Signed and unsigned applet
Hi all,
I want to create an applet that is firstly loaded as a normal (i.e., unsigned) applet. The user can use several features of the applet without seeing a security warning dialog. But when the user uses a certain feature of an applet (such as saving the data to his computer), there will be a security warning dialog that asked the user to allow the (same) applet to access the local harddrive. If the user allows, the applet will be switch to signed mode without having to reload.
In short, is there a way to switch between an unsigned applet to a sign applet without reloading the applet?
Thank you,
vaxim
It is possible if and only if your using different applets. In the same applet there is no possibility of switching signed and unsigned. But I think you can do this by specifying the certificate name.
Similar Messages
-
Using server 3.2.2, and most clients updated to 10.10.
I have created profiles for each user and these get pushed to their computer.
If the profile gets pushed by Server to the machine, it shows as unsigned in the Profile pane of Systems Preferences.
If I sign into Profiles Manager as admin and download the user profile to then send it through email or put it on a share accessible to the client, that profile will show up as signed on the client machine.
If a signed Profile is installed, and that I make a change to a profile, the profiles gets punched by Server, and is installed as a new unsigned profile. The existing signed profile is left unchanged.
Any hints would be welcome. I would like profiles to be signed. In Server app, the checks Sign Configuration profile is checked.
Thanks.It is possible if and only if your using different applets. In the same applet there is no possibility of switching signed and unsigned. But I think you can do this by specifying the certificate name.
-
RSL - what to use Signed or Unsigned ??
Hi , Please help in implementing RSL to our Application . As per the docs it mentions that
Signed RSL will be avialble inside the Player cache , and
Unsigned framework RSLs are cached in the browser cache .
What does this mean ?? Ours ia product based Application .Ours is a intranet web based Application used within the organization . Please suggest me what RSL would be suitable for our Application ?? Thanks in advance .Signed RSLs are preferred to unsigned RSLs but only Adobe can create signed RSLs. In the SDK "frameworks\rsls" directory there are both signed and unsigned RSLs. The signed RSLs are optimized for production use. The unsigned RSLs in the Flex 4 SDK contain debug information and are meant for debugging only.
-Darrell -
Remembering username and password in an unsigned applet...
Does anyone have any ideas how my unsigned applet could remember the username and password entered by a user?
Previously, I was using a signed applet so could store the username and password in a persistent text file, but now I need to provide an unsigned applet solution - so does anyone have any suggestions for how my applet could remember and recall the username and password?
Many thanks,
JamesTake global variable and store pass and user name in it .
or getParameter() and setParameter() u can set parameter define in html file as global . so multiple applet in same webpage can access this pass and user name -
I have spent hours reading over the Signed Applets forum and Sun applet security training pages. There seems to be so much confusion in this area that the use and proliferation of Java Applets must be suffering.
As the usual underfunded developer, I am not able to buy a certificate before proving the concept. Therefore, I am relegated to using self signed applets to demonstrate the use of signed applets and the power they have. This would also be the case for students of Java applets, of which I am also one.
I have tried the sample applets in the Sun security training. They in fact write the file to my system, but they also display a security error as well.
The Sun training indicates that I should be using a policy file with the security and that when my applet is run by another user, that user must also manually update their policy file, using keytool, before running the applet. If this is true, I see no use for Java Applets that work outside of the sandbox confines. There must be a better way to use applets that require security.
I have also read Irene's 10 steps and numerous comments about them. They seem to work fine until I get to step 10. If I am using a self signed applet, why should the user of the applet have to click on a HREF to load the certificate into the keystore? Why shouldn't the user be prompted to trust the self signed certificate, just like a certificate obtained from a CA?
I have tried to develop a batch file (Windows NT 4.0) to illustrate the signing process, but I have been unsuccessful. I have listed the output from it below followed by the batch file itself. Would someone please indicate what would make this batch file work? If possible, I would like it to work for both IE 5.5 and Netscape 4.06; especially ie 5.5.
My environment consists of:
NT 4.0 (SP6)
IE 5.5 (SP1)
JRUN 3.1
JRE 1.3.1_01
JDK 1.3.1_01
javac writeFile.java
keytool -delete -alias writefile
Enter keystore password: password
keytool -genkey -alias writefile
Enter keystore password: password
What is your first and last name?
[Unknown]: Robert Klawuhn
What is the name of your organizational unit?
[Unknown]: mygroup
What is the name of your organization?
[Unknown]: mycompany
What is the name of your City or Locality?
[Unknown]: mycity
What is the name of your State or Province?
[Unknown]: mystate
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=Robert Klawuhn, OU=mygroup, O=mycompany, L=mycity, ST=mystate, C=US> correct?
[no]: yes
Enter key password for <writefile>
(RETURN if same as keystore password): password
keytool -selfcert -alias writefile
Enter keystore password: password
keytool -list -alias writefile
Enter keystore password: password
writefile, Wed Dec 19 10:41:35 PST 2001, keyEntry,
Certificate fingerprint (MD5): 90:4D:63:0E:9E:56:CF:7F:93:2B:92:EE:AA:2B:87:E3
jar cvf writefile.jar writeFile.class
added manifest
adding: writeFile.class(in = 1678) (out= 940)(deflated 43%)
jar tvf writefile.jar
0 Wed Dec 19 10:41:58 PST 2001 META-INF/
71 Wed Dec 19 10:41:58 PST 2001 META-INF/MANIFEST.MF
1678 Wed Dec 19 10:40:46 PST 2001 writeFile.class
jarsigner writefile.jar writefile
Enter Passphrase for keystore: password
jarsigner -verify -verbose -certs writefile.jar
139 Wed Dec 19 10:42:02 PST 2001 META-INF/MANIFEST.MF
192 Wed Dec 19 10:42:08 PST 2001 META-INF/WRITEFIL.SF
1098 Wed Dec 19 10:42:08 PST 2001 META-INF/WRITEFIL.DSA
0 Wed Dec 19 10:41:58 PST 2001 META-INF/
smk 1678 Wed Dec 19 10:40:46 PST 2001 writeFile.class
X.509, CN=Robert Klawuhn, OU=mygroup, O=mycompany, L=mycity, ST=mystate, C=US (writefile)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
An error appears:
java.security.cert.CertificateException: Unable to verify the certificate with root CA
@ECHO OFF
REM Doit.bat
REM
REM This batch file leads the user through the creating
REM and signing of an applet class and how it is accessed
REM from a browser. The applet creates the file: C:\tmpfoo.
REM
REM The JRE 1.3.1 plug-in should be installed. See the
REM control panel for an icon leading to the plug-in.
REM
REM This demo is for JRE 1.3.1_01, NT 4 (SP6), HTMLConverter
REM 1.3, and IE 5.5.
REM
REM Run the HTMLConverter 1.3 against the following HTML
REM file to generate the converted HTML that will support
REM both Netscape and IE. Get the converter from Sun.
REM
REM <html>
REM <head>
REM <title> Java Security Example: Writing Files</title>
REM </head>
REM <body>
REM Hi there. There is a signed applet following...
REM <hr>
REM <applet code=writeFile.class archive="/writefile.jar" width=500 height=50>
REM </applet>
REM <hr>
REM </body>
REM </html>
REM
REM The following is the code for the applet.
REM
REM import java.awt.*;
REM import java.io.*;
REM import java.lang.*;
REM import java.applet.*;
REM
REM public class writeFile extends Applet {
REM String myFile = "/tmp/foo";
REM File f = new File(myFile);
REM DataOutputStream dos;
REM
REM public void init() {
REM
REM String osname = System.getProperty("os.name");
REM if (osname.indexOf("Windows") != -1) {
REM myFile="C:" + File.separator + "tmpfoo";
REM }
REM }
REM
REM public void paint(Graphics g) {
REM try {
REM dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
REM dos.writeChars("Cats can hypnotize you when you least expect it\n");
REM dos.flush();
REM g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at REM it!", 10, 10);
REM } catch (SecurityException e) {
REM g.drawString("writeFile: caught security exception", 10, 10);
REM } catch (IOException ioe) {
REM g.drawString("writeFile: caught i/o exception", 10, 10);
REM }
REM }
REM }
REM
@ECHO javac writeFile.java
javac writeFile.java
REM Generate a selfsigned certificate and put it into
REM the keystore.
REM
REM password = password
REM first and last name = Robert Klawuhn
REM org unit = COMPASS
REM org = Applied Materials
REM city = Santa Clara
REM state = California
REM country = US
REM The -selfcert option may not be necessary the first
REM time this is run
@ECHO keytool -delete -alias writefile
keytool -delete -alias writefile
@ECHO keytool -genkey -alias writefile
keytool -genkey -alias writefile
@ECHO keytool -selfcert -alias writefile
keytool -selfcert -alias writefile
REM
REM Export the key that was just created into a .crt file.
REM This is then sent to a CA to obtain a 'real' certificate
REM which is then imported into the keystore. These are
REM commented because I am trying to use a self-issued key.
REM
REM keytool -certreq -alias writefile -file writefile.crt
REM keytool -import -alias writefile -file writefile.crt
@ECHO keytool -list -alias writefile
keytool -list -alias writefile
REM Jar the applet
REM
@ECHO jar cvf writefile.jar writeFile.class
jar cvf writefile.jar writeFile.class
REM Verify the jar
REM
@ECHO jar tvf writefile.jar
jar tvf writefile.jar
REM Sign the jar
REM
REM passphrase = password
@ECHO jarsigner writefile.jar writefile
jarsigner writefile.jar writefile
REM Verify the signed jar file
REM
@ECHO jarsigner -verify -verbose -certs writefile.jar
jarsigner -verify -verbose -certs writefile.jar
REM The next statements assume that the applet will be
REM obtained from Macromedia's JRun default server.
REM
copy writefile.crt %JRUN_HOME%\servers\default\default-app\.
copy writefile.jar %JRUN_HOME%\servers\default\default-app\.
copy writefile.html %JRUN_HOME%\servers\default\default-app\.
"C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE" "http://localhost:8100/writefile.html"I believe I finally found my problem. If I use JRun as a web server and put the applet on the default server within JRun, I am only able to run the applet from a different client. It doesn't seem to load right on the same system as JRun.
This may be due to other software I have running on my JRun server system, but it finally works.
For those that are still having problems with self-signing applets, here is a batch file, that I am using, that works for me.
@ECHO OFF
REM Doit.bat
REM
REM This batch file leads the user through the creating
REM and signing of an applet class and how it is accessed
REM from a browser. When the Publish button is pressed
REM the selected file is copied to C:\TEMP\BOBK_copy.txt.
REM
REM The JRE 1.3.1 plug-in will be installed on the client.
REM See the control panel for an icon leading to the plug-in.
REM
REM This demo is for JRE 1.3.1_01, HTMLConverter
REM 1.3, and IE 5.5.
REM
REM Run the HTMLConverter 1.3 against the following HTML
REM file to generate the converted HTML that will support
REM both Netscape and IE. Get the converter from Sun.
REM
REM <html>
REM <head>
REM <title> Java Security Example</title>
REM </head>
REM <body>
REM Hi there. There is a signed applet following...
REM <hr>
REM <applet code=FilePrompt.class archive="/fileprompt.jar" width=800 height=500>
REM </applet>
REM <hr>
REM </body>
REM </html>
REM
REM This applet can be executed by starting the default server in JRun and then
REM then entering the following for the IE URL: http://K011614:8100/FilePrompt.html
REM This assumes that JRun is installed and running on K011614.
REM
REM The first time the applet is executed, the 1.3.1_02 JRE is loaded if allowed.
REM The main problem here is the JRE is about 5.3MB and takes a while.
REM
REM For some reason, running IE and pointing it to the applet on the same system that
REM JRun is executing, doesn't work. You have to run it from another client that
REM references the applet.
REM
@ECHO keytool -delete -alias fileprompt
keytool -delete -alias fileprompt
@ECHO keytool -genkey -alias fileprompt
keytool -genkey -alias fileprompt
@ECHO keytool -selfcert -alias fileprompt
keytool -selfcert -alias fileprompt
@ECHO keytool -export -alias fileprompt -file fileprompt.crt
keytool -export -alias fileprompt -file fileprompt.crt
@ECHO keytool -list -alias fileprompt
keytool -list -alias fileprompt
@ECHO jar cvf fileprompt.jar *.class
jar cvf fileprompt.jar *.class
@ECHO jar tvf fileprompt.jar
jar tvf fileprompt.jar
@ECHO jarsigner fileprompt.jar fileprompt
jarsigner fileprompt.jar fileprompt
@ECHO jarsigner -verify -verbose -certs fileprompt.jar
jarsigner -verify -verbose -certs fileprompt.jar
copy fileprompt.jar %JRUN_HOME%\servers\default\default-app\.
copy FilePrompt.html %JRUN_HOME%\servers\default\default-app\.
REM The following doesn't seem to work when executed on the same
REM system as the JRun server. Access the applet from another client.
REM "C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE" "http://localhost:8100/FilePrompt.html"
pause -
Unsigned applet: some machines can copy to clipboard, others can't
My understanding of Java applet security says that an unsigned applet cannot copy-to or paste-from the system clipboard. However, on at least two systems at my office (but not mine) the user can highlight text in one of our applets, hit Ctrl-C and copy the text to the clipboard. All machines are current vintage, running MS XP and Java 1.4.2. I've checked the java.policy files and they are identical--there are no non-standard permissions in them.
Now my boss is complaining that I told him this couldn't be done without going the signed applet route. Does anybody know what's going on?First of all if you're developing applets for your company (or another one) make sure they
have the jre set up correctly.
Any respectfull IT person within a company has IE security set up so why not the jre as
wel?
Using the default jre installation in your company? Are you allso using the default IE
install or did you not agree with some settings there?
Anyway here is how I think you should set up the jre for your companys people:
I think a good configuration would be a keystore and policy on the company's
Intranet to be used by everyone and if so needed a keystore and policy in the user home
folder to be edited only by admins. Add the 2 keystores to the java.security and the
admins can configure any special privileges to special applets (like IE security zones
but more detailed).
Add the following line to all codebases: "grant { " section in the java.policy/
permission java.lang.RuntimePermission "usePolicy";
Now the user does not have the option of "do you trust" for signed applets. I think this
is a verry good idea because anyone with a jdk can sign their jar.
About someone beeing able to copy and the other one not, I guess you've given the
user too much freedom in changing their settings (the msjvm settings in IE). The
applet is probably not even run with the SUN jre because you are using the Applet tag.
Now I am not even sure if hitting crl + c does anyting with an unsigned applet but I would guess that accessing the clipboard from code should not be possible. -
Browser settings to accept unsigned applets
Hi,
I'm writting an applet that uses a socket, therefore I need to sign my applet to view it into my browser. So every time I change my code I need to resign the applet.
Can I set my browser so I will accept unsigned applet?, this will be a lot easier to test and change the code of the applet.
I'm using a IE6 browser.
Thanks in advance,
PieterYes if you have a JRE installed.
You can edit your java.policy file so that any java applet started on your machine will be given all priviledges.
Obviously for general use(i.e. untrusted applets) this would be quite dangerous.
You can add the following to your java.policy file....
grant{
permission java.security.AllPermission;
}; -
Connecting to a remote servlet from an unsigned applet
My applet connects to a remote servlet (on a different server). I could obviously connect to it fine with a signed applet, but now my applet is no longer signed.
I understand an unsigned applet can access a servlet on the same web server host, but the problem is that the servlet is on a different server...
Is there some simple way I can create a file (html or whatever) on the web server host that can accept requests from the applet and redirect them to the remote servlet?
Cheers,
JamesIf I understand what you're saying, no.
But perhaps you can install the applet on the server that you want to connect to. -
File Access with unsigned Applet through editing the java.policy file
I'am starting to lose my hair on this...
I am trying to get an applet to run so that it can access the file system to move files on my local maschin. Because this applet is only running on my VM i can change the java.policy to avoid the signing of the applet.
first of all, if i wrote in the java.policy file
grant {
permission java.security.AllPermission;
};everything is working perfekt.
But I have not the intention to open the gates for any applet out there, so i want to limit the access to my applet. With every of the following versions I get at best an
java.security.AccessControlException: access denied (java.io.FilePermission...
My Setup
My Java Version: jre1.6.0_02
My applet is located unter the url
http://admin.mydomain.com/applet.jar
In Html i tryed the following different versions of loading the applet - none worked
<applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
<applet codebase="http://admin.mydomain.com" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
<applet name="shortcut" code="start.class" archive="http://admin.mydomain.com/applet.jar" width="0" height="0"></applet>in java.policy i tryed following versions with every html applet load version
grant codeBase "http://admin.x-press.de/-" {
permission java.security.AllPermission;
grant codeBase "http://admin.x-press.de/+" {
permission java.security.AllPermission;
grant codeBase "http://admin.x-press.de/applet.jar" {
permission java.security.AllPermission;
};why is it with
grant {
permission java.security.AllPermission;
};working, and not with the other versions?
i am almost bold now, please try to save my last hair from falling down.
any suggestion would be nice
thanks, feyyaz
Message was edited by:
feyyazdoguI read the mentioned documentation and your right, some of my versions were wrong, but after reading the doumentation again i came to following result which should had worked but didn't.
java.policy
grant codeBase "http://admin.mydomain.com/*" {
permission java.security.AllPermission;
HTML File
<applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" height="0" width="0"></applet>if I am entering http://admin.mydomain.com/applet.jar i can download the jar, so the archive lays in the correct directory.
what i am doing wrong? do i have to change an additional file somewhere else? -
I am learning the Java tools and policy to create some local browser application for personal use. So I signed a jar file with jarsigner, keytool and policytool and still trying to figure out why my browser application cannot read a simple local text file.
My question are
1. Why use java policy tool (policytool.exe)? If I signed a .jar with keytool and jarsigner, do I really need java policytool to write a policy?
2. What is the maximum validity days? 365? or more? Do I need to sign again when validity expire?
3. I don't want any of my local browser application gets to internet but only work with local files (read, write, or execute). how do I do that?
4. how to use java security policy to grant access to the jar applet? where do I place and import the policy file so the hosting web browser and the applet can work?
My java applet is a simple class that read a text line from a local file in the same folder, and pass the result to a calling web browser Javascript.
Currently the result in the web page is the error message below, even though the jar is signed correctly.
access denied (java.io.FilePermission hello.txt read)
Someone please help and enlight the newbie!leoku wrote:
I am learning the Java tools and policy to create some local browser application for personal use.Why would you wrap a mostly useless and unhelpful browser window around a Java app. for 'local' use?
.. So I signed a jar file with jarsigner, keytool and policytool and still trying to figure out why my browser application cannot read a simple local text file.
My question are
1. Why use java policy tool (policytool.exe)? If I signed a .jar with keytool and jarsigner, do I really need java policytool to write a policy?No. In fact, don't stuff around with policy files - they are a path to madness.
2. What is the maximum validity days? 365? or more?Keytool accepts an argument for the number of days to remain valid. I do not believe it has an upper limit, but it might be best to experiment with it and find out for yourself. Please report your findings back.
(2a) Do I need to sign again when validity expire?No, but the end user gets a huge warning that the certificate has expired. Further, if it was a certificate that was certified by a CA, the 'always trust' check box which used to default to true, would now default to false.
3. I don't want any of my local browser application gets to internet but only work with local files (read, write, or execute). how do I do that?I am not sure I understand, but if you only offer a JFileChooser for the applet to access resources, that should restrict it to resources off the local file-system. Of course, that would not restrict the end user from downloading something from the internet to their local disks, then accessing it using the applet.
4. how to use java security policy to grant access to the jar applet? where do I place and import the policy file so the hosting web browser and the applet can work?The only place it will work is in the JRE directories of the end-user's machine. Even if you find a way to install your local policy file, do not go messing with the end-user's policy files.
My java applet is a simple class that read a text line from a local file in the same folder,.. In the 'same folder' as what? (1)
..and pass the result to a calling web browser Javascript. That might be the problem. AFAIR, using JS with trusted applets causes the security to be tightened. Perhaps it could be fixed by calling System.setSecurityManager(null) on applet init(), but I have also seen references to using [AccessController.doPrivileged()|http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html] to wrap the problematic code. I am hazy on the details of how/if that works.
Currently the result in the web page is the error message below, even though the jar is signed correctly.
access denied (java.io.FilePermission hello.txt read)
1) If the answer to my question is what I suspect, there may be better ways to access the resource that are usable even in a sand-boxed app. -
Hi, I have a simple question... �Can an unsigned applet connect to the same IP where it was downloaded but to another port (says 3306)?
Regards,
Neuquinomost probably it couldn't. in order to socket connection established, u have to sign the applet otherwise it fails...
-
Wrtie unsigned char and unsigned int into a binary file
Hi, I need write some data into some specific file format (.ov2) for other applications to read.
Here is the requirement of the data:
First byte: An unsigned char value, always "2" means simple POI entry
Next 4 byte: An unsigned int value,
Next 4 byte: A signed integer value.
Next 4 byte: A signed integer value
then next : A zero-terminated Ascii string
Here is my code:
String name = "name";
byte type = 2;
int size = name.length() + 13 +1; //1+4+4+4 and there is a 0 at last
int a = 1;
int b =2;
ds.writeByte(type); //1 byte, need save it as unsigned char
ds.writeInt(size); //4 //need to be an unsignged int
ds.writeInt(ilont); //4 //signed int
ds.writeInt(ilatt); //4 //signed int
//write zero-terminated ascii string
for(int n=0; n<name.length(); n++){
ds.writeByte(name.charAt(n));
ds.writeByte(0); This code could not get the correct result and I think I must do some sign to unsign conversion, but I don't know how to do it. Any help?
Thanks for you attention.You don't have to do anything special at all. What's in a int or a byte is what you, as a programmer, say it is. Java treats int's as signed but, in fact, with 2's complement arithmatic most operations are exactly the same. Load and store, add and subtract - it makes no difference whether a variable is signed or unsigned. It's only when you convert the number, for example to a wider type or to a string representation that you need to know the difference.
When you read an unsigned byte and you want to widen it to an integer you have to clip the top bytes of the integer e.g.
int len = input.get() & 0xff;This is because, since java sees a byte as signed it will extend the sign bit into the top bytes of the int. "& 0xff" forces them to zero.
Writing it, you don't have to do anything special at all - it will autmatically get clipped. The above is probably the only concesion you'll ever need to make to unsigned binary. (You'd need to do the same thing from unsigned int to long, but this almost never happens).
When I read ov2 files I used a mapped byte buffer, because it allows you to set either big-endian or little-endian and I wasn't sure which ov2 files used. (Sorry, I've forgotten). -
Upgrading to Java 7 u45, and my applet can not be openend
After upgrading to u45, I can not open an applet from HTML page, even on the simplest scenario (described below)
The applet is signed, and the whole scenario used to be working well on u40.
Trying to open this HTML with u45 results with InvocationTargetException run time exception.
Why does this happen? Does anyone knows how to bypass this?
I'm so frustrated. The last few java upgrades required huge amount of work on my behalf. They are so not backward compatible its unbelievable.
The simple version of my HTML looks like this:
<HTML><SCRIPT LANGUAGE="JavaScript1.2" TYPE="text/javascript">
document.writeln("<APPLET CODE='com/PkgDudu/myApplet/AppletInit.class' ARCHIVE='sample.jar' WIDTH=100% HEIGHT=100% BORDER=1>");
document.writeln("</APPLET>");
</SCRIPT></HTML>
my simplified applet code looks like this:
package com.PkgDudu.myApplet;
import java.applet.Applet;
public class AppletInit extends Applet {
public static void main(String[] args) {
System.out.println("Hello");Hello phoebe187,
The following article provides steps for resolving this error and getting iTunes working again.
iTunes for Windows: "Error 7" message when opening iTunes
http://support.apple.com/kb/TS3074
Cheers,
Allen -
Unsigned applet load failure via HTTPS
Java Plug-in 1.5.0_06
MSIE 6.0
Unsigned applet loading via HTTPS failed.
We used a relative URL in an APPLET tag :
<APPLET CODEBASE="/TEST/" ARCHIVE="test.jar" CODE="nl.myorganisation.test">
The plugin does not seem to reuse the browser SSL-session.
It looks like the plugin does not find installed certificates in Explorer stores.
The 2th and 3th connection retry use an erroneous URL.
network: Connecting https://myorganisation.nl/TEST/test.jar with proxy=DIRECT
security: Loading Root CA certificates from <jre-home>\lib\security\cacerts
security: Loaded Root CA certificates from <jre-home>\lib\security\cacerts
security: Loading SSL Root CA certificates from <jre-home>\lib\security\cacerts
security: Loaded SSL Root CA certificates from <jre-home>\lib\security\cacerts
security: Loading Deployment SSL certificates from <user-home>\Data\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from <user-home>\Data\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
network: Connecting https://myorganisation.nl/CGI-BIN/nl/myorganisation/test.class with proxy=DIRECT
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
network: Connecting https://myorganisation.nl/CGI-BIN/nl/myorganisation/test.class with proxy=DIRECT
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
load: class nl.myorganisation.test not found.
Does anybody have any suggestion ?
Thanks and greetings,
MarcFirst, Java plugin don't use browser https connection starting JRE 1.4, for running an applet in https server, the browser need to establish a https connection first, then Java pugin will use another https connection.
Second, Java plugin can read certificate from browser, starting JRE 1.5, you can go to Java control panel, Advanced tab, under security, check on the box:
"Use certificate and keys in browser keystore"
This way the Java plugin will read the certificate from browser too. (It will work automatically in IE browser, if you use Mozilla, you have to install JSS package first).
To answer your question, you can either turn on that option or import https certificate into JRE keystore (using Java control panel) for https connection.
Hope that answered your question.
Dennis -
1.5 allows setStub() by unsigned applets?
I have an applet that is embedded in a JFrame. It worked fine in 1.4 but I just tried j2re-1_5_0-beta2-windows-i586 and get "java.security.AccessControlException: access denied (java.awt.AWTPermission setAppletStub)...
at java.applet.Applet.setStub(Unknown Source)"
Is setStub() not allowed by unsigned applets in 1.5?
ThanksI have the same problem.
Trying to track it down, did you get any feedback from anyone ?
Maybe you are looking for
-
Is there a fix for this other than a new logic board?
every since i installed mavericks my mid 2010 macbook pro keeps crashing, and ive recently noticed that programs that triger it are Photoshop & Acrobat. and when i use Final Cut Pro X it shuts down almost right away. i talked to apple (instore and on
-
Error loading BASIC document. General Error. General input/output error".
Error loading BASIC document. General Error. General input/output error".
-
Dear all, we have a requirement to upload employee images in the custom application we have built. The applicaiton runs under ora apps env. Is there a procedure available in ora apps which we can call to upload images from client hard disk to the DB
-
My download (movie) is taking a really long time... It's been going for 30 minutes and states it has another 16 hours to go. Any suggestions on how to expedite download?
-
Adobe installer claims my Apple ID is incorrect when I try to install the new Flash Player. iMac + OS Mavericks. I have tried it many times. Same ID works on two iPads, iTunes, etc. and on the iMac whenever it is asked for, other than with Flash P