Signed applet action
Hi ,
i am working on Digital signature certificate application. Based on the user action means �yes� or �no� or �always�, I have to navigate to a particular page. How do I know the user action. If you have worked on this type of scenario, please help me.
Hi ,
i am working on Digital signature certificate application. Based on the user action means �yes� or �no� or �always�, I have to navigate to a particular page. How do I know the user action. If you have worked on this type of scenario, please help me.
Similar Messages
-
Change language on the security warning popup when using signed applets
Hi
Today when we use a signed applet the user get a security warning popup box where the langauge is English.
Is it possible to change the language to other that English and if possible how can this be done ?
Thanks in Advance,
Henrik Rasmussen
DenmarkThe Microsoft one is especially annoying because they should know better than to submit from secure to insecure.
Let's say you are currently logged in to a Microsoft account and you click Sign in on MSDN. The site redirects to login.live.com, which recognizes that you are logged in, and generates a page with a hidden form and submits it back to MSDN using a script. This is where the problem is, because the hidden form action URL is not secure, yet it is on a secure page. (See Screen shots)
The workaround (hack, whatever) is to modify the form to a secure address before it is submitted. How can you do that? Since it is impractical to do by hand, you can use an add-on.
In an earlier thread, user thx1200 posted a link to a userscript that fixes this issue on login.live.com. The userscripts''.''org site has seemingly died, but there is a copy on a mirror of that site.
* Earlier thread (long): [https://support.mozilla.org/questions/964250 How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection]
* You need Greasemonkey to run user scripts: https://addons.mozilla.org/firefox/addon/greasemonkey/
* User script install page: [http://userscripts-mirror.org/scripts/show/173384.html Fix security warning for Microsoft Live login] -
Signed applet sometimes throws AccessControlException
Hello,
Apparently I'm not the only one on this forum who's getting AccessControlExceptions in an applet. The strange thing is that I'm not getting them all the time.
I have a signed applet that's requesting files from a server (http) in regular intervals (thread). When the server sends back a file, it's written to the local filesystem. There's also a logging mechanism that's write files to the filesystem. Normally this applet runs continuously for weeks, months, ...
This system has been working fine for years now, until a few months ago. Now I sometimes get an AccessControlException while reading a System.getProperty or while reading file from the filesystem. Usually the applet runs fine for day without access problems and then suddenly I get a AccessControlException: Access denied on an action that wasn't a problem the last 1000 times it performed.
My first thought was that it might be an update of the JVM that was causing it. So I tried downgrading to 1.5, even 1.4 and still got the same problem.
Does any one has an idea what's causing this? I'm pretty much stuck on this problem.
Thanks.
AndyMay be you have updated the .java files which are related to your applet and if u update the .java files, u need to recompile and need to re-sign the applets
or
When you are signing the applet you will tell, how many number of days I think that may be expired...
otherwise no need....
This may be one reason.... Once I faced
May be this will help u -
WebService call from signed applet and MS Vista
Hi.
I'M developing a system that needs to call web services from a signed applet.
I have made the solution like this.
The applet starts by checking that the 12 needed libs is present under the <java home>\lib\ext folder. if not it will download the files automatically and restart the browser.
This works fine in Windows XP because the signed applet gives me read/write access to the whole machine, but in Vista this isn't possible anymore (as i understand it).
My question: Is it possible to put these libs in another folder that the ext lib? I have tried to define the "archive" tag in my Object tag but i get the class not found exception thrown in my face.
If there is a solution to this i would very much like some pointers!
If not what can i do to get access to the <java home>\lib\ext folder under Vista?
Regards
Michael PallesenWhen invokin applet methods via javascript, you are accessing privileged actions from an unsafe source.
Depending on your needs, you could either load the system variables in applet init into class variables and return the information contained in the class variables to javascript or wrap the method calls inside AccessController.doPrivileged() calls. -
NIGHTMARE! Signed Applet - No Access. Please Help.
Hi:
I'm trying to make a signed applet gain access to my directory structure.
I created a simple applet to test with one line:
sErr = System.getProperty("user.dir");
The code is below.
I sign it using the following:
keytool -genkey -keyalg rsa -storepass MyCerts
As you can see I'm using the default keystore but I've tried it by using -keystore MyKeystore too.
It runs me through all the questions which I answer, no problems.
Then I sign it:
jarsigner -signedjar SSignedApplet.jar SignedApplet.jar MyCerts
It asks for the passwords which I enter.
It completes without error and the SSignedApplet.jar file shows up in the directory.
If I open the signed jar file it has all 3 of the files in the META-INF folder and the Manifest file looks right to me.
I upload the jar and the Default.asp file to a Web server (I've tried localhost and a remote host).
I open the page and the pop up comes up asking if I want to trust the unverified applet. I click 'Run'.
Once the applet is 'Started' I click the 'Get Properties' button and I get the error:
access denied (java.util.PropertyPermission user.dir read)
I've tried 2 examples that work fine on my machine (that I didn't write).
The first is by Francois Orsini (Derby Demo) and the other is by Laura MacDougal (successfully wrote a file to my user.dir directory).
No matter what I do, I can't sign an applet and make it access anything.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<script language="JavaScript" type="text/javascript">
<!--
function getProp()
oApplet = document.SampleApplet;
oApplet.getProp();
alert(oApplet.sErr);
// End SCRIPT -->
</script>
</head>
<body bgcolor="#ffffff" style="margin:0px auto;width:800px;padding:0px">
<form name="fmLogin" action="" method="POST">
<table width="650" align="center" cellpadding="0" cellspacing="0">
<tr>
<td>Login</td>
<td><input name="Login"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="Password"></td>
</tr>
<tr>
<td colspan="2"><input type="button" onclick="getProp();" value="Get Property"></td>
</tr>
</table>
</form>
<APPLET CODE="SignedApplet.SampleApplet.class" WIDTH=1 HEIGHT=1 NAME="SampleApplet" ARCHIVE="SSignedApplet.jar"></APPLET>
</body>
</html>
package SignedApplet;
import java.applet.*;
import java.io.*;
import java.util.*;
public class SampleApplet extends java.applet.Applet {
public String sErr = "";
public void init() {
// TODO start asynchronous download of heavy resources
public void getProp()
try
sErr = System.getProperty("user.dir");
catch(Exception exp)
sErr = exp.getMessage();
// TODO overwrite start(), stop() and destroy() methods
}Thank you for reading my reply in your other thread:
http://forum.java.sun.com/thread.jspa?threadID=762212&messageID=4368224#4368224
If you've really run through it you would have known that code called from
javascript is not trusted and you have to use doprivileged (hey its in bold...
why would that be?).
Call getProp from init within the applet and you've got no problem.
As for your imageIcon, creating one with string as a parameter
the string is used as input for a File. I had no problem loading one with a signed applet.
I'll post the example later in your other thread. -
Security Problems with Signed Applet
Hello All,
I need help with signed applets.
I have an applet pkged in a jar that uses other jars. I have signed the jar containing applet and all the other jars being used. However, when I try to run the applet in IE 6.0.xx, I get the following error
java.lang.ExceptionInInitializerError
at aaa.aaa.somemethod(xxx.java:192)
at aaa.aaa.aaa.access$000(xxx.java:27)
at aaa.aaa.aaa.$1.run(xxx.java:467)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
... 3 moreMy application is using Java 1.4.2.xx.
Any help or pointers would be greatly appreciated.
Thanks.Thanks harmmeijer and mjparme for your responses.
I made some changes to my application and it does not now require the system property information. But now I am getting another exception related to class loader.
I made the changes to the console as suggested by harmmeijer, and here is the stack trace. Also, I am not using any JavaScript explicitly.
Registered modality listener
Invoking JS method: document
Invoking JS method: URL
Referencing classloader: sun.plugin.ClassLoaderInfo@e0a386, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...<init>(a.java:39)
at xxx.xxx.b...<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...ToolBus.<init>(a.java:39)
at xxx.xxx.b....<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Modality pushed
Modality poppedmjparme as to your second point, the action is taking place in the same jar only. No other jar is involved at the stage where I am getting exception.
Thankyou again and will appreciate your help.
AC -
Unable to read InputStream in Signed Applet when interacting with ISA proxy
Background info:
We have an applet that we use for incremental refresh of data items.
The applet model works for all but one of our customers
Client info:
VeriSIgn signed applet.
IE 6.0 browser
Java JRE version: 1.5.0_06-b05
OS: Windows XP Version 2002 service pack 2
Problem description:
I am consistently getting a premature EOF exception when trying to read from a BufferedInputStream.
The stack trace, if captured ends up in the ChunkedInputStream reader.
I have tried a variety of request header settings to no avail.
Connection: close
Connection: Keep-Alive
etc...
Any comments are welcome
Thanks for reading and considering
KurtWe are using the HttpURLConnection. If I have to go down the stack to the Socket object, well I guess I have to re event the wheel so to speak.
I have tried both Connection: close and Connection: Keep-Alive. Not at the same time :) but in different intrim releases of test applet.
// Here is the current incarnation of how I am trying to connect.
URL url = new URL(sURL);
trace("attempting to connect to URL: " + sURL, DEBUG);
connection = (HttpURLConnection)url.openConnection();
connection.setDoOutput(true);
connection.setDoInput( true );
connection.setRequestMethod("POST");
connection.setUseCaches( false );
connection.setInstanceFollowRedirects( true );
connection.setAllowUserInteraction( false );
connection.setRequestProperty("Pragma", "no-cache");
connection.setRequestProperty("Expires", "-1");
connection.setRequestProperty("Connection", "Keep-Alive");
connection.connect();
// Now I write our form POST data and flush and close the output stream.
BufferedOutputStream bos = new BufferedOutputStream(connection.getOutputStream());
bos.write(sForm.getBytes());
bos.flush();
bos.close();
// Get the input and read
bis = new BufferedInputStream(connection.getInputStream());
trace( "reading input stream for action: " + sAction );
byte[] responseBuffer = new byte[4096];
int bytesRead = 0;
while( (bytesRead = bis.read( responseBuffer, 0, responseBuffer.length )) != -1 )
sbResponse.append( new String( responseBuffer, 0, bytesRead ));
totalBytesRead += bytesRead;
catch (Throwable e)
e.printStackTrace();
try
m_connections.remove( sAction );
connection.disconnect();
catch ( Throwable t ) {}
finally
if ( bis != null )
try
bis.close();
catch( Throwable t ) {}
With the above code in place what I am now seeing, as opposed to a premature EOF exception, is blocking behavior on the read. -
Loading problem for Signed applet on MAC OS
Hi All
I�m trying to test my application on MAC OS (For versions: 10.2.6 as well as 10.4.x)
For MAC 10.2.6 OS Java version is 1.4.1_01 and
For MAC 10.4.x OS Java version is 1.4.2_07
The code is compiled on Windows machine having Java version 1.4.2_07
There�s a functionality which is calling signed applet (signed JAR for applet) and when this functionality is called, following error encounters:
Java(TM) Plug-in: Version 1.4.1_01
Using JRE version 1.4.1_01 Java HotSpot(TM) Client VM
java.io.IOException: Server returned HTTP response code: 403 for URL: http://myMachineName: port/appName/UploadDownloadAppletJava.jar
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:709)
at sun.plugin.net.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:384)
at sun.plugin.net.protocol.http.HttpUtils.followRedirects(HttpUtils.java:39)
at sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:302)
at sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:128)
at sun.plugin.cache.JarCache.get(JarCache.java:172)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:93)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:78)
at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:580)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:541)
at sun.misc.URLClassPath$3.run(URLClassPath.java:319)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:308)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:285)
at sun.misc.URLClassPath.getResource(URLClassPath.java:155)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
Due to which cannot access Applet class (which is inside UploadDownloadAppletJava.jar) and operation is failed.
(It works perfectly fine on Windows XP with both IE 6 and Firefox browsers).
On MAC I'm testing on FireFox.
Code which calls to applet is:
<applet
name=UploadDownloadApplet
code="UploadDownloadApplet.class"
codebase=/appName/
archive=UploadDownloadAppletJava.jar
width=0 height=0>
<PARAM NAME=cabbase VALUE=UploadDownloadApplet.cab>
<PARAM NAME=action VALUE=<%= action %>>
<PARAM NAME=workingAreaMac VALUE="<%= workingAreaMac %>">
<PARAM NAME=workingAreaPC VALUE="<%= workingAreaPC %>">
<PARAM NAME=processId VALUE=<%= processId %>>
<PARAM NAME=downloadBaseProductInd VALUE=<%= downloadBaseProductInd %>>
<PARAM NAME=initTime VALUE=<%= initTime %>>
<PARAM NAME=httpSessionId VALUE="<%= httpSessionId %>">
<PARAM NAME=userId VALUE="<%= userId %>">
</applet>
Please suggest some guidelinesjava.io.IOException: Server returned HTTP response code: 403 for URL:
http://myMachineName: port/appName/UploadDownloadAppletJava.jar
Have you tried entering the URL into a browser window and see what happens?
Message was edited by:
wangwj -
Self signed Applet - still getting Security Exception...
Hi everyone...
I m new to Java Mail... Nd I m developing a Applet to send mail from my Gmail account, nd I used keytool, jarsigner to Self sign the applet. Nd I wrote a Html page and when calling my applet method using javascript, I m having Security Exception... And I m using Java 1.5 (i.e., J2SE 5)
Here is the sample of my code...
--------- MyMail.java -----------
import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
And all neccessory packages are imported....
public class MyMail extends JApplet
String server = "smtp.gmail.com";
String username;
String password;
String fromAddres="";
String toAddres="";
Other Variable declaration goes here........
Session ses;
Transport tr;
MimeMessage msg;
public void init() //For testing purpose
doLogin("username","password"); //My account details
public void doLogin(String user,String pass)
username = user;
password = pass;
boolean success;
fromAddres = user+"@gmail.com";
toAddres = "[email protected]";
subject = "TEst SubJect";
body = "This is Test Mail";
success = doAuthentication();
if(success)
setHeaders(server,username,password,fromAddres,toAddres,cc,bcc,htmlFormat,subject,body);
sendMail(ses);
doLogout();
public void doLogout()
//Deals with the logout from my account
public boolean doAuthentication()
//Deals with the authentication of my account
// Setting properties, creating a session, getting transport object...
//and returns true if authentication is success, false if not.
public void setHeaders(String server, String username, String password, String fromAddress, String toAddress, String cc, String bcc, boolean htmlFormat, String subject, String body)
//Sets the headers fields for the message (recieved through arguments)
public void sendMail(Session ses)
//Deals with sending mail
class MyPasswordAuthenticator extends Authenticator
//Deals with the authentication of my account
---------- MyMail.html -----------
<html>
<head>
<script language=javascript>
function sendmail()
document.MyMail.doLogin("username","password"); //my account details
</script>
</head>
<body>
<input type=button name=but value=Send mail onclick=sendmail()>
<applet name=MyMail code=MyMail.class
archive=mail.jar,activation.jar,mailplus.jar width=0 height=0>
</applet>
</body>
</html>
And the applet is Self signed using the tools supplied from Java SDK...
it got signed...
And as the applet got loaded when i opend the MyMail.html, as i called the doLogin(..,..) in init() it is sending mail successfully...
The problem is.... As I given the action for my button to send mail (by calling java method from java script i.e., calling doLogin() when the button clicked) I m getting Security Exception
So...anyone plz tell me the solution....
Thnx in advance....
- Kantahttp://www.google.nl/search?hl=nl&q=site%3Asun.com+javascript+signed+applet&btnG=Google+zoeken&meta=
DoPrivileged would solve your problem but I've seen some cases where the
threaded (link mentioned below second post) mothod is the only way it'll work.
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028 -
Hi all,
i signed applet which is trying to modify file tmp.txt on client machine. Is there any opportunity for client to forbid this action for signed applet?
I tried use policy file but i was unlucky. It is ok for unsigned applet but what about signed one?
Thank you for your response.
benkyyou need to install the jre, and place the win32.dll at JavaSoft\JRE\1.3.1_06\bin, that properties file place at JavaSoft\JRE\1.3.1_06\lib, comm.jar at JavaSoft\JRE\1.3.1_06\lib\ext\
and in ur code try to use it to open ur com port
public String test() {
String drivername = "com.sun.comm.Win32Driver";
try
CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
catch (Throwable th)
{* Discard it */}
drivername = "javax.comm.*";
try
CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
catch (Throwable th)
{* Discard it */}
portList = CommPortIdentifier.getPortIdentifiers();
while (portList.hasMoreElements()) {
portId = (CommPortIdentifier) portList.nextElement();
if (portId.getPortType() == CommPortIdentifier.PORT_SERIAL) {
if (portId.getName().equals("COM2")) {
//if (portId.getName().equals("/dev/term/a")) {
try {
serialPort = (SerialPort)
portId.open("SimpleWriteApp", 2000);
} catch (PortInUseException e) {}
try {
outputStream = serialPort.getOutputStream();
} catch (IOException e) {}
try {
serialPort.setSerialPortParams(9600,
SerialPort.DATABITS_8,
SerialPort.STOPBITS_1,
SerialPort.PARITY_NONE);
} catch (UnsupportedCommOperationException e) {}
int i=0;
while(true)
try {
messageString="hi";
System.out.println(i++);
outputStream.write(messageString.getBytes());
} catch (IOException e)
System.out.println(e);
messageString=String.valueOf(e);
return messageString;
and yet u need to signed the applet
1. Compile the applet
2. Create a JAR file
3. Generate Keys
4. Sign the JAR file
5. Export the Public Key Certificate
6. Import the Certificate as a Trusted Certificate
7. Create the policy file
8. Run the applet
Susan
Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
1. Compile the Applet
In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
javac SignedAppletDemo.java
2. Make a JAR File
Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
jar cvf SignedApplet.jar SignedAppletDemo.class
3. Generate Keys
Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
In her working directory, Susan creates a keystore database and generates the keys:
keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
You can view all keytool options and parameters by typing:
keytool -help
4. Sign the JAR File
JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5. Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
5: Export the Public Key Certificate
The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
Ray
Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
6. Import Certificate as a Trusted Certificate
Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
7. Create the Policy File
The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
Ray creates the policy file in his home directory using either policytool or an ASCII editor.
keystore "/home/ray/raystore";
// A sample policy file that lets a JavaTM program
// create newfile in user's home directory
// Satya N Dodda
grant SignedBy "susan"
permission java.security.AllPermission;
8. Run the Applet in Applet Viewer
Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
Html code :
</body>
</html>
<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
width="600" height="400" align="middle"
codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
<PARAM NAME="code" VALUE="SignedAppletDemo.class">
<PARAM NAME="archive" VALUE="SSignedApplet.jar">
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
</OBJECT>
</body>
</html>
appletviewer -J-Djava.security.policy=Write.jp
http://aURL.com/SignedApplet.html
Note: Type everything on one line and put a space after Write.jp
The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
9. Run the Applet in Browser
Download JRE 1.3 from Javasoft
good luck! [email protected]
i already give u many tips, i use 2 weeks to try this to success, hopw that u understand that, a result of success is not important, the process of how to get things done is most usefull! -
Hi all,
I have an application which I deploy with webstart and includes native code. This all works perfectly with webstart. I now want to deploy it as an applet. This works accept for the native code. I have done heaps of searching and cannot determine the most appropriate way to make the native code visible to the applet.
Ultimately I am at the point where i recieve a UnsatisfiedLinkError when calling loadLibrary(...) for the native code. Currently i have the native code (dll's for windows, so's for Solaris etc) in independent jars which are also signed (as needed for webstart).
Could anyone give me some advise or a reference to more info on this topic.
I am using Java 1.5 and am happy to use 1.6 if neccessary.
Thanks,
DaveAndrew - of course you were correct about the signed cert - I misspoke when the CA signed applet didn't show a warning. (You were also right that I must have checked 'always accept' the certificate on the server I had the CA signed cert on).
I think you guys are on to something about the privileged actions. It would explain where one popup has the icon and the other doesn't. We have Javascript making calls into the applet and we do use JNI (although I don't think there are any calls back). We do wrap these calls in privileged actions but maybe we missed something. What I've seen before is a security exception is thrown if we don't wrap them - but maybe there are areas where we don't and it doesn't throw an exception or it does and we eat it somehow (and for whatever reason doesn't cause anything noticeable).
Now that I know it could likely be the applet code and not necessarily a build issue with signing the jars, I have another place to look...
I'll check it out and let you know what I find. -
Signed applet and javascript communication
Hi All,
I have an (jar) signed applet which I use to access system properties (e.g user.home). I also have a javascript code that communicates (call to a public function) with the applet to get the property "user.home" from the applet. Everything works fine in Java plugin 1.3 but since I have installed the latest plugin 1.4.2_01 from http://www.java.com/en/download/windows_automatic.jsp website I can not access the system properties even though everything in the code is same.
I can however still access public functions/variables from the same applet which do not access system properties in the new plugin 1.4.2_01.
The browser I am using is IE and OS is Windows 2000.
Does anybody know if Sun has changed the security policy for 1.4.2_01, in the new plugin for java-javascript communication to block access to functions which uses system property,fileIO, socket etc. even if they are signed applet??
Thanks in advance..When invokin applet methods via javascript, you are accessing privileged actions from an unsafe source.
Depending on your needs, you could either load the system variables in applet init into class variables and return the information contained in the class variables to javascript or wrap the method calls inside AccessController.doPrivileged() calls. -
Signed Applet and no permission
Hi,
we have an applet which writes a file on the local disc. Therefore this applet is signed with a valid verisign certificate. Everything works perfect, as long we use the vm 1.4.2_08. Now we changed the vm to 1.4.2_10 and writing a file is no more possible.
I never used a policy file, because we have a proper signed applet. I found many articles, which all say that if you have a signed applet a modification of security files is not neccessary.
If I modify the java.policy and add these lines:
permission java.awt.AWTPermission "readDisplayPixels";
permission java.awt.AWTPermission "createRobot";
permission java.io.FilePermission "${user.home}/screenshot.jpg", "read,write,delete";
everything works ok. But our applet runs on more than 40.000 clients. I am not willing to modify all clients. There must be another solution.
Any hint is appreciated.
I have checked some more vm. The problem occurs also with the vm 1.4.2_04.
thx thorsti
Message was edited by:
thorsti16Try to use doPrivileged or do the "privileged" action in a thread started
in run.
Is the jre asking the user the "do you trust question"? If not someone might
have switched off trusting signed applets in the java.policy (like a profesional
company where backoffice has a say in what to trust, not the user).
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028 -
Signed Applet--please tell me something about the basics of it
Hi guys .
I am in the process of developing a GUI using an applet.The GUI involves reading a file given as input and parsing it for punctuaion errors.
This applet has to write to a file called "errors.txt" to report about errors.I came to know from a friend that applets do not have access permissions to write files to disk .This feature can be achieved using Signed Applets .If there is anyone who can tell me about the basics of Signed Applets then please help me as to how I can make changes in my program and elsewhere so that my program is able to do that.
My program is as follows(if youm need it):
import java.io.*;
import java.awt.*;
import java.applet.*;
public class textcopy extends Applet
public void init()
Choice ch=new Choice();
ch.addItem("Click Next to continue.");
ch.addItem("Framework Properties");
Label l1=new Label(" ");
Label nm=new Label("Please specify the errors that you want to be checked for in the file:");
Label a1=new Label("Write the pathname here:");
ta=new TextArea(1,20);
B=new Button("OK");
Checkbox b1=new Checkbox("Punctuation errors");
Checkbox b2=new Checkbox("Finding whether a key string is misspelt");
Label l2=new Label("Please select the key string from one of these:");
add(a1);
add(ta);
add(B);
add(l1);
add(nm);
add(b1);
add(b2);
add(l2);
add(ch);
TextArea ta;
Button B;String str="";
public boolean action(Event e,Object obj)
if(e.target instanceof Button)
repaint();
return true;
return false;
public void paint(Graphics g)
String s=ta.getText();
try{
FileReader fin=new FileReader(s);
PrintWriter fout=new PrintWriter(new BufferedWriter(new FileWriter("c:\\avichal\\java\\errors.txt")));
parse(fin,fout);
fin.close();
fout.close();
catch(IOException e)
Label avi=new Label("arsehole!!!");
add(avi);
//g.drawString("SOme Error",500,300);
//e.printStackTrace();
public static void parse(FileReader fin,PrintWriter fout)throws IOException
String str="Punctuation Errors:\n"; /*Heading*/
fout.println(str);
fout.println("========================================================");
int i=0,j=0,k=0,l=0;
j=fin.read();
do{
do{
i=j;
j=fin.read();
}while((!((char)i=='('&&(char)j=='R'))&&(j!=-1));
if(j==-1)break;
j=fin.read();
j=fin.read();
j=fin.read();
j=fin.read();
j=fin.read();
j=fin.read();
j=fin.read();
char refnum[]=new char[5];
l=0;
while((char)j!=')')
j=fin.read();
if((char)j!=')')
refnum[l++]=(char)j;
fout.write("REF. NUM: ");
for(int a=0;a<l;a++)fout.write(refnum[a]);fout.write(": ");
j=fin.read();
l=0;
do{
i=j;
j=fin.read();
if((char)i=='\n')
k++;
//'k' gives the line no. and finally the no. of lines and neglects the lines before first occurence of "Ref Num
if(((char)i==',')&&((char)j!=' '))
l++;
String st=l+". error at line number "+ (k+1) + ": There should be "+
"a space after comma(,) \n";
fout.println(st);
if(((char)i=='.')&&((char)j!=' '))
l++;
String st=l+". error at line number "+ (k+1) + ": There should be "+
"a space after period(.) \n";
fout.println(st);
if(((char)i=='.')&&((char)j=='.'))
l++;
String st=l+". error at line number "+ (k+1) + ": There should not be "+
"two periods(.) together \n";
fout.println(st);
if(((char)i==' ')&&((char)j=='.'))
l++;
String st=l+". error at line number "+ (k+1) + ": There should not be "+
"a space before a period(.) \n ";
fout.println(st);
}while((!((char)i=='-' && (char)j=='T')) && j!=-1);
fout.println(" ");
/*if(l==0)
fout.println("No errors!!!!");*/
if(j==-1)break;
}while(j!=-1);You need to understand many concepts before you start work on .
Here is some useful links for you
1. http://mindprod.com/jgloss/signedapplets.html
2. http://java.sun.com/products/plugin/reference/codesamples/index.html examples of 1.4 plugin
3. http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/contents.html
4. http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/faq/basics.html
5. http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_signing.html -
Determine when signed applet certification is rejected
Hello,
When a signed applet is first run and the cert is verified, the dialog allows the user to "Run" or "Cancel". If they click "Cancel" the applet continues to run, but without the permissions it may need to do its job. Is there a way for the applet or the web page to determine if the user clicked "Cancel"?
The applet can of course try to do a privileged operation and catch AccessControlException, but that doesn't necessarily mean that the user clicked "Cancel"; maybe OS or browser security settings are preventing the applet from doing the operation.
ThanksYes, you can check that a permission is allowed without attempting that action. You will need to change the 'permission' object to be of the type of permission that you want to check.
try {
java.util.PropertyPermission permission = new java.util.PropertyPermission("my.fav.property", "read");
java.security.AccessController.checkPermission(permission);
System.out.println("Permission Check Passed");
} catch (AccessControlException e) {
System.out.println("Permission Check Failed");
}
Maybe you are looking for
-
Error while uploading the custom app 2nd time
Hi All, when i am uploading the custom application through the program /UI5/UI5_REPOSITORY_LOAD for 1st time it is getting properly uploaded, if we do any changes again uploading then i am not able upload the file of the app. following error are show
-
Aperture crashed twice today. Comments?
Aperture crashed twice on me today. Have since repaired the Library. Once was while using BorderFX. The other time I was building a complex filter in Places View. It's been a while since Aperture has outright crashed on me. Snips from crash logs
-
hi ive been given a second hand i phone but cannot connect it to i tunes i get a itunes error (OxE8000084). also cannot unlock phone thanks
-
Reading access to System Configuration
Hi, we need a role for developer which can perform only read-access to all tasks of Workset "System Administration". I have created a role and I have added workset "System Administration" (Portal Content --> Content Provided by SAP --> Admin Content
-
Where is the layer in lightroom
Where is the layer tab in lightroom?