Restricting signed applets!

hi all...
I have a very direct question, yet for hours i've been scouring around for a direct answer. just tell me, for a signed applet, does it haf ALL PERMISSIONS? is it not possible to restrict a signed applet, for example, able to read a file but cannot write a file? could this actually be set inside the java.policy file?
i haf read many forums, some saying signed applet will haf all permissions, while others saying otherwise. if we set the "usepolicy" property permission, i understand that signed or unsigned is no different, both adhering to the policy file, but that's not what i want. i've read that by not using "usepolicy", u can only grant permissions for unsigned applets in the policy file. is this true?
i know i'm long winded, but this is frustrating...
let's assume i'm using j2sdk 1.4.2_06.
can we clear this issue once and for all?
p/s: on a personal note, i think that if u cant restrict what a signed applet can do, that is reaaaaalllyyyyyyy bad....

could this actually be set inside the java.policy file?Yes, in the java.policy under grant {
permission java.lang.RuntimePermission "usePolicy";
This will tell the jre to use policy for all applets including the signed ones.
The following:
grant codebase = "http://www.google.com/-" {
permission java.lang.RuntimePermission "usePolicy";
Will tell the jre to use policy for all the applets comming from google.
There is a way to grant based on who signed the applet but I never got it working:
http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
You are looking for a policy that is used for all signed applet, I guess that is the policy
I never got working.
Here is the tutorial on the java.policy
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/wstep3.html

Similar Messages

  • Restriction for signed applet

    Hi all,
    i signed applet which is trying to modify file tmp.txt on client machine. Is there any opportunity for client to forbid this action for signed applet?
    I tried use policy file but i was unlucky. It is ok for unsigned applet but what about signed one?
    Thank you for your response.
    benky

    you need to install the jre, and place the win32.dll at JavaSoft\JRE\1.3.1_06\bin, that properties file place at JavaSoft\JRE\1.3.1_06\lib, comm.jar at JavaSoft\JRE\1.3.1_06\lib\ext\
    and in ur code try to use it to open ur com port
    public String test() {
    String drivername = "com.sun.comm.Win32Driver";
    try
    CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
    catch (Throwable th)
    {* Discard it */}
    drivername = "javax.comm.*";
    try
    CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
    catch (Throwable th)
    {* Discard it */}
    portList = CommPortIdentifier.getPortIdentifiers();
    while (portList.hasMoreElements()) {
    portId = (CommPortIdentifier) portList.nextElement();
    if (portId.getPortType() == CommPortIdentifier.PORT_SERIAL) {
    if (portId.getName().equals("COM2")) {
    //if (portId.getName().equals("/dev/term/a")) {
    try {
    serialPort = (SerialPort)
    portId.open("SimpleWriteApp", 2000);
    } catch (PortInUseException e) {}
    try {
    outputStream = serialPort.getOutputStream();
    } catch (IOException e) {}
    try {
    serialPort.setSerialPortParams(9600,
    SerialPort.DATABITS_8,
    SerialPort.STOPBITS_1,
    SerialPort.PARITY_NONE);
    } catch (UnsupportedCommOperationException e) {}
    int i=0;
    while(true)
    try {
    messageString="hi";
    System.out.println(i++);
    outputStream.write(messageString.getBytes());
    } catch (IOException e)
    System.out.println(e);
    messageString=String.valueOf(e);
    return messageString;
    and yet u need to signed the applet
    1. Compile the applet
    2. Create a JAR file
    3. Generate Keys
    4. Sign the JAR file
    5. Export the Public Key Certificate
    6. Import the Certificate as a Trusted Certificate
    7. Create the policy file
    8. Run the applet
    Susan
    Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
    1. Compile the Applet
    In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
    javac SignedAppletDemo.java
    2. Make a JAR File
    Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
    jar cvf SignedApplet.jar SignedAppletDemo.class
    3. Generate Keys
    Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
    In her working directory, Susan creates a keystore database and generates the keys:
    keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
    This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
    The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
    The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
    You can view all keytool options and parameters by typing:
    keytool -help
    4. Sign the JAR File
    JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
    jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
    The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
    5. Export the Public Key Certificate
    The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
    The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
    5: Export the Public Key Certificate
    The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
    In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
    keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
    Ray
    Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
    6. Import Certificate as a Trusted Certificate
    Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
    keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
    7. Create the Policy File
    The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
    Ray creates the policy file in his home directory using either policytool or an ASCII editor.
    keystore "/home/ray/raystore";
    // A sample policy file that lets a JavaTM program
    // create newfile in user's home directory
    // Satya N Dodda
    grant SignedBy "susan"
    permission java.security.AllPermission;
    8. Run the Applet in Applet Viewer
    Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
    Html code :
    </body>
    </html>
    <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
    width="600" height="400" align="middle"
    codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
    <PARAM NAME="code" VALUE="SignedAppletDemo.class">
    <PARAM NAME="archive" VALUE="SSignedApplet.jar">
    <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
    </OBJECT>
    </body>
    </html>
    appletviewer -J-Djava.security.policy=Write.jp
    http://aURL.com/SignedApplet.html
    Note: Type everything on one line and put a space after Write.jp
    The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
    Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
    9. Run the Applet in Browser
    Download JRE 1.3 from Javasoft
    good luck! [email protected]
    i already give u many tips, i use 2 weeks to try this to success, hopw that u understand that, a result of success is not important, the process of how to get things done is most usefull!

  • Signed applets and restrictions ?

    Hello,
    I've a question regarding applets security : in fact I've tried to sign myself a Jar file containing all required classes for an application (using the jarsigner tool from Sun). However I'm still getting security problems even of it was digitally signed ans don't understand exactly the causes : Could somebody explain me them ? I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ? Would it mean that we can't get these permissions without paying any submissions ?
    TU a lot...
    PA
    http://wwww.doffoel.com

    I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ?
    Its not compulsory to go to verisign for signing your applet. You can also create your own certificates with Java's keytool. Its 200% free of cost. However, if you are inclined to build a commercial application, where you don't know the clients, who download the applet, get certs from verisign , Thales et al.
    Would it mean that we can't get these permissions without paying any submissions ?
    No. Not at all. You can always make a descent application without going to the standard certificates and without paying $$$.
    Post your quetions in http://forum.java.sun.com/forum.jsp?forum=63 for expert answers.
    Have a look at this famous thread for signing applets.
    http://forum.java.sun.com/thread.jsp?forum=63&thread=132769
    good wishes,
    Rajesh

  • File read access denied for signed applet

    Hi:
    I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
    java.lang.Exception: java.security.AccessControlException:
        access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
        private KeyStore ks;
        private Provider provider;
        private static final String providerName    = "PKCS11";
        private static final String providerLibrary = "aetpkss1.dll";
        public void loadKeyStore(String pin) throws IOException,
         CertificateException, KeyStoreException, NoSuchAlgorithmException {
         if (provider == null)
             registerProvider(providerLibrary);
         try {
             ks = KeyStore.getInstance(providerName,provider);
         } catch (Exception e) {
             throw new KeyStoreException("Failed get keystore instance\n"
                             + e.getMessage());
         try {
             ks.load(null, pin.toCharArray());
         } catch (Exception e) {
             throw new KeyStoreException("Failed load keystore\n"
                             + e.getMessage());
        public void registerProvider(String library)
         throws FileNotFoundException, KeyStoreException {
         String fileName;
         if (new File(library).isAbsolute())
             fileName = library;
         else
             fileName = getAbsolutePath(library);
         if (!(new File(fileName).exists()))
             throw new FileNotFoundException("No such file: " + fileName);
         String config = "name = " + providerName + "\n"
             + "library = " + fileName;
         ByteArrayInputStream confStream =
             new ByteArrayInputStream(config.getBytes());
         try {
             provider = new sun.security.pkcs11.SunPKCS11(confStream);
             Security.addProvider(provider);
         } catch (Exception e) {
             throw new KeyStoreException("Can initialize " +
                             "Sun PKCS#11 provider. Reason: " +
                             e.getCause().getMessage());
        private String getAbsolutePath(String lib) throws FileNotFoundException {
         String[] searchPath;
         /* NOTE: This should be modified to suit different versions of   *
          *       Windows and not just Windows XP                         */
         if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
             searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                             "C:\\java" };
         } else {
             searchPath = new String[] { "/usr/local/lib/" };
         for (int i = 0; i < searchPath.length; i++) {
             if ((new File(searchPath[i] + File.separator + lib).exists()))
              return (searchPath[i] + File.separator + lib);
         throw new FileNotFoundException("Library not in search path " + lib);
        }The above code is called by a java script, the class' constructor is empty.
    The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
    The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
    I have also made a CLI application that uses the above code and it works perfectly.
    So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
    The certificate I generated with
    keytool -genkey -keystore mystore -alias me
    keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
    Thanks! Erik

    The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
    It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
    A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

  • Signed Applet problems in Vista + JMF

    Hi All,
    I'm new to Java Applet programming. I wrote an application which works as a VoIP Client in a webpage (Using JMF). Its working very fine in allmost all Windows XP machines.
    But not in Windows Vista machines. In Vista i'm getting the following error :
    "No permission to capture from applet" - Since its a Signed applet. The application is digitally signed from a CA. Even though its not working in Vista (IE and Mozilla Firefox also).
    I have went through the following link which says IE in Vista will run on protected mode, so Signed Applet will not have all the permission eventhough its signed for "AllPermission".
    ----- http://java.sun.com/javase/6/webnotes/install/system-configurations.html
    And also I'm not able to create a customized jar file for JMF using JMF Customizer. (JMF Customizer is an application which creates a jar file with specified classes). While creating a jar file I'm getting particular class is not available. (In Windows XP, this class is compilled at run time).
    Please let me know the following things,
    a) Is there any security settings i have to make to run Signed Applet in Windows Vista ?
    b) What is Java Policy file? I don't have any policy file - will it affect the application ?
    c) Do I need to sign each applet (say i have 5 applets in single jar file) ?
    d) In Vista how Mozilla Firefox are running (like IE7's restricted environment or XP compatiable mode) ?
    Thanks in Advance,
    Karthikeyan R

    I have exatly the same problem but not with the class itself. I have the problem with an jar that my class calls.
    I use jdk1.4.2. I think it's basicaly the same problem as "lfpgMW".
    I'll also whould like an idea...
    thanks

  • Signed applet stopped working in 1.4.2_04

    We have a signed applet that accesses the file system. After installing 1.4.2_04 it produces this exception
    java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkExec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at edu.nebraska.foundation.applets.AccessApplet.openNewSession(AccessApplet.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
         at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
         at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
    java.lang.Exception: java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute)
         at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
         at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
    .This was working in 1.4.2 and 1.3.1_08. Anyone else have this problem?

    Sorry, copied and pasted the following, hope it helpes.
    The following examples are for a win 2000 machine, for linux
    you have to use alternative paths but I think the commands
    are about the same.
    The SUN jre doesn't care about IE settings, if an applet is signed it will ask the user "do you trust", if
    the user chooses yes or always the applet can do pretty much anything.
    Because anybody can sign an applet so it will pop up the do
    you trust dialog I prevent this dialog from popping up by
    adding the following to the
    C:\Program Files\Java\j2re****\lib\security\java.policy
    under grant { [/b]
    [color red]
    permission java.lang.RuntimePermission "usePolicy";
    [color]
    You now need to set up special permissions for sites that
    need it, signed applets get no special treatment since you
    specified in the java.policy that policy should allways be
    used.
    When your applet needs to do something it normally could
    not do (applet security) [b]and it needs to do this
    when a user clicks on a html button (applet method called
    from javascript), than all the signing and policy settings
    in the world wouldn't work Unless you grant all permission
    to all code.
    This is because the Java Plug-in executes methods with
    applet sandbox security restrictions.
    http://archives.java.sun.com/cgi-bin/wa?A2=ind0404&L=java-security&F=&S=&P=4012
    To solve this you can start a new thread that checks ...
    times a second if a variable meets certain conditions.
    These conditions are changed with public methods called
    from JavaScript. When a variable meets certain Conditions
    this thread will start the method that will perform
    normally restricted tasks.
    Here is an example where the applet doesn't work
    (the batchfile, html file are OK)
    Note that running this code with Mozilla on my w2k machine
    crashes Mozilla (not on my Fedora machine)
    Batch file to sign the applet: (please note this will
    delete some files)
    del *.cer
    del *.com
    del *.jar
    del *.class
    javac -classpath ".;C:\Program Files\Java\j2re1.4.2_04\lib\plugin.jar" test.java
    keytool -genkey -keystore harm.com -keyalg rsa -dname "CN=Harm Meijer, OU=Technology, O=org, L=Amsterdam, ST=, C=NL" -alias harm -validity 3600 -keypass pass -storepass pass
    jar cf0 test.jar test.class
    jarsigner -keystore harm.com -storepass pass -keypass pass -signedjar sTest.jar test.jar harm
    del *.classThe html page:
    <DIV id="dvObjectHolder">  </DIV>
    <br><br>
    <script>
    if(window.navigator.appName.toLowerCase().indexOf("netscape")!=-1){ // set object for Netscape:
         document.getElementById('dvObjectHolder').innerHTML = "        <object ID='appletTest1' classid=\"java:test.class\"" +
                    "height=\"0\" width=\"0\" onError=\"changeObject();\"" +
              ">" +
                    "<param name=\"mayscript\" value=\"Y\">" +
                    "<param name=\"archive\" value=\"sTest.jar\">" +
            "</object>";
    }else if(window.navigator.appName.toLowerCase().indexOf('internet explorer')!=-1){ //set object for IE
         document.getElementById('dvObjectHolder').innerHTML =      "<object ID='appletTest1' classid=\"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93\"" +
                   "         height=\"0\" width=\"0\" >" +
                   "   <param name=\"code\" value=\"test.class\" />" +
                      "<param name=\"archive\" value=\"sTest.jar\">" +
                   " </object>"
    </script>
    <LABEL id="lblOutputText">This text will be replaced by the applet</LABEL>
    <BR>
    <input value="Javascript to java" type=button onClick="document.appletTest1.fromJavaScript()"><br>The applet:
    // new class for jsObject!!!! since 1.4.2 compile this:
    // javac -classpath "C:\Program Files\Java\j2re1.4.2_01\lib\plugin.jar" test.java
    // since jaws.jar does not exsist anymore
    // to compile with jaws: javac -classpath "C:\j2sdk1.4.0_03\jre\lib\jaws.jar" test.java
    import netscape.javascript.*;
    public class test extends java.applet.Applet {
        JSObject win;
        JSObject outputLabel;
        public void init() {
             try{
                 win = JSObject.getWindow(this);
                 outputLabel = (JSObject) win.eval("document.getElementById('lblOutputText')");
              outputLabel.setMember("innerHTML", "<center><h1>From Init<br>Your homedir " + System.getProperty("user.home") + "</h1></center>");
            }catch(Exception e){
                 e.printStackTrace();
        public void fromJavaScript(){
             try{
                     outputLabel.setMember("innerHTML", "<center><h1>From javascript<br>Your homedir: "+ System.getProperty("user.home") + "</h1></center>");
            }catch(Exception e){
                 e.printStackTrace();
    }When you put the files in c:\temp, run the batch file to
    compile and sign the applet and then open the html file you
    will be asked if you trust ... you can say yes and from
    init the applet can read user.home. Click on the button and
    you will get the following stack trace:
    java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
         at java.lang.System.getProperty(Unknown Source)
         at test.fromJavaScript(test.java:20)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
         at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
         at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.plugin.com.DispatchImpl.invoke(Unknown Source)Conclusion: the applet can read user.home but not from
    JavaScript.
    Here is the applet that does work because a method called
    from javaScript doesn't perform a restricted task.
    // new class for jsObject!!!! since 1.4.2 compile this:
    // javac -classpath "C:\Program Files\Java\j2re1.4.2_01\lib\plugin.jar" test.java
    // since jaws.jar does not exsist anymore
    // to compile with jaws: javac -classpath "C:\j2sdk1.4.0_03\jre\lib\jaws.jar" test.java
    import netscape.javascript.*;
    public class test extends java.applet.Applet {
         JSObject win;
         JSObject outputLabel;
         boolean buttonFromJavaClicked = false;
         checkJavaScriptEvent evt = new checkJavaScriptEvent();
         public void init() {
              try {
                   evt.start();
                   win = JSObject.getWindow(this);
                   outputLabel =
                        (JSObject) win.eval("document.getElementById('lblOutputText')");
                   outputLabel.setMember(
                        "innerHTML",
                        "<center><h1>From Init<br>Your homedir "
                             + System.getProperty("user.home")
                             + "</h1></center>");
              } catch (Exception e) {
                   e.printStackTrace();
         public void fromJavaScript() {
              buttonFromJavaClicked = true;
         private void fromJavaScript2() {
              System.out.println("fromjavascript2 is started");
              try {
                   String strLbl =
                        "<center><h1>From javascript<br>Your homedir: "
                             + System.getProperty("user.home")
                             + "</h1></center>";
                   outputLabel.setMember("innerHTML", strLbl);
              } catch (Exception e) {
                   e.printStackTrace();
         class checkJavaScriptEvent extends Thread {
              public void run() {
                   while (true) {
                        if (test.this.buttonFromJavaClicked) {
                             System.out.println("OK buttonfromjava is true");
                             test.this.buttonFromJavaClicked = false;
                             test.this.fromJavaScript2();
                        try {
                             Thread.sleep(300);
                        } catch (Exception e) {
                             System.out.println("exception in sleep");
                             e.printStackTrace();
                             System.exit(1);
    }

  • Problems with Signed Applets

    Hello !
    I have an applet program that displays the content of a batch file in the Applet window.
    To sign the Applet I have converted the corresponding class file to a jar .
    Then using keytool & jarsigner... I had signed it .
    I tried to restrict the enuser form editing the contents of that batchfile's contents.
    To restrict it I had Created a Policy file with only read permission allowed .
    After following the above procedures , when i tried to run my applet, the applet is getting loaded sucessfully with that batch file's content .
    And when i try to edit it , I'm able to edit the contents . I don't how this could be possible bcoz i have set the permission only to read it !
    Any Ideas Please !
    TIA

    in the policy file, you restrict the applet to only read files. but if you have already signed it and clicked Yes on the certification screen when loading the applet, the applet gets full permission.
    the other thing is that you have a textarea field or something, you must set the textarea to readonly.
    if you read in a file's content and display it in a textarea, the user can change the content of the textarea, but if your applet does not write the changes back to the file, the file won't be changed, although the user has changed the textarea content.
    perhaps you might post some more info on the code you are using....

  • Granting SocketPermission using signed applet

    I have had a dream of locally caching a jar file for an applet so that all the code will be on the client machine after the first time the applet was loaded. Basically, I have a very thin applet composed of a jar class loader and a tiny applet which will check for a jar file on the client and download it from the server if it does not exist. These simple classes are in a signed jar file. Basically, this thin applet does the following:
    1) Check for the big, app jar file in c:\Temp
    2) If it does not exist, open a URL input stream and get the big jar
    3) instantiate a jar class loader object on the now local, big jar file
    4) load the "main" class
    5) use reflection to run its initialization method
    6) the application then attempts to open a socket to the server
    I get all the way to step 6 and this is where things go bad. As far as I can tell, the "thin" app loader class has permission to do anything it wants since it was downloaded from a signed jar - I haven't tried to do anything I was not able to do with this class. I think the problem arises because the app class came from a non-signed jar file and it appears to have all the typical applet restrictions. I can make URL connections to the local client (since that's where the code was loaded from), but not anywhere else.
    I was hoping all classes the "thin", privileged class loaded would inherit these privileges, but obviously the class permissions come from where the class was loaded from. This is a bummer and my guesses for solving this problem are:
    1) grant permission to the entry class for the app somehow (I tried something like this by executing the entry method for the app in a AccessController.doPrivieleged block - no luck)
    2) sign the app jar and somehow read and accept its certificate so that all classes loaded from this jar are privileged (I am not sure of how to do this)
    I am hoping someone might have an elegant solution to this problem as this is really the last step in my caching solution. By the way, the entry app class is not an applet itself if this is useful information to anyone. The "thin" applet is the only applet and just hands control off to the entry method of the main app class in the jar.
    TIA!

    Signing an applet provides it with the ability to run outside the sandbox. This does not automatically give the applet permission to do anything it wants. The applet must still request the desired permission before actually attempting an operation that requires that permission. Depending on the browser or whether you are relying on the Java plugin, you need to call the necesary security method first. I wrote a signed applet back in May 2000 which also needed socket permission. I don't have access to the code anymore so I cannot recall exactly the classes and methods you need to invoke. If you search the Signed Applets forum for my name, there are several messages that should help you.
    For example:
    http://forums.java.sun.com/thread.jsp?forum=63&thread=132336

  • What EXACTLY is happening when a signed applet loads in a page?

    I'd like to know what happens when a signed applet is loaded in a page with the Java Plug-in. What methods are called, in which order, what happens when the user denies the applet, etc.
    Any links to resources are also welcome.
    Thanks!!

    Hi there,
    Please go thru the following links. I think they are self explanatory and does not need more elaboraion. These links expalin how the Signed Applet is loaded and how does the Class Loader and Code Verifier make it possible for the applet to work within it's security restriction.
    Here are the links:
    1.http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_how.html
    2. http://ntrg.cs.tcd.ie/undergrad/4ba2.96/group2/applets.html
    For more information about policy files you can check the following link:
    http://www.interex.org/pubcontent/enterprise/jan01/14chew.html

  • Uploaded content modification detecting(from Signed Applet)

    Hello,
    I have a question about signed applets and content verification on client machine. Let's consider the following scenario:
    I have uploaded an image to client machine(using signed applet)
    Client have modified the image
    I want to detect that image was modified... And change it to default, stored in web host.
    Is there any way to identify modification? Or maybe there are some other tecniques of storing content to client's machine, not using raw resources?
    Thanks in advance.

    >
    Setting the proxy in the java control panel has no
    effect on the available system properties.
    Rather it has no impact on the VM that the applet runs in. Which is different than saying it has no impact at all.
    I suspect there is a file somewhere that controls the actual system values for applets.
    Given that an app should be able to detect the proxy
    settings of the person running it, how is this
    possible if the properties are not available from
    within the app?What exactly are you trying to do?
    An applet, which is not an app, normally has certain restrictions which would be sufficient for most apps.
    And the proxy setting impacts the VM, nothing else. So if the applet returns null then it means the VM has no setting. That doesn't mean that one or more proxies are not in the chain of communication. But you are not going to get those from the VM.

  • URGENT: Beginner - Signed Applet won't run within Netscape

    Hi all,
    sorry for asking a question you've probably answered before, but I didn't find appropriate material
    while searching this forum.
    Im using Netscape 4.77 on Windows. My approach is to create a signed applet out of one class file, that actually reads and writes files and requires one System Property to be known.
    Therefore i downloaded the Netscape Signing Tool, created a test certificate and installed it in the Communicators certificate database. Then I signed my class file as I was told on Netscapes websites. Everything worked fine and the applet displayed in the browser. Unfortunately the method bound to a button, that does the critical work, doesn't have any effect at all.
    Can you please tell me where I can turn on the equivalent to Microsofts Java Console for IE in Netscape ? I don't even get error messages.
    Next I read some stuff about the Netscape Capability classes and used them as shown in my Applet. I set the classpath correct and everything compiled fine. But still the critical applet method doesn't do a thing at all. What went wrong ?
    Did i put the netscape code at the wrong place (i.e. inside the actionPerformed() method) ?
    Or would you suggest another way to get rid of the security restrictions which is quite more popular these days. All the docs didn't help me out so far.
    Please help me.
    Any help is highly appreciated.
    cu
    oliver

    If you want your Java Applet to use the most current
    functionality then you should deploy your Applet
    with the Java Plugin that will work in Netscape or
    Windows IE.
    Once the Java Plugin is install launch the Java Plugin Control Panel and check the Java console option. This will launch the Java console everytime the Java Plugin is invoked. Reference the following url on how to use
    the Java Plugin:
    http://java.sun.com:80/products/plugin/1.3/docs/index.docs.html
    Even though JDK1.4 is not officially shipping the
    Java Plugin 1.4 documents on Security are fairly
    good. Check out :
    http://java.sun.com:80/j2se/1.4/docs/guide/plugin/developer_guide/contents.html
    http://java.sun.com:80/j2se/1.4/docs/guide/plugin/developer_guide/rsa_how.html
    regards,
    atsSun
    Sun Microsystems

  • Signed Applet and Threads

    I have a signed applet that writes some files to the client's local disk. I modified the applet to spawn the file writing into a separate thread. The thread that the signed applet spawns, however, seems to not retain the security rights that my signed applet has, even though the thread is spawned by the signed applet! I receive access restriction exceptions when I write the files with the second thread, but receive no such exception when doing the same thing in the original signed applet code. Is this how the security model is supposed to work?

    Do you have really problems with files? or with threads... Maybe it would be enough just to allow the threads permisions...

  • Signed applet don't work on XP

    Hi,
    I'am currently working on a point-of-sale (POS) using windows XP/Firefox and a linux apache/jboss server.
    I have developed a dynamic windows library in order to use an industrial printer connected to the POS to perform some printing without confirmation of the customer.
    The POS is under Windows XP SP2 and use Firefox 2.0.0.11/JRE 1.5.0.14.
    This dll is used by a signed applet located on the apache/jboss server.
    The applet is correctly downloaded by the client, but normally i have to wait for the certicat authentification windows appearing and for confirming that i want execute the applet. And instead i have a java exception :
    security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
    security: Aucune information d'horodatage disponible
    java.lang.NullPointerException
         at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
         at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
         at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
         at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
         at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
         at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
         at java.security.SecureClassLoader.defineClass(Unknown Source)
         at java.net.URLClassLoader.defineClass(Unknown Source)
         at java.net.URLClassLoader.access$100(Unknown Source)
         at java.net.URLClassLoader$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(Unknown Source)
         at sun.applet.AppletClassLoader.findClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadCode(Unknown Source)
         at sun.applet.AppletPanel.createApplet(Unknown Source)
         at sun.plugin.AppletViewer.createApplet(Unknown Source)
         at sun.applet.AppletPanel.runLoader(Unknown Source)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    security: L'utilisateur a refus� les droits d'acc�s au code
    basic: Taille de cache du chargeur de classes courant : 1
    basic: Termin�...
    basic: Jonction du thread d'applet...
    basic: Destruction de l'applet...
    basic: Elimination de l'applet...
    basic: Sortie de l'applet...
    java.lang.ExceptionInInitializerError
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
         at java.lang.reflect.Constructor.newInstance(Unknown Source)
         at java.lang.Class.newInstance0(Unknown Source)
         at java.lang.Class.newInstance(Unknown Source)
         at sun.applet.AppletPanel.createApplet(Unknown Source)
         at sun.plugin.AppletViewer.createApplet(Unknown Source)
         at sun.applet.AppletPanel.runLoader(Unknown Source)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.C:\Program Files\BICImpression\impression_api.dll)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkLink(Unknown Source)
         at java.lang.Runtime.load0(Unknown Source)
         at java.lang.System.load(Unknown Source)
         at applets.impression.Impression.<clinit>(Impression.java:38)
         ... 11 moreand then the certicat authentification windows appears but it's too late, the applet won't never execute ...
    the apache/jboss server is accessed via some gateway, firewal, ... tha t i can't control
    the apache jboss/server on my own PC is accessed directly :
    What is amazing, is that work fine with my own professionnal PC on W2000 SP4, with JRE1.5.0.14 and Firefox 2.0.0.11 :
    when I look in the java console, the java freeze until i have answered this java security window (certicat authentification windows). And when i answered "run" no problem the applet makes her own job.
    here is the code when it works :
    security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
    security: Aucune information d'horodatage disponible
    basic: Plugin modality.pushed
    basic: Modalit� empil�e
    basic: push javax.swing.JDialog[dialog0,379,296,519x323,layout=java.awt.BorderLayout,modal,title=Avertissement - S�curit�,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,22,513x298,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
    basic: Chargement arr�t�...
    basic: Arr�t de l'applet...Conclusion
    POS : Win XP SP2, JRE1.5.0.14 (i tried 1.5.0.6 and 1.6.3 the latest), Firefox 2.0.0.11 (I tried 2.0.0.0 and 3 beta2 don't work anyway)
    my own server/client : W2000 SP4, JRE1.5.0.14, Firefox 2.0.0.11
    Linux server : RHEL4
    It works with IE on the POS with the linux sever but it's not the selected browser.
    It works with IE on the POS with my own server.
    It works with Firefox on the POS with my own server.
    It works with IE on my own server with the linux sever but it's not the selected browser.
    It works with IE on my own server with my own server.
    It works with Firefox on my own server with the linux sever.
    It works with Firefox on my own server with my own server.
    If you have some idea to make it work i'm you're buyer !!
    Thank a lot for reading this, and i apologize for my poor english ...
    greetings,
    Benoit
    Edited by: bendur on Feb 29, 2008 3:49 AM

    Ok I have found my problem :
    On every web pages, we have defined some inactivity timeouts.
    On my own server I have disabled these timeouts but not on the distant timeout.
    And it seems that the timeout (defined in javascript ont he web pages : 3s) has a very bad influence on the launching of my applet ... only with firefox (with IE and Opera no problem)
    My problem is anwsered but the problem keep alive for firefox ...

  • IIS, Javascript, Signed Applet and ASP Blank Page Problem

    Hi,
    I'm having a problem using a Signed Applet in a site that runs in a IIS (Windows Server 2003).
    My aspx web page uses the applet to read my smart card and get information from it.
    This applet uses an auxiliar dll (stored in a second Signed Jar file) in order to read the information from my smart card.
    The way the solution is design:
    1) Aspx page is asked from server
    2) Internet Explorer recieve the page and asks the server for it content (images, applet, javascripts, etc)
    3) After this the JVM runs (console opens)
    4) After the Aspx page render fully a javascript register onload fires and call an applet method
    5) Applet receive the call and run the logic of the method:
         - reads the smart card;
         - calls Javascript function in order to fill aspx fields with information from smart card
         - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
    5) The server makes some logic with the information receive and responds to client registering in aspx page a call to another Javascrit function
    6) The client received the asnwer from server and runs the Javascript function registered on step 5)
         This Javascript calls another method from applet and runs the following logic:
         - reads more information from smart card;
         - call javascript function in order to fill more fields of aspx page with the information readed
         - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
    7) The server makes some logic and call another pages with no Applets
    8) Client asks for a second page with the same applet and we start with another logic express on steps 1);2);3),4);5) and then 7).
    This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
    When this happens the server just responds with a blank page.
         - with fiddler I can seer the request for the aspx page (that uses the applet)
         - but server responds with a blank html page
    The JVM doesn't fire.
    The IIS log don't show errors.
    The eventviewer doesn't show errors.
    The problem is solved with an IIS reset or a Application Pool reset.
    After a while the problem returns.
    This problem occours for other user in another machine, the server just stops responding correcly to request regarding pages with applets, the other pages still continue to work.
    If we disable Java Control Panel->Advanced->Java Plug-in->Enable the next-generation Java Plug-in the problem seend to stop, but we can't force all clients to disable this option right?
    Or there is a way to force the Applet to run with this option disabled?
    As anyone experience similar problem?
    Regards,
    OF

    This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
    When this happens the server just responds with a blank page.
    - with fiddler I can seer the request for the aspx page (that uses the applet)
    - but server responds with a blank html pageWell, if http requests look identical in case of success and failure (pay attention to cookies, etc) then it has to be something on the server side.
    It could be that server gets into this wrong state because of previous requests made by applet but it is hard to tell.
    I am not clear how old/new plugin can make a difference unless your applets run in the legacy mode (i.e. you are actually trying to reuse SAME instance of the applet when
    it is loaded next time).
    I'd start with
    1) carefully comparing good/bad sessions
    2) checking whether server will serve correct response to another client when it serves "bad" page for current client
    3) add debug statements to aspx - it is scripted page, may be some condition is not met and then it returns blank?
    4) record all http requests in one session until you get to "error" state and then use any http server testing tool to "replay" this set of requests.
    You should be able to get server into the same state without use of applet. Then you can try to tweak set of requests to see what makes a difference.

  • A sign Applet unable to load "oracle.jdbc.OracleDriver" class

    hi,
    i am chiranjit , i am now working in a web based ERP. where i am using a signed applet which unable to load "oracle.jdbc.OracleDriver" class but it easily loading "sun.jdbc.odbc.JdbcOdbcDriver", i am also giving my code:
    import java.sql.*;
    import java.math.*;
    import java.io.*;
    import java.awt.*;
    class JdbcTest extends Applet{
    public static void main (String args[]) throws SQLException {
    // Load Oracle driver
    DriverManager.registerDriver (new oracle.jdbc.OracleDriver());
    // Connect to the local database
    Connection conn =
    DriverManager.getConnection
    ("jdbc:oracle:thin:@192.168.16.7:1521:kris",
    "plsql", "oracle");
    // Query the employee names
    Statement stmt = conn.createStatement ();
    ResultSet rset = stmt.executeQuery ("SELECT FIRST_NAME FROM
    AUTHORS");
    // Print the name out
    while (rset.next ())
    System.out.println (rset.getString (1));
    // Close the result set, statement, and the connection
    rset.close();
    stmt.close();
    conn.close();
    }

    Hint: The sun.jdbc.odbc.JdbcOdbcDriver is available in any JRE distribution. The Oracle driver is not.

Maybe you are looking for

  • I created a fillable form with drop downs...

    and such using the Adobe Forms Central for my business quotes.  I created the form, saved it as a pdf, tested the form by going through and filling it out with data, whether it was text, dates, or drop down options, and emailed it.  One lady didn't s

  • Failed on my delivery report

    Hi. i sent someone a text on Thursday but they are on holiday at the moment and their phone is switched off. When i normally text them I get a 'delivered' report when they recieve the message. If there phone is switched off, I get a 'pending' report

  • System fiscal year in co code does not match current fiscal year.

    Hi I have seen this problem.I  did run some closing steps and this error gone . Can some one please explain some logic behind this error ? Because I am sure i have not done any specific transaction to match the system fiscal year and current fiscal y

  • IWeb - Trying to insert an xls spreadsheet to my iWeb page

    The first time I tried this I was able to copy and past the link to my web page which would take you to the spreadsheet but now it does not work. Is there a way I could copy and paste the spreadsheet to show on my web page ???

  • Photosmart 8750 - Which to use when printing - sRGB or Adobe RGB?

    I've been printing with the 8750 and previously with the B8350, and have always sent my images to the printer as TIF files in Adobe RGB.  I use conventional softproofing technique in Photoshop CS4 and  get minimal, but expected color shifts (if any).