Restriction for signed applet

Hi all,
i signed applet which is trying to modify file tmp.txt on client machine. Is there any opportunity for client to forbid this action for signed applet?
I tried use policy file but i was unlucky. It is ok for unsigned applet but what about signed one?
Thank you for your response.
benky

you need to install the jre, and place the win32.dll at JavaSoft\JRE\1.3.1_06\bin, that properties file place at JavaSoft\JRE\1.3.1_06\lib, comm.jar at JavaSoft\JRE\1.3.1_06\lib\ext\
and in ur code try to use it to open ur com port
public String test() {
String drivername = "com.sun.comm.Win32Driver";
try
CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
catch (Throwable th)
{* Discard it */}
drivername = "javax.comm.*";
try
CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
catch (Throwable th)
{* Discard it */}
portList = CommPortIdentifier.getPortIdentifiers();
while (portList.hasMoreElements()) {
portId = (CommPortIdentifier) portList.nextElement();
if (portId.getPortType() == CommPortIdentifier.PORT_SERIAL) {
if (portId.getName().equals("COM2")) {
//if (portId.getName().equals("/dev/term/a")) {
try {
serialPort = (SerialPort)
portId.open("SimpleWriteApp", 2000);
} catch (PortInUseException e) {}
try {
outputStream = serialPort.getOutputStream();
} catch (IOException e) {}
try {
serialPort.setSerialPortParams(9600,
SerialPort.DATABITS_8,
SerialPort.STOPBITS_1,
SerialPort.PARITY_NONE);
} catch (UnsupportedCommOperationException e) {}
int i=0;
while(true)
try {
messageString="hi";
System.out.println(i++);
outputStream.write(messageString.getBytes());
} catch (IOException e)
System.out.println(e);
messageString=String.valueOf(e);
return messageString;
and yet u need to signed the applet
1. Compile the applet
2. Create a JAR file
3. Generate Keys
4. Sign the JAR file
5. Export the Public Key Certificate
6. Import the Certificate as a Trusted Certificate
7. Create the policy file
8. Run the applet
Susan
Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
1. Compile the Applet
In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
javac SignedAppletDemo.java
2. Make a JAR File
Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
jar cvf SignedApplet.jar SignedAppletDemo.class
3. Generate Keys
Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
In her working directory, Susan creates a keystore database and generates the keys:
keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
You can view all keytool options and parameters by typing:
keytool -help
4. Sign the JAR File
JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5. Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5: Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
Ray
Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
6. Import Certificate as a Trusted Certificate
Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
7. Create the Policy File
The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
Ray creates the policy file in his home directory using either policytool or an ASCII editor.
keystore "/home/ray/raystore";
// A sample policy file that lets a JavaTM program
// create newfile in user's home directory
// Satya N Dodda
grant SignedBy "susan"
permission java.security.AllPermission;
8. Run the Applet in Applet Viewer
Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
Html code :
</body>
</html>
<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
width="600" height="400" align="middle"
codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
<PARAM NAME="code" VALUE="SignedAppletDemo.class">
<PARAM NAME="archive" VALUE="SSignedApplet.jar">
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
</OBJECT>
</body>
</html>
appletviewer -J-Djava.security.policy=Write.jp
http://aURL.com/SignedApplet.html
Note: Type everything on one line and put a space after Write.jp
The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
9. Run the Applet in Browser
Download JRE 1.3 from Javasoft
good luck! [email protected]
i already give u many tips, i use 2 weeks to try this to success, hopw that u understand that, a result of success is not important, the process of how to get things done is most usefull!

Similar Messages

  • Default security context for signed applets using WinXP+IE8

    What is the default security context for signed applets from the internet zone using Java 6 and WinXP+IE8 combination? My guess is that all file and socket access available for the user's Windows account is provided to the applet as well. Is this correct and if so, is there a way to limit these access privileges for signed applets from the internet zone?
    This information is surprisingly difficult to find given how security concious people now are using the internet.

    AntonBoer wrote:
    Thank you for your swift reply.
    Unfortunately your answer reflects to my worst fears. Frankly I find this security model naiive. Anyone with euros can get their applet signed so that is no security control at all.The same naive security model applies to just about anything signed and downloaded; not just to Java Applets.
    >
    Working for a corporate IT how I am supposed to allow Java installations on any of our computers with internet access? That automatically means I am providing them as platforms to whoever wishes to run Java code on them (given that the user of course visits the web site). I would have expected Sun to put more effort into this but it appers nothig have changed in this regard for 10 years.I don't see this as a Sun problem; it is indicative of what I consider to be a general security weakness for all computer systems. For example, for Windows, Vista just added more user involvement in the trust process but it still allows programs to run pretty much unconstrained if the user agrees to them running.
    For some time I have advocated a more fine grained approach. I would like to see ALL programs run in a sandbox that a user can specify what and what cannot be done by each individual program. Unfortunately, this would annoy the hell out of most users so it has little chance of every of ever being accepted. The average user just wants a run-and-forget-about-security model.

  • File read access denied for signed applet

    Hi:
    I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
    java.lang.Exception: java.security.AccessControlException:
        access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
        private KeyStore ks;
        private Provider provider;
        private static final String providerName    = "PKCS11";
        private static final String providerLibrary = "aetpkss1.dll";
        public void loadKeyStore(String pin) throws IOException,
         CertificateException, KeyStoreException, NoSuchAlgorithmException {
         if (provider == null)
             registerProvider(providerLibrary);
         try {
             ks = KeyStore.getInstance(providerName,provider);
         } catch (Exception e) {
             throw new KeyStoreException("Failed get keystore instance\n"
                             + e.getMessage());
         try {
             ks.load(null, pin.toCharArray());
         } catch (Exception e) {
             throw new KeyStoreException("Failed load keystore\n"
                             + e.getMessage());
        public void registerProvider(String library)
         throws FileNotFoundException, KeyStoreException {
         String fileName;
         if (new File(library).isAbsolute())
             fileName = library;
         else
             fileName = getAbsolutePath(library);
         if (!(new File(fileName).exists()))
             throw new FileNotFoundException("No such file: " + fileName);
         String config = "name = " + providerName + "\n"
             + "library = " + fileName;
         ByteArrayInputStream confStream =
             new ByteArrayInputStream(config.getBytes());
         try {
             provider = new sun.security.pkcs11.SunPKCS11(confStream);
             Security.addProvider(provider);
         } catch (Exception e) {
             throw new KeyStoreException("Can initialize " +
                             "Sun PKCS#11 provider. Reason: " +
                             e.getCause().getMessage());
        private String getAbsolutePath(String lib) throws FileNotFoundException {
         String[] searchPath;
         /* NOTE: This should be modified to suit different versions of   *
          *       Windows and not just Windows XP                         */
         if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
             searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                             "C:\\java" };
         } else {
             searchPath = new String[] { "/usr/local/lib/" };
         for (int i = 0; i < searchPath.length; i++) {
             if ((new File(searchPath[i] + File.separator + lib).exists()))
              return (searchPath[i] + File.separator + lib);
         throw new FileNotFoundException("Library not in search path " + lib);
        }The above code is called by a java script, the class' constructor is empty.
    The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
    The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
    I have also made a CLI application that uses the above code and it works perfectly.
    So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
    The certificate I generated with
    keytool -genkey -keystore mystore -alias me
    keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
    Thanks! Erik

    The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
    It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
    A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

  • Problem in Granting permissions for Signed Applet

    Hi,
    I have signed my applet with my self generated certificate. The client browser has imported this certificate in his cacerts keystore as trustcacerts. When I grant permission for my client(manually,in the client machine), I have peculiar errors.
    Case 1 : grant codeBase "http://***.XXX.***.XX/-" { permission java.security.AllPermission; };
    This permission works fine. But the client is able to download all applets from the granted machine, including unsigned applets.
    Case 2: grant SignedBy "dcard" codeBase "http://***.XXX.***.XX/-" { permission java.security.AllPermission; };
    If I add the signedBy tag, this particular grant section is completely omitted by the system. That is, the browsers does not recognize the signedBy tag( & its entire grant block) and throws SecurityExceptions for accessing the local machine.
    Please help me to grant permission for the applet coming from a particular source AND signed by a particulr person.
    Thanks in advance,
    Rajesh
    Note : Plug-in is java1.3.0_02. The public certificate is imported as trustcacerts in all cacerts files in system.

    This is the complete Error :
    WARNING: Attempting to use HTTP Firewall Proxy Server
    due to security restrictions: org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No
    org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No
         at com.visigenic.vbroker.gatekeeper.BridgeEx.login(BridgeEx.java:102)
         at com.visigenic.vbroker.gatekeeper.BridgeEx.loginHelper(BridgeEx.java:71)
         at com.visigenic.vbroker.gatekeeper.BridgeEx.bind(BridgeEx.java:200)
         at com.visigenic.vbroker.interceptor.ChainBindInterceptorImpl.bind(ChainBindInterceptorImpl.java:42)
         at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1196)
         at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1361)
         at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1171)
         at com.platform7.persona.acceptor.GacHelper.bind(GacHelper.java:299)
         at com.platform7.persona.acceptor.GacHelper.bind(GacHelper.java:295)
         at GenericApplet.init(GenericApplet.java:40)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No

  • Loading problem for Signed applet on MAC OS

    Hi All
    I�m trying to test my application on MAC OS (For versions: 10.2.6 as well as 10.4.x)
    For MAC 10.2.6 OS Java version is 1.4.1_01 and
    For MAC 10.4.x OS Java version is 1.4.2_07
    The code is compiled on Windows machine having Java version 1.4.2_07
    There�s a functionality which is calling signed applet (signed JAR for applet) and when this functionality is called, following error encounters:
    Java(TM) Plug-in: Version 1.4.1_01
    Using JRE version 1.4.1_01 Java HotSpot(TM) Client VM
    java.io.IOException: Server returned HTTP response code: 403 for URL: http://myMachineName: port/appName/UploadDownloadAppletJava.jar
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:709)
    at sun.plugin.net.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:384)
    at sun.plugin.net.protocol.http.HttpUtils.followRedirects(HttpUtils.java:39)
    at sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:302)
    at sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:128)
    at sun.plugin.cache.JarCache.get(JarCache.java:172)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:93)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:78)
    at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:580)
    at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:541)
    at sun.misc.URLClassPath$3.run(URLClassPath.java:319)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:308)
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:285)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:155)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
    at java.security.AccessController.doPrivileged(Native Method)
    Due to which cannot access Applet class (which is inside UploadDownloadAppletJava.jar) and operation is failed.
    (It works perfectly fine on Windows XP with both IE 6 and Firefox browsers).
    On MAC I'm testing on FireFox.
    Code which calls to applet is:
    <applet
    name=UploadDownloadApplet
    code="UploadDownloadApplet.class"
    codebase=/appName/
    archive=UploadDownloadAppletJava.jar
    width=0 height=0>
    <PARAM NAME=cabbase VALUE=UploadDownloadApplet.cab>
    <PARAM NAME=action VALUE=<%= action %>>
    <PARAM NAME=workingAreaMac VALUE="<%= workingAreaMac %>">
    <PARAM NAME=workingAreaPC VALUE="<%= workingAreaPC %>">
    <PARAM NAME=processId VALUE=<%= processId %>>
    <PARAM NAME=downloadBaseProductInd VALUE=<%= downloadBaseProductInd %>>
    <PARAM NAME=initTime VALUE=<%= initTime %>>
    <PARAM NAME=httpSessionId VALUE="<%= httpSessionId %>">
    <PARAM NAME=userId VALUE="<%= userId %>">
    </applet>
    Please suggest some guidelines

    java.io.IOException: Server returned HTTP response code: 403 for URL:
    http://myMachineName: port/appName/UploadDownloadAppletJava.jar
    Have you tried entering the URL into a browser window and see what happens?
    Message was edited by:
    wangwj

  • Problem on runtime enviorment for signed applet

    I am using the Java Media Framework for video capturing .Problem which i am facing is i have to configure the client machine so i wanted to download few of the class files which will execute on the client side and then stream the video back to the server .For this i have dezigned a java applet.This applet is signed by myself without any external agency so when ever the application is executed where it was signed this application gives no problem but when a different machine access the applet the user is asked for the verification of the applet but the error is thrown stating that the class not found exception .So please guide me that while making a signed applet which all packages need to be signed and what is the procedure .Do i have to sign the jmf packages also .

    I have signed applets but not with jmf. Your best bet is to put the applet in a jar and sign the jar. Most java runtimes with a self signed applet will prompt the user and ask the user if they want to grant permission. You probably have to use the java html converter to code your html to force the use of suns plugin. I am not sure if you have to sign the jmf jars or they may already be signed.

  • Java applet warning keeps coming back for signed applet

    I have an applet signed with certificate issued by a public CA cert verisign. This applet prints document to the printer. When it loads everything looks good and checks on the screen and the user is prompted to allow access to the printer. Even, though the user selects "Allways allow this applet to print" the warning keeps coming back everytime the applet attempts to access the printer.
    I notice other applets work correctly. I veriy the signed jar and it all looks correct every class file comes with smk marking.
    What is going, can someone please help???
    Manuel

    I appreciate the help. but i was able to resolve the problem. Our web page called the applet print method directly from scripting. Apparently that causes the java plugin to warn the user every time.
    To avoid this issue the new print method queues up a print job and a separate thread watches for the queue and picks up the job and prints it. In order to support the same original function, the new print method is syncronized and waits for the job to be queued before it returns.
    Now, there are no warnings even the first time you use the applet.
    [Here is another similar thread.|http://forum.java.sun.com/thread.jspa?forumID=63&threadID=524815]
    Thanks,
    Manuel

  • Java version for signed applets

    Hello,
    I was told I must use jdk 1.3 or 1.4 to sign an applet. We want to use 1.1.8 so that it is not necessary for the client to download a plug-in.
    I have 2 questions.
    1) Is it possible for me to install 1.4 on my machine locally, generate the CSR and keys, then use those to sign an applet running under and compiled using 1.1.8?
    2) If we do upgrade to 1.3 or 1.4 but still compile our applets under 1.1.8, is it possible to sign the applet in this situation?
    Thanks so much for your help!

    Or is there a way to generate a CSR using javakey
    instead of keytool since javakey is supported by
    1.1.8?I'm not sure about javakey as I have not worked with it. I once made an applet that was signed for both MSVM and the SunVM.
    I used the cabsigner from MS Java SDK to sign the cab and the jarsigner to sign the JAR. :)
    Then I specified the archive parameter to the signed jar and the <param name="cabbase" value="signedcab.cab"> in the HTML file.

  • -- Help for signing Applets --

    Good Morning Friends,
    I have completed one Java project. I need to put it to work. But I need to get the applet signed for it to work perfectly.
    I did subscribe yesterday with Verisign/Thawte. But they need to e-mail me which I don't know how much time they take.
    If anyone of you have got registered with VeriSign/Thawte, can you please help me in getting the applet signed. I would appreciate your help. Please.
    Bye.

    If you do not get an answer here, why not try [url http://forum.java.sun.com/forum.jspa?forumID=63]this specific forum?

  • Interpret Yes/No (accept/deny) for signed applets

    Hi,
    I have signed my applet .jar file with an RSA certificate. The applet is working just fine except when the user is to grant access for it. If he waits for a while an exception occurs. It seems like the applet runs EVEN if it has not been granted.
    My question is why and how I can prevent this from happening. Is there a clear way of reading user input from the permission dialog? Can I put the applet on hold in some way?! This seems quite basic to me, but still I can't find a solution.
    It is very crusial for me to know whether the user grants the applet permission or not. The flow of the applet depends upon this.
    Btw I get the following exception:
    java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkExec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at java.lang.Runtime.exec(Unknown Source)
         at se.infogate.hitnet.client.ip.impl.Win2KXPIPConfig.config(Win2KXPIPConfig.java:31)
         at se.infogate.hitnet.client.ip.IPConfigApplet.changeIP(IPConfigApplet.java:66)
         at se.infogate.hitnet.client.ip.IPConfigApplet.start(IPConfigApplet.java:46)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Many thanks in advance!
    /Henrik

    You can't access the dialog, but you can always use AccessController.checkPermission(perm); to check whether you have permissions or not. You could place the check in the applet initialisation and display a notice to the user that he/she must grant the privileges.

  • Cheepest certificate for signing applets

    Hello,
    I just would like to make disappear the message "Java Applet Window" from my frame applets.
    Is there any free certificate available for that? If not, can somebody point me to the place where I can purchase the cheepest certificate?
    Thanks for helping.

    If you're using Plug-in 1.3.1, do a:
    keytool -list -v -keystore "\Program Files\javasoft\jre\1.3.1\lib\security\cacerts"
    to list all the CA certificates that get installed with the Plug-in. You probably don't want to stray from this list no matter how cheap the certificate because then you'd have to have your users import it into their cacerts file.
    From this list, I only looked at VeriSign and Thawte. I believe VeriSign was US$400 and Thawte was US$200, but it's been a while.

  • Sandbox still active for signed applet after 7u21

    Hi all,
    I develop a banking platform, it's deployed with a jnlp and signed with a verisign certificate. Since last 7u21 update it doesn't start because it gets an error in the permissions reading from user.home.
    Till now I've asked our users to go back to a previous version of jre, any ideas ?
    Thanks a lot,
    Stefano

    solved, we have never used
    <security>
    <all-permissions/>
    </security>
    in jnlp, till now it was working, from now on it seems needed.
    Bye,
    Ste

  • Restricting signed applets!

    hi all...
    I have a very direct question, yet for hours i've been scouring around for a direct answer. just tell me, for a signed applet, does it haf ALL PERMISSIONS? is it not possible to restrict a signed applet, for example, able to read a file but cannot write a file? could this actually be set inside the java.policy file?
    i haf read many forums, some saying signed applet will haf all permissions, while others saying otherwise. if we set the "usepolicy" property permission, i understand that signed or unsigned is no different, both adhering to the policy file, but that's not what i want. i've read that by not using "usepolicy", u can only grant permissions for unsigned applets in the policy file. is this true?
    i know i'm long winded, but this is frustrating...
    let's assume i'm using j2sdk 1.4.2_06.
    can we clear this issue once and for all?
    p/s: on a personal note, i think that if u cant restrict what a signed applet can do, that is reaaaaalllyyyyyyy bad....

    could this actually be set inside the java.policy file?Yes, in the java.policy under grant {
    permission java.lang.RuntimePermission "usePolicy";
    This will tell the jre to use policy for all applets including the signed ones.
    The following:
    grant codebase = "http://www.google.com/-" {
    permission java.lang.RuntimePermission "usePolicy";
    Will tell the jre to use policy for all the applets comming from google.
    There is a way to grant based on who signed the applet but I never got it working:
    http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
    You are looking for a policy that is used for all signed applet, I guess that is the policy
    I never got working.
    Here is the tutorial on the java.policy
    http://java.sun.com/docs/books/tutorial/security1.2/toolsign/wstep3.html

  • 6 Step Signed Applet for IE

    last week I have the problem for Signed Applet,
    and I hope this will Help You.
    but, I am sorry
    for Netscape, it's not done yet.
    So, here are the Step for IE
    1. Create you java code (takepic.java)
         in your code write the securiy permission
         if(Class.forName("com.ms.security.PolicyEngine") != null)
    mlabel.setText("Done IE");
    PolicyEngine.assertPermission(PermissionID.UI);
         write your permission you want at the PermissionID target
    2. Create Cab File
         cabarc -p -r -s 6144 N takepic.cab takepic.class
    3. Create certificate
         makecert -sk private -n "cn=I Gusti Putu Anom" anom.cer
    4.create spc from certificate
         cert2spc anom.cer anom.spc
    5. create ini file contains permission you want (example perms.ini)
         [com.ms.security.permissions.PrintingPermission]
         [com.ms.security.permissions.PropertyPermission]
         Unrestricted=false
         IncludedProperties=java.vendor
         [com.ms.security.permissions.ThreadPermission]
         AllThreadGroups=true
         AllThreads=true
         [com.ms.security.permissions.UIPermission]
         ClipboardAccess=true
         TopLevelWindows=true
         NoWarningBanners=true
         FileDialogs=true
         EventQueueAccess=true
    6. signcode -j javasign.dll -jp perms.ini -spc anom.spc -k private takepic.cab
    for Netscape, you must use PrivilegeManager and you must create a jar file
         if(Class.forName("netscape.security.PrivilegeManager") != null)
    PrivilegeManager.enablePrivilege("SuperUser");
    you can find package for netscape at C:\Program Files\Netscape\Communicator\Program\java\classes\java40.jar
    for IE, you can find it at C:\WINNT\java\Packages\GI53BPN9.zip
    you can find the article at :
    http://www.ddj.com/articles/1999/9902/9902h/9902h.htm
    regards,
    I Gusti Putu Anom A
    Software Engineer
    Balicamp
    Bali - Indonesia

    I used the file from C:\WINNT\java\Packages\ folder.
    I used GI53BPN9.zip (My OS is Windows 2000)
    there are 8 files on this folders
    Windows 2000 and Windows NT has diferrent name for the package file.
    I think you should use all the zip file from "C:\WINNT\java\Packages\", Because I'm not sure which file contain com.ms.security on your computer.

  • Signed applets and restrictions ?

    Hello,
    I've a question regarding applets security : in fact I've tried to sign myself a Jar file containing all required classes for an application (using the jarsigner tool from Sun). However I'm still getting security problems even of it was digitally signed ans don't understand exactly the causes : Could somebody explain me them ? I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ? Would it mean that we can't get these permissions without paying any submissions ?
    TU a lot...
    PA
    http://wwww.doffoel.com

    I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ?
    Its not compulsory to go to verisign for signing your applet. You can also create your own certificates with Java's keytool. Its 200% free of cost. However, if you are inclined to build a commercial application, where you don't know the clients, who download the applet, get certs from verisign , Thales et al.
    Would it mean that we can't get these permissions without paying any submissions ?
    No. Not at all. You can always make a descent application without going to the standard certificates and without paying $$$.
    Post your quetions in http://forum.java.sun.com/forum.jsp?forum=63 for expert answers.
    Have a look at this famous thread for signing applets.
    http://forum.java.sun.com/thread.jsp?forum=63&thread=132769
    good wishes,
    Rajesh

Maybe you are looking for

  • Problem in query

    hi i have a table with the column emp_no,sr_name,supervisor_name,supervisor_id. all fields contains values except supervisor_id. i ned to write the code to fill the supervisor_id. the logic is ,check the supervisor name with sr_name, if the superviso

  • Adobe Flash CS5.5 Crashes while drawing/dragging objects.

    I have experienced quite a few crashes trying out Adobe Creative Suite CS5.5 Premium when it comes to using Flash Professional CS5.5. I have documented one of the crashes at a pastebin entry, which I will link it and an earlier crash log dump below.

  • HOW TO KNOW THE  EACH PURCHASE ORDERS GROSS INVOICE  VALUE

    HI SIR, ANY  BODY PLESAE TELL ME HOW TO KNOW THE  EACH PURCHASE ORDERS GROSS INVOICE  VALUE BY GROUP WISE PER SPECIFIC TIME PERIOD.

  • Logic Pro 9 asking for original serial number

    Hi Having Logic authorization problems. I just bought a new macbook pro. I cloned the harddrive my old macbook (running Logic 9 in OSX Lion) and then cloned to the new macbook pro. Whn I try to open Logic Pro 9 - it asks for a serial number. When I e

  • Querry for Cost components

    Hi Gurus, I need to make a Querry for Future Cost estimate (ZPLPR) with break-up of all cost components, could any one please tell me how to get all cost componets? in to Querry I wwant to make SQ01 querry if not SQVI, ---Thanks &Regards Paartha