it throws the following exception,
Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.net.SocketPermission ftp.tnq.co.in resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.InetSocketAddress.<init>(Unknown Source)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:176)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:268)
at AppletExample.upload(AppletExample.java:88)
at AppletExample.actionPerformed(AppletExample.java:111)
at java.awt.Button.processActionEvent(Unknown Source)
at java.awt.Button.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)* Please let me know, why it is not running in browser....?
* Thanks in advance
Regards,
JavaImran* Thanks for your thoughts....
* As sabre said to me sign external also, so that now i did the following upload program by sun API only(now there is no external API jar file)
public void upload( String ftpServer, String user, String password,
String fileName, File source ) throws MalformedURLException,
IOException
if (ftpServer != null && fileName != null && source != null)
StringBuffer sb = new StringBuffer( "ftp://" );
// check for authentication else assume its anonymous access.
if (user != null && password != null)
sb.append( user );
sb.append( ':' );
sb.append( password );
sb.append( '@' );
sb.append( ftpServer );
sb.append( '/' );
sb.append( fileName );
* type ==> a=ASCII mode, i=image (binary) mode, d= file directory
* listing
sb.append( ";type=i" );
BufferedInputStream bis = null;
BufferedOutputStream bos = null;
try
URL url = new URL( sb.toString() );
URLConnection urlc = url.openConnection();
urlc.setDoOutput(true);
//urlc.setUseCaches(false);
bos = new BufferedOutputStream( urlc.getOutputStream() );
bis = new BufferedInputStream( new FileInputStream( source ) );
int i;
// read byte by byte until end of stream
while ((i = bis.read()) != -1)
bos.write( i );
finally
if (bis != null)
try
bis.close();
catch (IOException ioe)
ioe.printStackTrace();
if (bos != null)
try
bos.close();
catch (IOException ioe)
ioe.printStackTrace();
else
System.out.println( "Input not available." );
}* Now also, it is executing well in eclipse, but not in browser both IE and Mozilla2.0
* I got the following error, when i run it in browser,
java.net.ProtocolException: cannot write to a URLConnection if doOutput=false - call setDoOutput(true)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.ftp.FtpURLConnection.getOutputStream(Unknown Source)
at FileUploadAndDownload.upload(FileUploadAndDownload.java:76)
at UploadAndDownload.actionPerformed(UploadAndDownload.java:67)
at java.awt.Button.processActionEvent(Unknown Source)
at java.awt.Button.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)* The erroe gives me to set setDoOutput(true) as true..., i did like that only in my coding........but throws erroe..... Why that...?
* Please let me know your suggestions........
Thanks and Regards,
JavaImran -
Prevent abuse of a signed applet?
Hi
I am creating an application using HTML, javascript, and a set of java classes.
Communication betwwen the javascript and java is done by an applet, signed with a real certificate.
I would like to prevent someone copying my signed jar, and abusing it.
The classes behind my applet will do (a.o.) local I/O.
The type of abuse I am worried about is e.g. java code from another jar calling public methods on classes in my signed jar, using them to read or write files, and thus abusing my certificate for doing something else than my applet/jar was meant to.
I am looking for advice on how to prevent such things from happening.
Thoughts that already crossed my mind, are:
- making sure only my applet (and as few as possible other classes) has a public constructor
- declaring as much classes as possible (at least the sensitive classes) as final
- avoid non-final public static variables that contain default names of files
If anyone has some more ideas, please post them! I'll be very gratefull!
If you know about a similar question (and answer) in this forum, please let me know, as I have not found it.harmmeijer,
thanks for the answer, and especially the idea of checking the call stack!
You scared the hell out of me however, by saying:
Your applet would not work at all in jre 1.4.2 signed or policy, when the method is called by javascriptand reading the thread you referenced!
Everything worked fine in jre 1.4.1_2 and earlier. It continued working in 1.4.2_01 in combination with Netscape (v 7.1)
But the combination MSIE (v6.0) with jre v1.4.2_01 did require a minor change:
From my signed applet, I called a .class.getResource(...).getURL()
It didn't work anymore, so I do it know in my applet's init() method, instead of in a stack started by javascript.
All my other I/O (and reflection) still works (thank all gods!), since I do it in a separate thread that I start in my applet's init() method. I hope it keeps working in jre 1.5 :-)
Any other input is very welcome! -
Java applet warning keeps coming back for signed applet
I have an applet signed with certificate issued by a public CA cert verisign. This applet prints document to the printer. When it loads everything looks good and checks on the screen and the user is prompted to allow access to the printer. Even, though the user selects "Allways allow this applet to print" the warning keeps coming back everytime the applet attempts to access the printer.
I notice other applets work correctly. I veriy the signed jar and it all looks correct every class file comes with smk marking.
What is going, can someone please help???
ManuelI appreciate the help. but i was able to resolve the problem. Our web page called the applet print method directly from scripting. Apparently that causes the java plugin to warn the user every time.
To avoid this issue the new print method queues up a print job and a separate thread watches for the queue and picks up the job and prints it. In order to support the same original function, the new print method is syncronized and waits for the job to be queued before it returns.
Now, there are no warnings even the first time you use the applet.
[Here is another similar thread.|http://forum.java.sun.com/thread.jspa?forumID=63&threadID=524815]
Thanks,
Manuel -
Signed applet, jmf.jar provided, but no connection
hi there!
i'm posting this again in order for you to earn duke-bucks.
i have a similar problem. i wrote an applet that connects to a video-streamserver an requests a live-stream. the applet sends some udp-packets to the server, which retreives the client's ip from the
packet and sends it back to the client ( i did this to avoid signing the applet, since otherwise the client
would have to do a dns-lookup and therefore be signed). the client gets back his public ip (i don't have the 127.0.0.1-problem) , however, i get an
InvalidSessionAddressException :
Local Data Address Does not belong to any of the local interfaces
it seems, the client cannot recognize it's own public ip.
so i thought, signing the applet would do, but it doesn't.
I get the same InvalidSessionAddressException.
now, this only happens on hosts on which jmf is NOT installed.
Installing the jmf solves the problem. but i don't want people who visit my page having to install
jmf in order to watch my livestream. i tried including the whole jmf.jar (also tried, customizing it),
but no success.
i read the posts on the issue: running jmf-applets on non-jmf-systems, but there seems to be a
controversy on wether that is possible or not. some say, jmf must be installed, some say, just include jmf.jar or customized jmf.jar.
what else could i try? i have the clients public ip and i have the applet signed. so, there shouldn't be
any restrictions anymore.
i have no ClassDefNotFoundExceptions, so i suppose, including jmf.jar works.
what else gets changed when i install jmf? there must be some restrictions that keep the vm from
determining the hosts public ip and which will be removed by the installation of jmf.
anyone had similar problems? and, perhaps, a solution to this?
thanks in advance,
honfrek
b.t.w. you can earn some duke-bucks too !hi!
i found a very elaborate solution here:
http://www.mutong.com/fischer/java/usbcam/VideoToAppletWithNoSupport.zip
this link has been posted before,
http://onesearch.sun.com/ClickThru?qt=servlets&url=http%3A%2F%2Fforum.java.sun.com%2Fthread.jsp%3Fforum%3D28%26thread%3D515345&pathInfo=%2Fsearch%2Fdevelopers%2Findex.jsp&hitNum=45&col=devforums
this solution uses jmf only on server side for capturing, then converts the capture-stream into images, splits
the images into smaller regions and evaluates the differences of these regions to the regions of the previous image. if the difference hits a certain threshold, these regions are transmitted to the applet. but the transmission is done via tcp, which slows things down.
the splitting -code is hard for me to understand, since i'm new to java. -
I'm developing with jdk1.1.8 today to support MSJVM, such that user of old Windows don't have to install java explicity to run my applet. Now I have come to the point where I need a signed applet. I have searched the net and the information I get is that signing applet was very starge before java Plugin 1.3, where it became more unified.
So my questions are:
What options do I have if I wish to remain using jdk1.1.8 and I want a signed applet that should be abel to run in any browser on any OS?
If a users uses windows and haven't isntalled any recent JRE. That is he only have the MSJVM to run applets. Is there a way that he can use an applet signed according to the java plug-in 1.3 scheme without having to download a recent JRE?
Ok I dont know if that makes any sense, but I hope someone can give me some answers.
thanks
RobertYou need to use the cabsign utility from MS to sign for MSJVM.
Here are some snippets from my cygwin bash script for signing jars and cabs:
if [ $makecabs -ne 0 ]; then
echo '#' cabarc $pdir $sdls
rm -f ../code/jars/unsigned/$prnm.cab
cabarc -r -p N ..\\code\\jars\\unsigned\\$prnm.cab \*.class \*.gif > ${prnm}-cab.log
fi
if [ $makejars -ne 0 ]; then
echo '#' jar $pdir $sdls
rm -f ../code/jars/unsigned/$prnm.jar
pwd
echo "jar -cvf ..\\code\\jars\\unsigned\\$prnm.jar $sdls"
jar -cvf ..\\code\\jars\\unsigned\\$prnm.jar $sdls > ${prnm}-jar.log
fi
sign() {
key=${keys[$2]}
kid=${kids[$2]}
par=${part[$1]}
cls=${pcls[$1]}
nam=${pnam[$1]}
mkdir -p ../docroot/code/jars/$key
if [ $makejars -ne 0 ]; then
echo '#' signing jar $1 $2 key:$key kid:$kid par:$par
pwd
jarfile="..\\docroot\\code\\jars\\$key\\$cls.jar"
cp -f ../docroot/code/jars/unsigned/$cls.jar ../docroot/code/jars/$key/$cls.jar
echo jarsigner -keystore ..\\keys\\.keystore -storepass $password $jarfile $kid
jarsigner -keystore ..\\keys\\.keystore -storepass $password $jarfile $kid <<EOF
EOF
fi
if [ $makecabs -ne 0 ]; then
echo '#' signing cab $1 $2 key:$key kid:$kid par:$par
certfile="..\\keys\\"${keyc[$2]}
keyfile="..\\keys\\"${keyk[$2]}
cabfile="..\\docroot\\code\\jars\\$key\\$cls.cab"
cp -f ../docroot/code/jars/unsigned/$cls.cab ../docroot/code/jars/$key/$cls.cab
if [ $noauto -eq 1 ]; then
signcode -j javasign.dll -jp "low" -spc $certfile -v $keyfile -n $key $cabfile
else
echo '#' autosign.vbs $certfile $keyfile $cabfile $password $key $nam
cmd /c cscript autosign.vbs $certfile $keyfile $cabfile $password $key $nam
fi
signcode -x -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 5 $cabfile
chktrust $cabfile
fi
return 0
You need different certificates for jar and cab signing. The applet tag to support both
jars and cabs needs some fussing too. -
0 down vote favorite
I have written an applet with Netbeans. When I click on Clean and Build then Netbean create a jar file "Test.jar" and also another folder called lib in the same directory. I've signed the Test.jar. Basically this applet upload files to server with FTP. So when Applet loads into browser then I am able to select files but when I click on upload then it stops. So my question is:
1. Have I also need to sign all dependent jar files?
2. My directory structure is as follow:
C:\AppletPage.html C:\Test.jar C:\lib
and code in html file is as follow
<applet code="UploadGUI.class"
archive="test.jar"
width=400 height=400></applet>Please advice me where am I wrong?
Thanks in AdvanceShahid_Hanif wrote:
0 down vote favoriteHuhh?
I have written an applet with Netbeans. ..My condolences.
..lWhen I click on Clean and Build then Netbean create a jar file "Test.jar" and also another folder called lib in the same directory. I've signed the Test.jar. Basically this applet upload files to server with FTP. ..If you deploy the applet in a Plug-In 2 architecture JRE and launch it using Java Web Start - it can be sand-boxed.
..So when Applet loads into browser then I am able to select files but when I click on upload then it stops. .. What messages appear in the Java Console? Does the code of the applet [swallow exceptions|http://pscode.org/javafaq.html#stacktrace] (<- link)?
..So my question is:
1. Have I also need to sign all dependent jar files?What dependent Jars? The applet element shown lists only one Jar in the archive attribute.
2. My directory structure is as follow:
C:\AppletPage.html C:\Test.jar C:\libWhat (if anything) is in 'lib'?
Edit 1:
Also posted to [http://stackoverflow.com/questions/3740006/java-applet-sign]
Edited by: AndrewThompson64 on Sep 18, 2010 1:07 PM -
Hello,
I'm having trouble trying to get my signed applet to work. Here's my situation:
I've created a signed .jar file that relies on classes in another .jar file. The second .jar file comes from a 3rd party and is signed by them. I'm using IE. When trying to access the applet, I get a security dialogue box that prompts me if I want to trust the signed applet signed by me. I click yes and get an error in the java console window
java.lang.NoClassDefFoundError: netscape/security/AppletSecurityException
at java.lang.Class.forName0(Native Method)
I'm assuming this is because of the 3rd pary .jar file I'm trying to use. I was not prompted to trust this .jar file. Should I have been? i have listed this other .jar file in the html file as one of the archives. Should I be using .cab files instead? What is the proper way to construct the html file when using multiple signed .jar files (signed by different parties) in conjunction with IE?
I've gotten another simple signed applet in the form of a .jar file to work with IE just fine. But, it didn't rely on a signed 3rd part .jar file.
Any help is greatly appreciated.
thanks!
-jeffThe ClassNotFoundException for Netscape should be handled in a catch block when running in IE's native JVM. This is a bug in the code.
You can run multiple signed applets in IE. There's no special HTML syntax to do so, just multiple applet tags. Generally, it will prompt you to accept permissions for each signed codebase.
Eimhin -
How to sign java applet policy to end user?
i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE?
can anyone help me?I found this some where else. It shows how to sign an applet.
START OF DOC
How To Sign a Java Applet
The purpose of this document is to document the steps required to sign and use an
applet using a self-signed cert or CA authorized in the JDK 1.3 plugin.
The original 9 steps of this process were posted by user irene67 on suns message forum:
http://forums.java.sun.com/thread.jsp?forum=63&thread=132769
-----begin irene67's original message -----
These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).
The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...
1. Create your code for the applet as usual.
It is not necessary to set any permissions or use security managers in
the code.
2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3 path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is any password. Only Sun knows why...
perhaps ;-)
3. Generate key: keytool -genkey -keyalg rsa -alias tstkey
Enter keystore password: *******
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
correct?
[no]: yes
(wait...)
Enter key password for tstkey
(RETURN if same as keystore password):
(press [enter])
4. Export key: keytool -export -alias tstkey -file tstcert.crt
Enter keystore password: *******
Certificate stored in file tstcert.crt
5. Create JAR: jar cvf tst.jar tst.class
Add all classes used in your project by typing the classnames in the
same line.
added manifest
adding: tst.class(in = 849) (out= 536)(deflated 36%)
6. Verify JAR: jar tvf tst.jar
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF
849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
7. Sign JAR: jarsigner tst.jar tstkey
Enter Passphrase for keystore: *******
8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar
130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF
183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF
920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
(tstkey)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
9. Create HTML-File for use of the Applet by the Sun Plugin 1.3
(recommended to use HTML Converter Version 1.3)
10. (Omitted See Below)
-----end irene67's original message -----
To make the plug-in work for any browser you have two options with the JDK 1.3 plugin.
1) Is to export a cert request using the key tool and send it to a CA verification source like verisign.
When the reponse comes back, import it into the keystore overwriting the original cert for the generated key.
To export request:
keytool -certreg -alias tstkey -file tstcert.req
To import response:
keytool -import -trustcacerts -alias tstkey -file careply.crt
An applet signed with a cert that has been verified by a CA source will automatically be recognized by the plugin.
2) For development or otherwise, you may want to just use your self-signed certificate.
In that case, the JDK 1.3 plugin will recognize all certs that have a root cert located in the JDK 1.3 cacerts keystore.
This means you can import your test certificate into this keystore and have the plugin recognize your jars when you sign them.
To import self-signed certificate into the cacerts keystore, change directory to where the JDK plugin key store is located.
For JDK 1.3.0_02: C:\Program Files\JavaSoft\JRE\1.3.0_02\lib\security
For JDK 1.3.1: C:\Program Files\JavaSoft\JRE\1.3.1\lib\security
Import your self-signed cert into the cacerts keystore:
keytool -import -keystore cacerts -storepass changeit -file tstcert.crt
(the password is literally 'changeit')
Now, regardless of which method you use, the applet should be recognized as coming from a signed jar. The user can choose to activate it if he / she chooses. If your applet uses classes from multiple jars, for example Apache's Xerce's parser, you will need to sign those jars as well to allow them to execute in the client's brower. Otherwise, only the classes coming from the signed jar will work with the java.security.AllPermission setting and all other classes from unsigned jars will run in the sandbox.
NOTE: Unless otherwise specified by the -keystore command in all keytool and jarsigner operations, the keystore file used is named '.keystore' in the user's home directory.
The first time any keystore is accessed (including the default) it will be created and secured with the first password given by the user. There is no way to figure out the password if you forget it, but you can delete the default file and recreate it if necessary. For most operations, using the -keystore command is safer to keep from cluttering or messing up your default keystore.
Maybe you are looking for
-
I created a SharePoint 2013 farm solution project in Visual Studio 2013 (running on the same machine where SharePoint 2013 server is running) with event receiver. I added web.config at project root level to store connection string (I'm working off e
-
Want to restrict out of 3 @prompts
Hi Folks, I have one Webi report which has 3 @prompts for Purchase order number, Serial number and Sales order number, User is supposed to enter any one value as these prompts are on OR condition. For example, I enter Serial number and rest as '*'. T
-
Connection Lyinksys srw with IOS 1.0.2 with Rancid
Hi all!! I want to modify an already existing script that was used to connect to a Linksys switch 1.0.4. or the switch I have are version 1.0.2 and it is impossible to put to update. Here is the script version 1.0.4 is the csblogin here The differenc
-
Looking for LabView 6i GPIB-USB-A driver for Agilent E7401A
I am looking for LabView 6i GPIB-USA-A driver for Agilent E7401A EMC ANALYZER.
-
Idoc message type which contains all data types
Hi, I need idoc type or name which consist of all data type sap has defined. There are nearly 24 data types. Pls help.. Regards, Taj