Self signed Applet - still getting Security Exception...
Hi everyone...
I m new to Java Mail... Nd I m developing a Applet to send mail from my Gmail account, nd I used keytool, jarsigner to Self sign the applet. Nd I wrote a Html page and when calling my applet method using javascript, I m having Security Exception... And I m using Java 1.5 (i.e., J2SE 5)
Here is the sample of my code...
--------- MyMail.java -----------
import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
And all neccessory packages are imported....
public class MyMail extends JApplet
String server = "smtp.gmail.com";
String username;
String password;
String fromAddres="";
String toAddres="";
Other Variable declaration goes here........
Session ses;
Transport tr;
MimeMessage msg;
public void init() //For testing purpose
doLogin("username","password"); //My account details
public void doLogin(String user,String pass)
username = user;
password = pass;
boolean success;
fromAddres = user+"@gmail.com";
toAddres = "[email protected]";
subject = "TEst SubJect";
body = "This is Test Mail";
success = doAuthentication();
if(success)
setHeaders(server,username,password,fromAddres,toAddres,cc,bcc,htmlFormat,subject,body);
sendMail(ses);
doLogout();
public void doLogout()
//Deals with the logout from my account
public boolean doAuthentication()
//Deals with the authentication of my account
// Setting properties, creating a session, getting transport object...
//and returns true if authentication is success, false if not.
public void setHeaders(String server, String username, String password, String fromAddress, String toAddress, String cc, String bcc, boolean htmlFormat, String subject, String body)
//Sets the headers fields for the message (recieved through arguments)
public void sendMail(Session ses)
//Deals with sending mail
class MyPasswordAuthenticator extends Authenticator
//Deals with the authentication of my account
---------- MyMail.html -----------
<html>
<head>
<script language=javascript>
function sendmail()
document.MyMail.doLogin("username","password"); //my account details
</script>
</head>
<body>
<input type=button name=but value=Send mail onclick=sendmail()>
<applet name=MyMail code=MyMail.class
archive=mail.jar,activation.jar,mailplus.jar width=0 height=0>
</applet>
</body>
</html>
And the applet is Self signed using the tools supplied from Java SDK...
it got signed...
And as the applet got loaded when i opend the MyMail.html, as i called the doLogin(..,..) in init() it is sending mail successfully...
The problem is.... As I given the action for my button to send mail (by calling java method from java script i.e., calling doLogin() when the button clicked) I m getting Security Exception
So...anyone plz tell me the solution....
Thnx in advance....
- Kanta
http://www.google.nl/search?hl=nl&q=site%3Asun.com+javascript+signed+applet&btnG=Google+zoeken&meta=
DoPrivileged would solve your problem but I've seen some cases where the
threaded (link mentioned below second post) mothod is the only way it'll work.
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028
Similar Messages
-
For a signed applet am getting java.security.PrivilegedActionException:
I have a signed applet,now for testing it's a self signed applet.
It used for adding files using JFilechooser.
It works fine in my machine with JRE version 1.5.0_12 .
In other machines having jre version with 1.5 onwards it's working fine.
But one problem am facing now is ,whenever we call a method in applet
thorugh javascript it is giving security error . This problem comes only when the applet is running in some other machine having a diff jre (in that system the applet loads well,problem comes only when we access any applet method from a javascript).
Is it due to the diff of java enabled in javascript (at client browser) and in applet (when complied and created the singed jar )
bellow shows part of the error.
java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
... 4 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\dnixon\My Documents\photos\astro1.jpg read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
Please any one help.
thanks in advance
It's very urgent[http://forums.sun.com/thread.jspa?forumID=421&threadID=5308353]
-
Hello java gurus,
I have a self signed applet which must read and write from mysql DB.
The sign is OK, the popup "warning security" is here but I still have a SQL Exception :
java.security.AccessControlException: access denied (java.util.PropertPermission file.encoding read)
I don't want to change the java policy and I work on plugin 1.4.1_02.
I think the problem is with the certificate cause it should give permission to applet, but it doesn't.
Any help will be very pleasantFrom the plug-in control panel, click certificates
then the Signer CA radio button. These are the
certifying authorities that the client plug-in will
accept as valid for signed code. Obviously, if any
client would just accept self-signed code as trusted,
it wouldn't provide much security. For a purely
internal app, you can generate a cert and install it
on the clients which will accept your own signing as
trustworthy.I think I can deal with this properly if you just clear up one thing for me: when you say 'install it on the clients' do you mean use the Plug-In Control Panel to load the certificate using the "Certificates" tab? From there click the "Signed Applet" radio button and "Import" and browse for the cert file? Or does creating this HTML file and clicking on a link to the certificate do something else? I think I am generating my self-signed certificate correctly and signing my jar correctly, but my applet is failing to initialize. Any further help on this much-maligned topic? :)
Thanks,
B. Rintoul -
What are the default permissions for "self-signed" applets?
Hello!
I have a self-signed applet (=signed with a self made certificate) and under most plugin-enviroments java asks the user if it accepts this certificate as trustworth.
On my linux-box I do not have any problems to write files to the local filesystem after I accepted this self-signed applet.
However I've often read that users must grant some permissions even for signed applets, so is there a list of permissions that are denied by default?
Are there differences between java releases starting with 1.2.2?
Thanks in advance, lg ClemensDefault settings are like you said, jre asks the user and everything will work.
Unless.your applet uses classes that are not signed like with calls from javascript to your applet the plugin.jar is used and you'll get an exception when writing to files.
When writing to files the OS might not allowe the user to write to a certain file or folder.
Don't know what type of exception will be thrown if the OS doesn't allowe it but it has
nothing to do with applet permissions.
To change the default setting you can add the following line in the grant { bit of the
java.policy
permission java.lang.RuntimePermission "usePolicy";
When this line is there all signatures will be ignored and an applet can only do extra
things (like access to local files) if a policy is set up for this applet.
To find out what's wrong at your clients site you should ask them to send a full trace
and check that. I hope you did a .printStacktrace() on the exception in your code so
you can see if any other classes are involved when the exception is thrown.
To turn the full trace on (windows) you can start the java console, to be found here:
C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
In the advanced tab you can fill in something for runtime parameters fill in this:
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
if you cannot start the java console check here:
C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
I think for linux this is somewhere in youruserdir/java (hidden directory)
add or change the following line:
javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
for 1.5:
deployment.javapi.jre.1.5.0.args=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
The trace is here:
C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
I think for linux this is somewhere in youruserdir/java (hidden directory) -
Self signed applets are not supported by plug-in
I am using Windows 2000.I am using self signing applet which i have signed with the help of netscape signing tool with test certificate.I have put the zip file in "c:\program Files\netscape\users\default " directory
after signing..While opening it is giving some exception
"java.lang.SecurityException: cannot verify signature block file META-INF/ZIGBERT".
please help me regarding this.
ashok das
otlsoft, bangalore.First you need to install your self signed sertificat into system - only then you'll be able to start applet without problem.
-
**URGENT : signed applet still doesn't get full permissions**
I've bought a Microsoft Authenticode certificate with which I signed a CAB file containing my class files...
On a client machine, the browser detects security stuff but even when one acknowledges, the applet still doesn't get the permission, for instance, to open a directory for reading... a SecurityException is thrown as if the applet was not signed.
Have I forgotten something or did another one wrong ?? Must I set the Security Manager to null ????
It's really urgent, so please reply asap !!!
Thanks,
R�gis KuckaertzJust signing the applet doesn't give it any permissions. You have to assert whatever permissions you want. For example:
import com.ms.security.*; // need dummy classes to compile for non-MS
// check if we are in the MS JVM
if (Class.forName("com.ms.security.PolicyEngine") != null)
// Assert all Permissions
PolicyEngine.assertPermission(PermissionID.SYSTEM);
catch (Throwable cnfe)
System.out.println("Microsoft JVM permissions not asserted.");
System.out.println(cnfe.getMessage());
} -
Why my self-signed applet could not read local disk but could write?
I used a self-signed certificate for the applet yesterday and it worked
fine at the beginning time, that is, it could write/read file to/from
local disk, and it could connect to other MDS servers. But later, a
problem happens. It could write file to local disk(I tested it and created
files to C:/ under windows) but when it try to read that file, it got a
io acessing exception. It could connect to other servers. I am puzzled
about this problem, and I wonder why I could write but could not
read. Need I deal with any policy file issue here?hi,
i 'am doing something which is similar to the stuff ur doing .I wanted to write into file on the local disk on which the applet is running.for this i have signed the applet .do i need to make it self signed wat is difference between the self signed and signed applet .The problem which i facing is that it still gives me the security exception even if i define the policy file for that applet............Can u help me reagrding this
Thanks in advance
your great help would be apprecriated
rao_lavs -
Self sign applet without doing any change in policy file at client end
Hi all,
I developed an applet which make some webservice calls,
I have given following permission in policy file at client end
grant codeBase "http://nta2311:7001/-" {
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.util.PropertyPermission "*", "read, write";
permission java.net.SocketPermission "*", "connect, resolve";
with these settings applet is working fine
Now I want to make applet signed in order to avoid policy file modifications
for testing I want to self sign it
please help meSigning applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
4th post explaining how to set up your own policy with your own keystore
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028 -
Still getting uncaught exception in c++ API running keywords query
When I run a search based on keyword in java application, the first time, most likely the query results is returned, but for the subsequent keywords searches, the application throws the error below...
com.sleepycat.dbxml.XmlException: Uncaught exception from C++ API, errcode = INTERNAL_ERROR
at com.sleepycat.dbxml.dbxml_javaJNI.XmlQueryExpression_execute__SWIG_1(Native Method)
at com.sleepycat.dbxml.XmlQueryExpression.execute(XmlQueryExpression.java:85)
at epss.utilities.XQueryUtil.getQueryResultsByKeywords(XQueryUtil.java:168)
at epss.search.XmlContentByKeywords.getDocumentContentByKeywords(XmlContentByKeywords.java:123)
at com.epss.test.TestApp.main(TestApp.java:83)
I know one of the many things to consider fixing this problem is to make sure all berkeley db xml objects (e.g. xmlContainer, XmlManager, XmlResults, XmlQueryExpression, etc) delete() method is called on those obects once they are done to free resources etc. I've been doing all that and still getting the error. This problem doesn't happen when i run a search for based on id (attribute value).
Note: I'm not explicitly using trasanction since i turned on transaction in EnvironmentConfig to create XmlManager.
This is the method that does the query and return us the results...
* Gets the query results by keywords.
* @param keywords
* the keywords under search
* @param manager
* the object used to perform activities such as preparing XQuery
* queries
* @return the query results by keywords
public static synchronized XmlResults getQueryResultsByKeywords(
final String keywords, XmlManager manager) {
/* Represents a parsed XQuery expression. */
XmlQueryExpression expr = null;
/* Encapsulates the results of a query that has been executed. */
XmlResults results = null;
/* The query context */
XmlQueryContext context = null;
// The value
XmlValue value = null;
// Declare string variables
String query = null;
// Run logic
try {
/* Do null check */
if (manager != null) {
// Make XmlValue object
value = new XmlValue(keywords);
// Get a query context
context = manager.createQueryContext();
// Bind xquery variable value to its variable name
context.setVariableValue(DataConstants.KEYWORD, value);
// Build the query string
query = QueryStringUtil.xQueryStringByKeywords(
DataConstants.ELEMENTS, DataConstants.KEYWORD);
// Compile an XQuery expression into an XmlQueryExpression
expr = manager.prepare(query, context);
// Evaluates the XQuery expression against the containers
results = expr.execute(context);
/* Release resources */
if (results.size() == 0) {
results.delete();
results = null;
// Free the native resources
expr.delete();
// Dereference objects
expr = null;
value = null;
context = null;
query = null;
manager.delete();
manager = null;
return results;
} catch (final XmlException e) {
// Free the native resources
expr.delete();
// dereference objects
expr = null;
value = null;
context = null;
query = null;
// Write to log
WriteLog.logExceptionToFile(e);
return null;
This is the callback method that return the query string...
* Returns query keyword query string to retrive keywords.
* @param elementName The particular node under search
* @param keywords The keywords being searched under the node
* @return The string used for the query
public static synchronized String xQueryStringByKeywords(
final String elementName, final String keywords) {
/* Build query string */
final StringBuffer sb = new StringBuffer();
sb.append("let $found := false\n");
sb.append("let $terms := tokenize($");
sb.append(keywords);
sb.append(", \",\")\n");
sb.append("for $element in collection('");
sb.append(DataConstants.CONTAINER);
sb.append("')");
sb.append("/(FUNDOC | JOBDOC)");
sb.append("//");
sb.append(elementName);
sb.append("//");
sb.append("parent::*[1]");
sb.append("\nlet $found := for $term in $terms\n");
sb
.append(" return if (contains(lower-case($element), lower-case($term)))");
sb.append(" \nthen \"true\"");
sb.append(" else \"false\" \n");
sb.append(" return if ($found = \"false\") \nthen () else $element");
return sb.toString();
Edited by: user3453165 on Jan 20, 2010 7:20 AMI am using berkeley db xml 2.5.13 on windows xp. Yes that's the complete error message. I am going to add my environment class and also part of the keyword search class that extends the environment, which will give u idea about how i'm creating and using transaction. I don't explicitly use transaction. I used to explicitly use it but i thought it's redundant. So when i create the db environment, i just call envc.setTransactional(true) and pass the EnvironmentConfig object (i.e. envc) to the environment to create instance of XmlManager and this is fine. Look below and u will see what i mean. Please let me know if u need more information. Thanks for your help. Appreciate it.
Tue, 2010-01-19 10:58:27 PM
com.sleepycat.dbxml.XmlException: Uncaught exception from C++ API, errcode = INTERNAL_ERROR
at com.sleepycat.dbxml.dbxml_javaJNI.XmlQueryExpression_execute__SWIG_1(Native Method)
at com.sleepycat.dbxml.XmlQueryExpression.execute(XmlQueryExpression.java:85)
at epss.utilities.XQueryUtil.getQueryResultsByKeywords(XQueryUtil.java:166)
at epss.search.XmlContentByKeywords.getDocumentContentByKeywords(XmlContentByKeywords.java:123)
at com.epss.test.TestApp.main(TestApp.java:66)
The environment class...
package epss.core;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import com.sleepycat.db.DatabaseException;
import com.sleepycat.db.Environment;
import com.sleepycat.db.EnvironmentConfig;
import com.sleepycat.dbxml.XmlContainer;
import com.sleepycat.dbxml.XmlContainerConfig;
import com.sleepycat.dbxml.XmlManager;
import com.sleepycat.dbxml.XmlManagerConfig;
import epss.utilities.GlobalUtil;
* Class used to open and close Berkeley Database environment.
public class DatabaseEnvironment {
/** The db env_. */
private Environment dbEnv_ = null;
/** The mgr_. */
private XmlManager mgr_ = null;
/** The opened container. */
private XmlContainer openedContainer = null;
/** The new container. */
private XmlContainer newContainer = null;
/** The path2 db env_. */
private File path2DbEnv_ = null;
/** Whether we are creating or opening database environment. */
private int mode = -1;
/** Constants for mode opening or mode creation. */
private static final int OPEN_DB = 0, CREATE_DB = 1;
* Set the Mode (CREATE_DB = 1, OPEN_DB = 0).
* @param m
* the m
protected synchronized void setDatabaseMode(final int m) {
if (m == OPEN_DB || m == CREATE_DB)
mode = m;
* Gets the manager.
* @return the manager
protected synchronized XmlManager getManager() {
return mgr_;
* Gets the opened container.
* @return the opened container
protected synchronized XmlContainer getOpenedContainer() {
return openedContainer;
* Gets the new container.
* @return the new container
protected synchronized XmlContainer getNewContainer() {
return newContainer;
* Initialize database environment.
* @throws Exception
* the exception
protected synchronized void doDatabaseSetup(String container)
throws Exception {
switch (mode) {
case OPEN_DB:
// check database home dir exist
if (!(isPathToDbExist(new File(DataConstants.DB_HOME)))) {
WriteLog.logMessagesToFile(DataConstants.DB_FILE_MISSING);
cleanup();
throw new IOException(DataConstants.DB_FILE_MISSING);
} else {
// Configure database environment
configureDatabaseEnv();
// Configuration settings for an XmlContainer instance
XmlContainerConfig config = new XmlContainerConfig();
// DB shd open within a transaction
config.setTransactional(true);
// Opens a container, returning a handle to an XmlContainer obj
openedContainer = getManager().openContainer(container, config);
break;
case CREATE_DB:
// Set environment home
setDatabaseHome();
// Validate database home dir exist
if (isPathToDbExist(new File(DataConstants.DB_HOME))) {
// Configure database environment
configureDatabaseEnv();
// Configuration settings for an XmlContainer instance
XmlContainerConfig config = new XmlContainerConfig();
// Sets whether documents are validated
config.setAllowValidation(true);
// DB shd open within a transaction
config.setTransactional(true);
// The database container path
File file = new File(path2DbEnv_, container);
// Creates a container, returning a handle to
// an XmlContainer object
newContainer = getManager().createContainer(file.getPath(),
config);
newContainer.setAutoIndexing(true);
break;
default:
throw new IllegalStateException("mode value (" + mode
+ ") is invalid");
* Validate path2 db env.
* @param path2DbEnv
* the path2 db env
* @return true, if checks if is path to db env
private synchronized boolean isPathToDbExist(final File path2DbEnv) {
boolean returnValue = false;
if (!(path2DbEnv.isDirectory() || path2DbEnv.exists())) {
throw new IllegalArgumentException(DataConstants.DIR_ERROR
+ path2DbEnv.getAbsolutePath()
+ DataConstants.DOES_NOT_EXIST);
} else {
path2DbEnv_ = path2DbEnv;
// Test whether db home exist when mode is 0
if (path2DbEnv_.exists() && mode == OPEN_DB) {
// Test whether all db files exist
returnValue = true;
} else {
// Test whether db home exist when mode is 1
if (path2DbEnv_.exists() && mode == CREATE_DB) {
returnValue = true;
return returnValue;
* Set database environment home.
* @throws IOException
* Signals that an I/O exception has occurred.
private synchronized void setDatabaseHome() throws IOException {
// The base dir
File homeDir = new File(DataConstants.DB_HOME);
// If db home delete fails, throw io exception
if (!GlobalUtil.deleteDir(homeDir) && homeDir.exists()) {
WriteLog.logMessagesToFile(DataConstants.ERROR_MSG);
throw new IOException(DataConstants.ERROR_MSG);
} else {
// If delete is successful, recreate db home
final boolean success = homeDir.mkdir();
// if home dir creation is successful
if (success) {
// Construct file object
File logDir = new File(homeDir, DataConstants.LOG_DIR);
// File dbHome = new File(homeDir, DataConstants.DB_DIR);
// Create log file
boolean logCreated = logDir.mkdir();
// Create db home
// boolean dbHomeCreated = dbHome.mkdir();
if (logCreated) {
WriteLog.logMessagesToFile(homeDir.getAbsolutePath()
+ " successfully created");
} else {
WriteLog.logMessagesToFile(homeDir.getAbsolutePath()
+ " failed to create");
* Sets environment configuration and it's handlers.
* @throws Exception
* the exception
private synchronized void configureDatabaseEnv() throws Exception {
// Construct a new log file object
File logDir = new File(path2DbEnv_, DataConstants.LOG_DIR);
// The environment config
EnvironmentConfig envc = new EnvironmentConfig();
// estimate how much space to allocate
// for various lock-table data structures
envc.setMaxLockers(10000);
// estimate how much space to allocate
// for various lock-table data structures
envc.setMaxLocks(10000);
// estimate how much space to allocate
// for various lock-table data structures
envc.setMaxLockObjects(10000);
// automatically remove log files
// that are no longer needed.
envc.setLogAutoRemove(true);
// If environment does not exist create it
envc.setAllowCreate(true);
// For multiple threads or processes that are concurrently reading and
// writing to berkeley db xml
envc.setInitializeLocking(true);
// This is used for database recovery from application or system
// failures.
envc.setInitializeLogging(true);
// Provides an in-memory cache that can be shared by all threads and
// processes
envc.setInitializeCache(true);
// Provides atomicity for multiple database access operations.
envc.setTransactional(true);
// location of logging files.
envc.setLogDirectory(logDir);
// set the size of the shared memory buffer pool
envc.setCacheSize(500 * 1024 * 1024);
// turn on the mutexes
envc.setMaxMutexes(500000);
// show error messages by BDB XML library
envc.setErrorStream(System.err);
// File db_home = new File(path2DbEnv_, "db");
// Create a database environment
dbEnv_ = new Environment(path2DbEnv_, envc);
// Configure an XmlManager instance via its constructors
XmlManagerConfig mgrConf = new XmlManagerConfig();
mgrConf.setAllowExternalAccess(true);
mgrConf.setAllowAutoOpen(true);
// Create xml manager object
mgr_ = new XmlManager(dbEnv_, mgrConf);
mgr_.setDefaultContainerType(XmlContainer.NodeContainer);
* This method is used to close the database environment freeing any
* allocated resources that may have been held by it's handlers and closing
* any underlying subsystems.
* @throws DatabaseException
* the database exception
protected synchronized void cleanup() throws DatabaseException {
if (path2DbEnv_ != null) {
path2DbEnv_ = null;
if (newContainer != null) {
newContainer.delete();
newContainer = null;
if (openedContainer != null) {
openedContainer.delete();
openedContainer = null;
if (mgr_ != null) {
mgr_.delete();
mgr_ = null;
if (dbEnv_ != null) {
dbEnv_.close();
dbEnv_ = null;
// This is the keyword search class...
public final class XmlContentByKeywords extends DatabaseEnvironment {
public synchronized Document getDocumentContentByKeywords(String keywords)
throws Exception {
// Encapsulates the results of a query that has been executed.
XmlResults results = null;
// The manager
XmlManager manager = null;
// Run the logic
if (keywords != null) {
try {
// Flag to open db
final int OPEN_DB = 0;
// The keywords content
Document keywordsContent = null;
// Open db connection
try {
// Get database instance
setDatabaseMode(OPEN_DB);
// Open this container in db environment
doDatabaseSetup(DataConstants.CONTAINER);
} catch (Exception ex) {
// Create error node with error message
keywordsContent = Wrapper.createErrorDocument(ex
.getMessage());
// Return the error node doc
return keywordsContent;
// Manager instance
// final XmlManager manager = getManager();
manager = getManager();
// Transaction instance
// final XmlTransaction txn_ = getTxn();
// The map
Map<String, Document> map = null;
// The temp map
Map<String, Document> tempMap = null;
// Return the query results
results = XQueryUtil.getQueryResultsByKeywords(keywords, manager);
// use results here...
// close results when done
results.delete();
results = null;
manager.delete();
manager = null;
} -
Signed Applets And IE Security
Hi, all!
I have a signed applet (x.509) run in IE with plug-in 1.4.0b92. In most cases the behavior is as it is expected - a window prompting user to deny, allow or always alow the certificate in the applet appears. But there are some cases when this window doesn't appear and the users are able to run the applet. No certificates are previously installed or granted(at least there aren't any items in Certificates tab or in .keystore file in user home).
Does anybody could say what is the normal behavior of the plug-in - does it always prompt the user when a signed content is run; does it depend on Security setting in the browser?
Thanks in advance for any help or further information!
Regards, Ivo KolevHi,
Do you clear you Plug-in Cache explicity ?
May be sometimes your IE uses the plug in to restore the applet from the cache.
But I remember having observed the same problem when I used a signed applet. The dialog box appears 'mostly always' but sometimes it just doesnt :)
if you are able to resolve the problem...let me know -
Worried about Heartbleed bug. Getting "Add Security Exception" when sending e-mail. How can I verify this change is accurate?
Normally Firefox talks directly to the mail server, but there are a few reasons that an intermediate program or server might intercept your mail session. Not all of these are good reasons.
Some security suites include a filtering feature. In order to filter secure connections (HTTPS URLs), the security software presents a fake certificate to Firefox so it can intercept and stand in the middle of the secure connection. To have Firefox trust these certificates, you may need to do something such as import a root certificate, or click something in your security software's settings.
But... many users are finding that rogue software they didn't realize they had installed is the culprit.
When you are offered the option to add a security exception, does Thunderbird let you view the problem certificate? For example, in Firefox, you can click the Add Exception button in the error page, then in the dialog click View Certificate or Get Certificate to see the Issued by section. You do not need to finish adding an exception.
We want to get to the "Issued by" section of the certificate, as this often points to the source of the problem.
The kind of issuer you might find is:
* Name associated with your security software, such as ESET, BitDefender, etc.
* Sendori (indicates unwanted software from Sendori)
* FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard)
* Something else
What do you see? -
Applet is null - security exception in servlet
I have searched this forum and others in trying to resolve this issue with no luck. I just upgraded my servlet app to use the 9.0.1.4 JDBC drivers (by downloading the classes12.zip) from a previous version in Websphere Application Developer 5.1. I used the same connection string as in the older Oracle JDBC drivers (which worked) and keep getting the messages "Applet is null, cannot report" and "Exception: java.lang.SecurityException: not allowed to connect to server". I think the applet error is that the error handling in the JDBC drivers is trying to launch an applet, but I am not sure why I am getting the security error. Has anyone experienced this?
You may need to make changes in your JDK's java.policy file. It is expecting 'checkPermission with the PropertyPermission("*", "read,write") permission.'
Try by adding,
permission java.util.PropertyPermission "*", "read,write";
to your java.policy file.
Sudha -
I am writing an applet at the moment, it involves the applet using the clipboard therefore for this to be allowed the applet needs signing. I don't want to pay for this facility as the applet will be none profit making. I believe you can sign your own applets for free. Can anyone give me some more information on this. Cheers, Dave.
You can create a test certificate, which is signed only by yourself and which will bring up a lot of warnings when someone runs it.
-
Signed applet still shows:"warning:applet window"
I have signed a cab file for use with IE.
But it always shows the message "warning:applet window" in the status bar.
Am I missing something?
Should not be signing enough to eliminate this message??
regards
-SMicrosoft has a Knowledge Base article on this. Try this link:
http://support.microsoft.com/support/kb/articles/q169/8/08.asp
HTH,
Carl Rapson -
I have spent hours reading over the Signed Applets forum and Sun applet security training pages. There seems to be so much confusion in this area that the use and proliferation of Java Applets must be suffering.
As the usual underfunded developer, I am not able to buy a certificate before proving the concept. Therefore, I am relegated to using self signed applets to demonstrate the use of signed applets and the power they have. This would also be the case for students of Java applets, of which I am also one.
I have tried the sample applets in the Sun security training. They in fact write the file to my system, but they also display a security error as well.
The Sun training indicates that I should be using a policy file with the security and that when my applet is run by another user, that user must also manually update their policy file, using keytool, before running the applet. If this is true, I see no use for Java Applets that work outside of the sandbox confines. There must be a better way to use applets that require security.
I have also read Irene's 10 steps and numerous comments about them. They seem to work fine until I get to step 10. If I am using a self signed applet, why should the user of the applet have to click on a HREF to load the certificate into the keystore? Why shouldn't the user be prompted to trust the self signed certificate, just like a certificate obtained from a CA?
I have tried to develop a batch file (Windows NT 4.0) to illustrate the signing process, but I have been unsuccessful. I have listed the output from it below followed by the batch file itself. Would someone please indicate what would make this batch file work? If possible, I would like it to work for both IE 5.5 and Netscape 4.06; especially ie 5.5.
My environment consists of:
NT 4.0 (SP6)
IE 5.5 (SP1)
JRUN 3.1
JRE 1.3.1_01
JDK 1.3.1_01
javac writeFile.java
keytool -delete -alias writefile
Enter keystore password: password
keytool -genkey -alias writefile
Enter keystore password: password
What is your first and last name?
[Unknown]: Robert Klawuhn
What is the name of your organizational unit?
[Unknown]: mygroup
What is the name of your organization?
[Unknown]: mycompany
What is the name of your City or Locality?
[Unknown]: mycity
What is the name of your State or Province?
[Unknown]: mystate
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=Robert Klawuhn, OU=mygroup, O=mycompany, L=mycity, ST=mystate, C=US> correct?
[no]: yes
Enter key password for <writefile>
(RETURN if same as keystore password): password
keytool -selfcert -alias writefile
Enter keystore password: password
keytool -list -alias writefile
Enter keystore password: password
writefile, Wed Dec 19 10:41:35 PST 2001, keyEntry,
Certificate fingerprint (MD5): 90:4D:63:0E:9E:56:CF:7F:93:2B:92:EE:AA:2B:87:E3
jar cvf writefile.jar writeFile.class
added manifest
adding: writeFile.class(in = 1678) (out= 940)(deflated 43%)
jar tvf writefile.jar
0 Wed Dec 19 10:41:58 PST 2001 META-INF/
71 Wed Dec 19 10:41:58 PST 2001 META-INF/MANIFEST.MF
1678 Wed Dec 19 10:40:46 PST 2001 writeFile.class
jarsigner writefile.jar writefile
Enter Passphrase for keystore: password
jarsigner -verify -verbose -certs writefile.jar
139 Wed Dec 19 10:42:02 PST 2001 META-INF/MANIFEST.MF
192 Wed Dec 19 10:42:08 PST 2001 META-INF/WRITEFIL.SF
1098 Wed Dec 19 10:42:08 PST 2001 META-INF/WRITEFIL.DSA
0 Wed Dec 19 10:41:58 PST 2001 META-INF/
smk 1678 Wed Dec 19 10:40:46 PST 2001 writeFile.class
X.509, CN=Robert Klawuhn, OU=mygroup, O=mycompany, L=mycity, ST=mystate, C=US (writefile)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
An error appears:
java.security.cert.CertificateException: Unable to verify the certificate with root CA
@ECHO OFF
REM Doit.bat
REM
REM This batch file leads the user through the creating
REM and signing of an applet class and how it is accessed
REM from a browser. The applet creates the file: C:\tmpfoo.
REM
REM The JRE 1.3.1 plug-in should be installed. See the
REM control panel for an icon leading to the plug-in.
REM
REM This demo is for JRE 1.3.1_01, NT 4 (SP6), HTMLConverter
REM 1.3, and IE 5.5.
REM
REM Run the HTMLConverter 1.3 against the following HTML
REM file to generate the converted HTML that will support
REM both Netscape and IE. Get the converter from Sun.
REM
REM <html>
REM <head>
REM <title> Java Security Example: Writing Files</title>
REM </head>
REM <body>
REM Hi there. There is a signed applet following...
REM <hr>
REM <applet code=writeFile.class archive="/writefile.jar" width=500 height=50>
REM </applet>
REM <hr>
REM </body>
REM </html>
REM
REM The following is the code for the applet.
REM
REM import java.awt.*;
REM import java.io.*;
REM import java.lang.*;
REM import java.applet.*;
REM
REM public class writeFile extends Applet {
REM String myFile = "/tmp/foo";
REM File f = new File(myFile);
REM DataOutputStream dos;
REM
REM public void init() {
REM
REM String osname = System.getProperty("os.name");
REM if (osname.indexOf("Windows") != -1) {
REM myFile="C:" + File.separator + "tmpfoo";
REM }
REM }
REM
REM public void paint(Graphics g) {
REM try {
REM dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
REM dos.writeChars("Cats can hypnotize you when you least expect it\n");
REM dos.flush();
REM g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at REM it!", 10, 10);
REM } catch (SecurityException e) {
REM g.drawString("writeFile: caught security exception", 10, 10);
REM } catch (IOException ioe) {
REM g.drawString("writeFile: caught i/o exception", 10, 10);
REM }
REM }
REM }
REM
@ECHO javac writeFile.java
javac writeFile.java
REM Generate a selfsigned certificate and put it into
REM the keystore.
REM
REM password = password
REM first and last name = Robert Klawuhn
REM org unit = COMPASS
REM org = Applied Materials
REM city = Santa Clara
REM state = California
REM country = US
REM The -selfcert option may not be necessary the first
REM time this is run
@ECHO keytool -delete -alias writefile
keytool -delete -alias writefile
@ECHO keytool -genkey -alias writefile
keytool -genkey -alias writefile
@ECHO keytool -selfcert -alias writefile
keytool -selfcert -alias writefile
REM
REM Export the key that was just created into a .crt file.
REM This is then sent to a CA to obtain a 'real' certificate
REM which is then imported into the keystore. These are
REM commented because I am trying to use a self-issued key.
REM
REM keytool -certreq -alias writefile -file writefile.crt
REM keytool -import -alias writefile -file writefile.crt
@ECHO keytool -list -alias writefile
keytool -list -alias writefile
REM Jar the applet
REM
@ECHO jar cvf writefile.jar writeFile.class
jar cvf writefile.jar writeFile.class
REM Verify the jar
REM
@ECHO jar tvf writefile.jar
jar tvf writefile.jar
REM Sign the jar
REM
REM passphrase = password
@ECHO jarsigner writefile.jar writefile
jarsigner writefile.jar writefile
REM Verify the signed jar file
REM
@ECHO jarsigner -verify -verbose -certs writefile.jar
jarsigner -verify -verbose -certs writefile.jar
REM The next statements assume that the applet will be
REM obtained from Macromedia's JRun default server.
REM
copy writefile.crt %JRUN_HOME%\servers\default\default-app\.
copy writefile.jar %JRUN_HOME%\servers\default\default-app\.
copy writefile.html %JRUN_HOME%\servers\default\default-app\.
"C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE" "http://localhost:8100/writefile.html"I believe I finally found my problem. If I use JRun as a web server and put the applet on the default server within JRun, I am only able to run the applet from a different client. It doesn't seem to load right on the same system as JRun.
This may be due to other software I have running on my JRun server system, but it finally works.
For those that are still having problems with self-signing applets, here is a batch file, that I am using, that works for me.
@ECHO OFF
REM Doit.bat
REM
REM This batch file leads the user through the creating
REM and signing of an applet class and how it is accessed
REM from a browser. When the Publish button is pressed
REM the selected file is copied to C:\TEMP\BOBK_copy.txt.
REM
REM The JRE 1.3.1 plug-in will be installed on the client.
REM See the control panel for an icon leading to the plug-in.
REM
REM This demo is for JRE 1.3.1_01, HTMLConverter
REM 1.3, and IE 5.5.
REM
REM Run the HTMLConverter 1.3 against the following HTML
REM file to generate the converted HTML that will support
REM both Netscape and IE. Get the converter from Sun.
REM
REM <html>
REM <head>
REM <title> Java Security Example</title>
REM </head>
REM <body>
REM Hi there. There is a signed applet following...
REM <hr>
REM <applet code=FilePrompt.class archive="/fileprompt.jar" width=800 height=500>
REM </applet>
REM <hr>
REM </body>
REM </html>
REM
REM This applet can be executed by starting the default server in JRun and then
REM then entering the following for the IE URL: http://K011614:8100/FilePrompt.html
REM This assumes that JRun is installed and running on K011614.
REM
REM The first time the applet is executed, the 1.3.1_02 JRE is loaded if allowed.
REM The main problem here is the JRE is about 5.3MB and takes a while.
REM
REM For some reason, running IE and pointing it to the applet on the same system that
REM JRun is executing, doesn't work. You have to run it from another client that
REM references the applet.
REM
@ECHO keytool -delete -alias fileprompt
keytool -delete -alias fileprompt
@ECHO keytool -genkey -alias fileprompt
keytool -genkey -alias fileprompt
@ECHO keytool -selfcert -alias fileprompt
keytool -selfcert -alias fileprompt
@ECHO keytool -export -alias fileprompt -file fileprompt.crt
keytool -export -alias fileprompt -file fileprompt.crt
@ECHO keytool -list -alias fileprompt
keytool -list -alias fileprompt
@ECHO jar cvf fileprompt.jar *.class
jar cvf fileprompt.jar *.class
@ECHO jar tvf fileprompt.jar
jar tvf fileprompt.jar
@ECHO jarsigner fileprompt.jar fileprompt
jarsigner fileprompt.jar fileprompt
@ECHO jarsigner -verify -verbose -certs fileprompt.jar
jarsigner -verify -verbose -certs fileprompt.jar
copy fileprompt.jar %JRUN_HOME%\servers\default\default-app\.
copy FilePrompt.html %JRUN_HOME%\servers\default\default-app\.
REM The following doesn't seem to work when executed on the same
REM system as the JRun server. Access the applet from another client.
REM "C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE" "http://localhost:8100/FilePrompt.html"
pause
Maybe you are looking for
-
Assigning a specific value to the sapscript counter variable
Hi all, I am trying to use the sapscript counter variable in my sapscript but encounter the following warning. My code looks like the following: /: DEFINE &SAPSCRIPT-COUNTER_0& = 0 The new counter value is &SAPSCRIPT-COUNTER_0(+)& The warning i get w
-
M5000 and Qlogic QLE4062C issues
I am having a problem getting one M5000 server to recognize the Qlogic iSCSI HBAs in PCI slots 3, 4, and 5. We have 2 M5000 servers and one of them is working fine, but the other does not present to Solaris the HBAs. I have done a reconfiguration reb
-
One of my spreadsheets in numbers says it cannot be opened. I am new to numbers so I have not saved anything on iWork or MobileMe but I understood that numbers automatically saves your work as you go. Where can I find that backup? Every other spreads
-
Iphone 3g 16gb not showing up in itunes... any ideas?
A friend gave me his old iphone and I moved put my sim card in. When I connected it to my computer the screen illustrates that I need to connect to itunes... but there is no "devices" showing up in the left column of itunes... I tried restarting, upd
-
Earthlink Total Access Preferences conflict/error message with Mac 10.4
I'm running 10.4.11 and have had Earthlink for about a year now. I have the latest edition of Earthlink for Mac installed from disc. Everything is fine and my connection (unfortunately, dial-up) works great. However, I have never been able to use the