Deploying Signed Applet to my users

Hello,
I have a signed applet from Thawte and it runs good on my machine, but I have the prblem of trying to deploy the applet to other users on other machines. What is the steps needed so that I don't have to change the java.policy file on their computers. This applet will run on a server that the group has access to.

Develop a HTML or JSp to point to download the Applet Class and ask the Users to access the Html Page... now the Applet would have downloaded to the User Machines and it will do the job u wanted to do...

Similar Messages

Problem with a signed applet and a user machine.

Hello. I´m having some problems with a signed applet with some dependences.
In one particular computer the applet doesn´t load.
The java version installed in that computer is 1.6.0_25.
The invocation tag:
<applet name=applet id="applet" code=Applet/RequestApplet.class width=155 height=21 archive="RequestApplet.jar " MAYSCRIPT>
   <param id="parametro1" name="usuario" value="<Computed Value>">
</applet>The RequestApplet.jar and dependences:
   bcmail-jdk13-145.jar(signed by bouncy castle), jce-ext-jdk13-145.jar(signed by bouncy castle), AbsoluteLayout.jar, plugin.jar, RequestApplet.jar(signed by me)*this files are all in the same folder.
The requestApplet.jar manifest:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.7.1
X-COMMENT: Main-Class will be added automatically by build
Class-Path: bcmail-jdk13-145.jar jce-ext-jdk13-145.jar plugin.jar Abso
luteLayout.jar
Created-By: 10.0-b23 (Sun Microsystems Inc.)
Main-Class: Applet.RequestApplet
Name: Applet/ResponseApplet$1.class
SHA1-Digest: fO5IPiwEH3OhvlprhBecmMIAVJI=
Name: Applet/NewJApplet.class
SHA1-Digest: 6XSpm7lQEQRi39TegoUYv2aFJrk=
Name: Applet/ResponseApplet.class
SHA1-Digest: v1EbKUFB+QdvO05xx8UzAMNIyRs=
Name: Applet/ResponseApplet$4.class
SHA1-Digest: XH4I67psXZTelpz0AMAYc/Ej8QY=
Name: Applet/RequestApplet$1.class
SHA1-Digest: KAP5sAC4Thv/6GClkFAdGUVzgYA=
Name: Applet/ResponseApplet$5.class
SHA1-Digest: CVPnKrW2SgNEkRzYnVnQe3KGrIU=
Name: Applet/ResponseApplet$3.class
SHA1-Digest: SjfW1k1K7BA9m3AxmHi+jvRE+9o=
Name: Applet/ResponseApplet$2.class
SHA1-Digest: 3Pu18CZMLuEh7/n3y7XxFSkuNQY=
Name: Applet/RequestApplet.class
SHA1-Digest: Tky85es5+o371adetH9XVEI2Z+o=The error:
java.lang.RuntimeException: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
     at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
     at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
     at java.lang.Class.getDeclaredConstructors0(Native Method)
     at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
     at java.lang.Class.getConstructor0(Unknown Source)
     at java.lang.Class.newInstance0(Unknown Source)
     at java.lang.Class.newInstance(Unknown Source)
     at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
     at java.awt.event.InvocationEvent.dispatch(Unknown Source)
     at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
     at java.awt.EventQueue.access$000(Unknown Source)
     at java.awt.EventQueue$1.run(Unknown Source)
     at java.awt.EventQueue$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
     at java.awt.EventQueue.dispatchEvent(Unknown Source)
     at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
     at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
     at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
     at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
     at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
     at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
     at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
     at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
     at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     ... 20 more

Thanks. I´ll try with your tips. But if i put all the dependences in archive I get this error.
The tag:
<applet name=applet id="applet" CODEBASE="." code="Applet/RequestApplet.class" width=155 height=21 archive="bcmail-jdk13-145.jar, jce-ext-jdk13-145.jar, AbsoluteLayout.jar, plugin.jar, RequestApplet.jar " MAYSCRIPT>
   <param id="parametro1" name="usuario" value="<Computed Value>">
</applet>The error:
Java Plug-in 1.6.0_25
Usar versión JRE 1.6.0_25-b06 Java HotSpot(TM) Client VM
Directorio local del usuario = C:\Documents and Settings\Administrator
c:   borrar ventana de consola
f:   finalizar objetos en la cola de finalización
g:   liberación de recursos
h:   presentar este mensaje de ayuda
l:   volcar lista del cargador de clases
m:   imprimir sintaxis de memoria
o:   activar registro
q:   ocultar consola
r:   recargar configuración de norma
s:   volcar propiedades del sistema y de despliegue
t:   volcar lista de subprocesos
v:   volcar pila de subprocesos
x:   borrar antememoria del cargador de clases
0-5: establecer nivel de rastreo en <n>
basic: Receptor de progreso agregado: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@f39b3a
basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/bcmail-jdk13-145.jar
basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/jce-ext-jdk13-145.jar
basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/AbsoluteLayout.jar
basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/plugin.jar
basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/RequestApplet.jar

User rejected the cab - signed applet doesnt load

Hi,
I have signed my cab file and IE requests for permissons when I access it. If I deny the permissions, my signed applet doesnt load. Is there any way to make the applet load even if I dont grant the permissions. I expect only the 'out-of-the-sandbox' operations to fail - not the entire applet!
Thanks

I found a solution to this. Details on my blog at:
http://brandon.fuller.name/archives/2004/08/19/23.19.48/

How to 'deploy' an Applet when class files are on client machine?

Hi all,
I've searched through these forums and I can't find where my specific question has been asked before, so please accept my apologies for any duplication.
I am trying to develop an applet for use on an intranet. (The specific requirement is that the applet must operate a scanner, and upload the scanned images to the database - we want it to be an applet so that it seamlessly integrates with the rest of the web application from the user's POV).
Therefore the applet needs to run outside of the sandbox, but I don't want to go to all the hassle of getting a certificate from Verisign and signing the applet - that doesn't seem like it should be necessary, since there is no problem getting access to the client PC to install the class files by hand!
I have read on this tutorial page that applets "that are loaded from the local file system (from a directory in the user's CLASSPATH) have none of the restrictions that applets loaded over the network do," so I don't think I am barking up the wrong tree:
http://java.sun.com/docs/books/tutorial/deployment/applet/security.html
That is exactly what I want to do! But whenever I try to run the applet, I get a no class definition found exception. However, if I run the applet as a standalone application (using its static main method) then the JRE has no trouble locating the class file - so I know that my CLASSPATH environment variable is set ok.
Therefore I think the problem must be in my JNLP file. This is what mine looks like at present:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://localhost:8080/JGNS008" href="http://localhost:8080/JGNS008/scanner-applet.jnlp">
    <information>
        <title>Scanner Applet Prototype</title>
        <vendor>Fooware</vendor>
    </information>
    <resources>
        
        <j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se" />
        <jar href="ScannerApplet.jar" main="false" />
    </resources>
    <applet-desc
         name="Scanner Applet Prototype"
         main-class="uk.co.fooware.ScannerApplet"
         width="72"
         height="20">
     </applet-desc>
     <update check="background"/>
</jnlp>How do I rewrite this so that it doesn't try to download the class files from the network?
Many thanks,
Richard.

richardwild wrote:
..I am trying to develop an applet for use on an intranet. (The specific requirement is that the applet must operate a scanner, and upload the scanned images to the database - we want it to be an applet so that it seamlessly integrates with the rest of the web application from the user's POV).
Therefore the applet needs to run outside of the sandbox, but I don't want to go to all the hassle of getting a certificate from Verisign and signing the applet - that doesn't seem like it should be necessary,.. Code can be digitally signed without a 'verified' certificate from Versign.
..since there is no problem getting access to the client PC to install the class files by hand!
I have read on this tutorial page that applets "that are loaded from the local file system (from a directory in the user's CLASSPATH) have none of the restrictions that applets loaded over the network do," so I don't think I am barking up the wrong tree:
http://java.sun.com/docs/books/tutorial/deployment/applet/security.html
Huh. I had never heard of that, but since I do not have access to my end user's classpath it is not that important to me.
BTW - I am guessing they mean the path indicated by [http://pscode.org/prop/all.html?prop=java.class.path].
And putting classes into JRE folders seems very hackish to me.
That is exactly what I want to do! But whenever I try to run the applet, I get a no class definition found exception. However, if I run the applet as a standalone application (using its static main method) then the JRE has no trouble locating the class file - so I know that my CLASSPATH environment variable is set ok.Huh?
Therefore I think the problem must be in my JNLP file. Huh?!? Why not deploy the applet using a standard applet element? The only way to configure an applet using a JNLP is ..
a) If the applet is intended to be free floating.
b) If the applet is intended to be embedded in a plug-in2 architecture JRE. Why impose that restriction, when it seems unnecessary and unproductive?
Note that the second option is very new, and I would not expect all the things mentioned in the document you linked, to apply equally to JNLP embedded applets. If you want this applet embedded, I suggest you drop the entire JNLP approach and use a standard applet element.

OS X 10.5.6, Safari 3.2.1 hangs when second applet loaded is signed applet

Dear Forum,
I've been investigating a customer's problem. She is trying to use our
VoIP applet, but it continuously freezes Safari when the Trust dialog shows.
A "Force Quit" is necessary.
I managed to reproduce the problem consistently on
- PowerMac7 OS X 10.5.6 (Build 9G55)
- Architecture: ppc
- Safari 3.2.1 (5525.27.1)
- JVM 1.5.0_16 from Apple
The problem is persistent when:
- the signed applet is loaded as second applet in the browser
- the signed applet is cached by the JVM
Our customer uses:
- Mac Book ProOS X 10.5.6
- Safari 3.2.1
- JVM 1.5.0_16 from Apple
This problem does not occur on:
- Mac OS X 10.4.11 (Mac Powerbook G4)
- Safari 3.2.1 (4525.27.1)
- JVM 1.5.0_16 from Apple
and not on:
- MacBook Air, OS X 10.5.6, 1.6 Ghz Intel core 2 duo
- Safari Version 3.2.1 (5525.27.1)
- JVM 1.5.0_16 from Apple
Steps to reproduce the problem:
Launch Safari.
In (first) page/tab go to
http://www.javatester.org/version.html
(this uses a non signed applet)
Open a second tab. Here go to:
http://ukapi.phonefromhere.com/talk/vtop2.xsql?key=01612884242
This is a signed applet that will ring our office over VoIP.
Click the "Trust" button (signed by PhoneFromHere).
As long as this applet isn't cached by the JVM this will work, so
the first time you will succeed.
Now Quit Safari (not "just" close all Safari windows, but a "real" quit) and repeat the exercise.
The second (and next) time this will fail (only if the signed applet is loaded as second, so the order is important)! This keeps failing until I go (back) to the Java Preference window (via Finder) and explicitly delete the cached files.
The URL will work when loaded first (cached or not).
Some diagnostics, that might help:
I configured the Java Preference window to "enable Logging, Tracing and Show applet livecycle exceptions".
When the applet fails to load (and Safari freezes/hangs), the last few records of the plugin150.log are:
<message>basic: Loading http://ukapi.phonefromhere.com/talk/lib/pfh.jar from cache
<message>basic: Reading cached JAR file from JRE 1.5 release
<message>basic: Certificates for http://ukapi.phonefromhere.com/talk/lib/pfh.jar is read from JAR cache
<message>security: Loading certificates from Deployment session certificate store
<message>security: Loaded certificates from Deployment session certificate store
<message>security: Checking if certificate is in Deployment session certificate store
(and then nothing)
whereas when it succeeds to load, as soon as I click the "Trust" button, it's say:
<message>security: User has granted the priviledges to the code for this session only
The Report is a bit too long to port, I'll include the same text above when sending it.
Model: PowerMac7,2, BootROM 5.1.3f0, 2 processors, PowerPC 970 (2.2), 1.8 GHz, 2 GB
To cut a long story short? Is this a know bug (I couldn't find anything, but you never know)? Does anyone have any ideas how to fix this?
Thanks, Birgit

I have the same issue now after downgrading my Flash plugin. I downgraded from 10 to 9 latest because I like using Camino and for some reason Flash 10 doesn't play nice with Camino. But all of a sudden as I use Camino 2b2 for everyday and Safari 3.2 for banking and such, the browser hangs requiring a forced quit when I close it. I've re-installed the browser twice now with all the previous folders, and preferences erased and caches emptied. I even when to re-installing 10.5.6 and it still crashes, it's odd. Maybe 10.5.7 will address this.

Signed applets (are policy files needed!)

I have experienced on a number of different machines that a signed applet that the client trusts (via clicking on yes to the prompt asking to trust the applet), is able to access the local resources with NO policy file on the client machine. I'm using JRE 1.4.1_02
Is this the expected behavior?
I sure hope it is because how in the world can you install applications to many clients and update their policy file? you can't via the web! BUT why am I reading that you have to have a policy file even if you sign an applet. I want to get rid of using Netscape security model but I can not update many client machine policy files... Please help!!! thanks. Is signing an applet all you have to do to access local machines, I sure hope so! Thanks in advance.

I've done some more research specifically a very good article at http://developer.java.sun.com/developer/technicalArticles/Security/applets/index.html. I'll try to highlight the more interesting comments that I found. At least for the JRE 1.3 there appears to be a new class loader, sun.plugin.security.PluginClassLoader that allows a signed jar file (once trusted by the client) to have access to local resources.
Code signed using the private key of the signer can be run on client machines once the public key corresponding to the signer is deemed as trusted on the respective machine.
Applet security in browsers strives to prevent untrusted applets from performing potentially dangerous operations, while simultaneously allowing optimal access to trusted applets.
There is no simply way to deploy and use customized policy files, a policy will have to be set by files based on the JRE installation. Customized class loaders or security managers cannot be installed easily.
Policy files are difficult or at least not very straightforward for normal users, which could be thousands of machines where an applet is deployed.
The java plug-in (I believe its 1.3 and later) provides a workaround although its recommended to use policy files wherever practical and applicable. (This implies to me that using the plug-in, all that is required is to sign the jar file to have access to local resources).
RSA-signed applets can be deployed using the Java plug-in. (which can run in an identical way for Netscape and IE).
In order for a plug-in enhanced browser to trust an applet and grant it all privileges or a set of fine-grained permissions (as specified in a J2EE policy file), the user has to preconfigure his or her cache of trusted signer certificates (the .keystore file in JRE 1.3) to add the applet's signer to it. However, this solution does not scale well if the applet needs to be deployed on thousands of client machines, and may not always be feasible because users may not know in advance who signed the applet that they are trying to run. A NEW CLASS LOADER, sun.plugin.security.PluginClassLoader in the Java Plug-in 1.3, OVERCOMES THE LIMITATIONS MENTIONED ABOVE.
I hope this helps, I've been looking for this solution for quite some time, trying to understand why singed applets work with no policy files for version 1.4... Talk to you later, Jay.

JRE 1.4.x Plugin - Signed Applets and Weird Behaviour (Policy)

Hello.
I have recently experienced some strange behaviour related to signed applets and policy files in JRE 1.4.2-b28 ( a friend got the same behaviour in a flavour of 1.4.1-xx as well ). Both tests were on Windows 2000 Professional platforms.
Initially my unsigned applet, which attempts socket connections to a server different from the download location, fails with security exceptions ( as expected ). Then I did the following to sign the applet jar and configure my environment
Steps: 1) Import "trusted CA" certificate into ${java.home}/lib/security/cacerts. (JRE home outside the JDK)
2) Signed the jar using jarsigner and a certificate generated from the "trusted CA" (Entrust CA and certificate).
3) Imported the signing certificate into the Java plugin using import in the plugin control panel.
4) Created a new keystore (keytool,jks) and imported the signing certificate into the keystore with alias "developer". The keystore is stored in the user home as .keystore.
5) Created a .java.policy for the user and attaching the keystore in 4) to it. ( also stored in user home ).
6) Used the policy tool to grant socketpermissions to the specific codebase ( testing with file:/C:/test/* initially ) signed by "developer"
After this, when I ran the test page under IE 5.5SP2 and Netscape 7.1 it worked without any security exception. Ditto for using the appletviewer and the policy file I created for the user.
The weird part occurred when I removed the policy entry from the user policy file. After doing this, Netscape and IE still allow the applet to execute - somehow remembering that it was granted permissions at some point. The appletviewer does not allow it to execute, generating security exceptions.
It appears the old policy is being cached somewhere, but I cannot find where. If I replace the applet jar with an unsigned version it does fail in IE and Netscape. I tried cleaning the plugin cache and removing the "deployment.certs" files related to the users but still get the same behaviour.
Does anyone know where the old policy information is being stored ? Does anyone know how to revoke the permissions so that I am restored to my original base environment ( no permissions for "designer" signed applets ) ? Would attempting to utilize the AccessController.doPriveleged( xxxx ) operations in JDK 1.4 avoid all of this confusion with policy files, keystores and certificate storage ? After all the messing about I would like a zero-footprint alternative ( or minimzed footprint anyway ).
Any ideas would be most welcome.
Regards,
James.

Hello Again.
I am either enlightened or confused at this point. I found that as long as all of my related Jars are signed ( even by self-signed certificates ) I am granted SocketPermissions for calls outside of the originating server. Unsigned code is refused, but even when the Jars were signed using a self-signed certificate the Socket calls were allowed.
Am I experiencing the appropriate behaviour in this case ( which would mean not having to utilize policy files to distribute an applet that uses calls to arbitrary servers - e.g. JavaMail ) or am I suffering from something damaged in my environment ?
It has been a long time since I played with signed applets and I am having difficulty determining what operations require policy file entries/AccessController.doPrivileged() calls and which are granted when a user elects to trust a signed applet without policy.
Any assistance in clearing up my confusion would be appreciated.
Regards,
James.

Signed applet and database connetion...

Hello,
Well, I am deploying an applet application which needs to connect with a postgres database.
I put my application in my hosting then I changed my local java.policy file adding a line as
permission java.net.SocketPermission "127.0.0.1:5432", "connect,resolve";And my applet works... but I don't want that the user needs to change his policies file.
I read in somewhere in the forum if the applet is signed the user doesn't need to change anything... then I sign the applet. But it doesn't work. It looks to me that signing the applet is not enough to allows the connection.
But I don't sure.
Some body had had the same problem or am I doing some thing wrong?? Other Ideas
By the way, sorry for my bad english, I hope you can understand what I am saying.
Bye, and thanks by advance

4NDR01D3 wrote:
Thanks for the answer.
That's a good test, I put some code before the DB connection to create a file:
              File file = new File("tavo.txt");
             boolean success = file.createNewFile();
             if (success) {
                  javax.swing.JOptionPane.showMessageDialog(null, "YES");
                 // File did not exist and was created
             } else {
                  javax.swing.JOptionPane.showMessageDialog(null, "NO");
                 // File already exists
             }And surprisingly it creates the file. but doesn't connect to the database.
I Sign the applet by command line, like this:
keytool -genkey -alias signFiles -keystore compstore -keypass pass -dname "cn=salazar" -storepass pass
jarsigner -keystore compstore -storepass pass -keypass pass -signedjar Sproceso.jar proceso.jar signFiles
baftos wrote:Or at least one of the classes that are on the stack when you cpnnect to the database does not come from > the signed jar.Out of the Jar are the JDBC files(postgres.jar), it could be the problem??Your JAR is signed OK and this is good.
DB connections are not prohibited as such.
What is prohibited are Socket connections, which DB connections use internally.
Therefore, if any of the classes on the stack, when the Socket connection occurs
is not from your jar, it will fail. Therefore, the 3rd party files must be all in your jar.
Technically, this is easy: explode their jar and create your jar in such a way as to contain
all the files from their jar as well. Do it just as an experiment. If it works, read well
their licensing terms, which may forbid this. If they forbid it or if in doubt, contact them.

What are the default permissions for "self-signed" applets?

Hello!
I have a self-signed applet (=signed with a self made certificate) and under most plugin-enviroments java asks the user if it accepts this certificate as trustworth.
On my linux-box I do not have any problems to write files to the local filesystem after I accepted this self-signed applet.
However I've often read that users must grant some permissions even for signed applets, so is there a list of permissions that are denied by default?
Are there differences between java releases starting with 1.2.2?
Thanks in advance, lg Clemens

Default settings are like you said, jre asks the user and everything will work.
Unless.your applet uses classes that are not signed like with calls from javascript to your applet the plugin.jar is used and you'll get an exception when writing to files.
When writing to files the OS might not allowe the user to write to a certain file or folder.
Don't know what type of exception will be thrown if the OS doesn't allowe it but it has
nothing to do with applet permissions.
To change the default setting you can add the following line in the grant { bit of the
java.policy
permission java.lang.RuntimePermission "usePolicy";
When this line is there all signatures will be ignored and an applet can only do extra
things (like access to local files) if a policy is set up for this applet.
To find out what's wrong at your clients site you should ask them to send a full trace
and check that. I hope you did a .printStacktrace() on the exception in your code so
you can see if any other classes are involved when the exception is thrown.
To turn the full trace on (windows) you can start the java console, to be found here:
C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
In the advanced tab you can fill in something for runtime parameters fill in this:
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
if you cannot start the java console check here:
C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
I think for linux this is somewhere in youruserdir/java (hidden directory)
add or change the following line:
javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
for 1.5:
deployment.javapi.jre.1.5.0.args=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
The trace is here:
C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
I think for linux this is somewhere in youruserdir/java (hidden directory)

Signed applet don't work on XP

Hi,
I'am currently working on a point-of-sale (POS) using windows XP/Firefox and a linux apache/jboss server.
I have developed a dynamic windows library in order to use an industrial printer connected to the POS to perform some printing without confirmation of the customer.
The POS is under Windows XP SP2 and use Firefox 2.0.0.11/JRE 1.5.0.14.
This dll is used by a signed applet located on the apache/jboss server.
The applet is correctly downloaded by the client, but normally i have to wait for the certicat authentification windows appearing and for confirming that i want execute the applet. And instead i have a java exception :
security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
security: Aucune information d'horodatage disponible
java.lang.NullPointerException
     at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
     at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
     at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
     at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
     at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
     at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
     at java.security.SecureClassLoader.defineClass(Unknown Source)
     at java.net.URLClassLoader.defineClass(Unknown Source)
     at java.net.URLClassLoader.access$100(Unknown Source)
     at java.net.URLClassLoader$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.net.URLClassLoader.findClass(Unknown Source)
     at sun.applet.AppletClassLoader.findClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadCode(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
security: L'utilisateur a refus� les droits d'acc�s au code
basic: Taille de cache du chargeur de classes courant : 1
basic: Termin�...
basic: Jonction du thread d'applet...
basic: Destruction de l'applet...
basic: Elimination de l'applet...
basic: Sortie de l'applet...
java.lang.ExceptionInInitializerError
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
     at java.lang.reflect.Constructor.newInstance(Unknown Source)
     at java.lang.Class.newInstance0(Unknown Source)
     at java.lang.Class.newInstance(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.C:\Program Files\BICImpression\impression_api.dll)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkLink(Unknown Source)
     at java.lang.Runtime.load0(Unknown Source)
     at java.lang.System.load(Unknown Source)
     at applets.impression.Impression.<clinit>(Impression.java:38)
     ... 11 moreand then the certicat authentification windows appears but it's too late, the applet won't never execute ...
the apache/jboss server is accessed via some gateway, firewal, ... tha t i can't control
the apache jboss/server on my own PC is accessed directly :
What is amazing, is that work fine with my own professionnal PC on W2000 SP4, with JRE1.5.0.14 and Firefox 2.0.0.11 :
when I look in the java console, the java freeze until i have answered this java security window (certicat authentification windows). And when i answered "run" no problem the applet makes her own job.
here is the code when it works :
security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
security: Aucune information d'horodatage disponible
basic: Plugin modality.pushed
basic: Modalit� empil�e
basic: push javax.swing.JDialog[dialog0,379,296,519x323,layout=java.awt.BorderLayout,modal,title=Avertissement - S�curit�,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,22,513x298,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
basic: Chargement arr�t�...
basic: Arr�t de l'applet...Conclusion
POS : Win XP SP2, JRE1.5.0.14 (i tried 1.5.0.6 and 1.6.3 the latest), Firefox 2.0.0.11 (I tried 2.0.0.0 and 3 beta2 don't work anyway)
my own server/client : W2000 SP4, JRE1.5.0.14, Firefox 2.0.0.11
Linux server : RHEL4
It works with IE on the POS with the linux sever but it's not the selected browser.
It works with IE on the POS with my own server.
It works with Firefox on the POS with my own server.
It works with IE on my own server with the linux sever but it's not the selected browser.
It works with IE on my own server with my own server.
It works with Firefox on my own server with the linux sever.
It works with Firefox on my own server with my own server.
If you have some idea to make it work i'm you're buyer !!
Thank a lot for reading this, and i apologize for my poor english ...
greetings,
Benoit
Edited by: bendur on Feb 29, 2008 3:49 AM

Ok I have found my problem :
On every web pages, we have defined some inactivity timeouts.
On my own server I have disabled these timeouts but not on the distant timeout.
And it seems that the timeout (defined in javascript ont he web pages : 3s) has a very bad influence on the launching of my applet ... only with firefox (with IE and Opera no problem)
My problem is anwsered but the problem keep alive for firefox ...

IIS, Javascript, Signed Applet and ASP Blank Page Problem

Hi,
I'm having a problem using a Signed Applet in a site that runs in a IIS (Windows Server 2003).
My aspx web page uses the applet to read my smart card and get information from it.
This applet uses an auxiliar dll (stored in a second Signed Jar file) in order to read the information from my smart card.
The way the solution is design:
1) Aspx page is asked from server
2) Internet Explorer recieve the page and asks the server for it content (images, applet, javascripts, etc)
3) After this the JVM runs (console opens)
4) After the Aspx page render fully a javascript register onload fires and call an applet method
5) Applet receive the call and run the logic of the method:
     - reads the smart card;
     - calls Javascript function in order to fill aspx fields with information from smart card
     - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
5) The server makes some logic with the information receive and responds to client registering in aspx page a call to another Javascrit function
6) The client received the asnwer from server and runs the Javascript function registered on step 5)
     This Javascript calls another method from applet and runs the following logic:
     - reads more information from smart card;
     - call javascript function in order to fill more fields of aspx page with the information readed
     - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
7) The server makes some logic and call another pages with no Applets
8) Client asks for a second page with the same applet and we start with another logic express on steps 1);2);3),4);5) and then 7).
This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
When this happens the server just responds with a blank page.
     - with fiddler I can seer the request for the aspx page (that uses the applet)
     - but server responds with a blank html page
The JVM doesn't fire.
The IIS log don't show errors.
The eventviewer doesn't show errors.
The problem is solved with an IIS reset or a Application Pool reset.
After a while the problem returns.
This problem occours for other user in another machine, the server just stops responding correcly to request regarding pages with applets, the other pages still continue to work.
If we disable Java Control Panel->Advanced->Java Plug-in->Enable the next-generation Java Plug-in the problem seend to stop, but we can't force all clients to disable this option right?
Or there is a way to force the Applet to run with this option disabled?
As anyone experience similar problem?
Regards,
OF

This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
When this happens the server just responds with a blank page.
- with fiddler I can seer the request for the aspx page (that uses the applet)
- but server responds with a blank html pageWell, if http requests look identical in case of success and failure (pay attention to cookies, etc) then it has to be something on the server side.
It could be that server gets into this wrong state because of previous requests made by applet but it is hard to tell.
I am not clear how old/new plugin can make a difference unless your applets run in the legacy mode (i.e. you are actually trying to reuse SAME instance of the applet when
it is loaded next time).
I'd start with
1) carefully comparing good/bad sessions
2) checking whether server will serve correct response to another client when it serves "bad" page for current client
3) add debug statements to aspx - it is scripted page, may be some condition is not met and then it returns blank?
4) record all http requests in one session until you get to "error" state and then use any http server testing tool to "replay" this set of requests.
You should be able to get server into the same state without use of applet. Then you can try to tweak set of requests to see what makes a difference.

Signed Applet not loading on Mac OS X if using HTTPS protocol

Hi All,
I need to open a trusted applet on Mac OS 10.2. The applet works fine if using HTTP protocol. But if the protocol used is HTTPS the the applet does not loads and "javax.net.ssl.SSLException - untrusted server cert chain" exception comes on the console.
The error comes for both - Verisign and javakey - signed applet.
On seaching for possible solution on the net, i came across following link: http://www.macosxhints.com/article.php?story=20020525101202503&query=Workaround+for+secure+Java+applet+problems
It says that this is Mac's known bug and gives the workaround as:
1. Access the problematic site with Internet Explorer on Windows. Click on the padlock item and export the certificate to a file.
2. Copy the certificate to your Mac.
3. Use the command
sudo keytool -import -trustcacerts -keystore /Library/Java/Home/lib/security/cacerts -file mycert.cer
to import the certificate file to your keystore (substitute mycert.cer with the name of the file containing the certificate). The keystore is password protected - the default password is "changeit".
4. Restart your browser
But the client cannot be asked to do all this to run the applet.
Is this problem being solved by Mac in their java implementation or is there any other possible solution?
Thanx in advance.
Regards,
Charu

I am experiencing the same problem - I notice it does not happen on OS9.2 using IE but appears a problem on all browsers on OSX
Apple gave me the following reply.....
Re: Bug ID# 3268633: cannot load applet class under https connection
Hello Andrew,
Thank you for bringing this problem to our attention. We have received feedback
from engineering on your
reported issue.
Please know that to get Java to recognize the certificate you will need to do
one of two things, depending
on which VM you are using. Since you want it to work with Internet Explorer, we
will assume Java 1.3.1.
In Java 1.3.1 you'll need to add the certificate to
/Library/Java/Home/lib/security/cacerts using
/usr/bin/keytool to import the certificate into the certificate database.
In Java 1.4.1 you should be able to just add the certificate to the keychain
using certtool. For more
details on how to do this, please refer to the information found at
<http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html>. After
doing so, if you should require
further help from Apple in resolving this issue, we recommend that you request
assistance from Developer
Technical Support. This must be done by filing a Technical Support Incident.
So I am supposed to tell every Mac user to do the above am I?!!!

Safari will not run a signed applet on mac os x 10.5.7 with new Java update

Hi Everyone,
I've got a problem that hopefully you guys can help me solve. I have an applet that runs on windows, mac and linux that is signed by a verisign certificate my work has. The certificate is valid and everything works just fine on windows and linux, but after I upgraded our macs with the newest java update for mac (which gave macs Java 1.6.13), the applets won't work. When the applet is loaded in Safari or Firefox, it asks if I want to trust the certificate. When I tell it to trust it, Safari comes back with a message saying that it will not trust the code and will treat it as unsigned code.
For a long time the applet was built and signed on windows, but now it can be built and signed on windows and mac. Building and signing on either platform gives the same results and the mac signed applet works just fine on windows.
Has anyone else run across this problem? Any help or advice will be appreciated.
Thanks,
Robbie

BenGlancy wrote:
How did you tell it to fully trust it? I thought the dialog comes up asking the user whether to trust it.
I only ask because it's not practical to expect all users to dig around for settings to trust a particular certificate.They don't have to dig around. When a signed Applet is loaded, if the certificate chain contains a certificate not in the trust store then a dialogue box asks the user if he wants to run it anyway. This dialogue box also has check box to indicate the the user should always trust this certificate and checking this means the user will not be asked again.

Java Applet Window showing on signed applet popups

I have an applet deployed that is signed, but I'm experiencing a very annoying problem with JPopup windows that cross outside the border of the JFrame created by the Applet.
Those pop-up windows still show the warning at the bottom "Java Applet Window". That part is pretty annoying and I don't understand why it's doing that since they are coming from a signed, trusted applet.
Just to be clear, any of the JPopups or JDialogs or anything else we display inside the frame doesn't have this warning since we signed the applet.

Our team is also using a signed applet and are having trouble with popup items not being accessible outside of the JFrame.
In appletviewer the popup (JXDatePicker) is fully accessible. If running in Internet Explorer on Windows 2000 the portion of the popup outside of the JFrame paints correctly but cannot receive click events correctly.
It would be preferrable that if the popup cannot receive events outside of the applet frame that the popup would be smart enough to pop itself fully in the applet frame.
Any suggestions?
Thank you.

Change language on the security warning popup when using signed applets

Hi
Today when we use a signed applet the user get a security warning popup box where the langauge is English.
Is it possible to change the language to other that English and if possible how can this be done ?
Thanks in Advance,
Henrik Rasmussen
Denmark

The Microsoft one is especially annoying because they should know better than to submit from secure to insecure.
Let's say you are currently logged in to a Microsoft account and you click Sign in on MSDN. The site redirects to login.live.com, which recognizes that you are logged in, and generates a page with a hidden form and submits it back to MSDN using a script. This is where the problem is, because the hidden form action URL is not secure, yet it is on a secure page. (See Screen shots)
The workaround (hack, whatever) is to modify the form to a secure address before it is submitted. How can you do that? Since it is impractical to do by hand, you can use an add-on.
In an earlier thread, user thx1200 posted a link to a userscript that fixes this issue on login.live.com. The userscripts''.''org site has seemingly died, but there is a copy on a mirror of that site.
* Earlier thread (long): [https://support.mozilla.org/questions/964250 How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection]
* You need Greasemonkey to run user scripts: https://addons.mozilla.org/firefox/addon/greasemonkey/
* User script install page: [http://userscripts-mirror.org/scripts/show/173384.html Fix security warning for Microsoft Live login]

Deploying Signed Applet to my users

Similar Messages

Maybe you are looking for