Signed applet and security; a question

Similar Messages

• JRE 1.4.x Plugin - Signed Applets and Weird Behaviour (Policy)

  Hello.
  I have recently experienced some strange behaviour related to signed applets and policy files in JRE 1.4.2-b28 ( a friend got the same behaviour in a flavour of 1.4.1-xx as well ). Both tests were on Windows 2000 Professional platforms.
  Initially my unsigned applet, which attempts socket connections to a server different from the download location, fails with security exceptions ( as expected ). Then I did the following to sign the applet jar and configure my environment
  Steps: 1) Import "trusted CA" certificate into ${java.home}/lib/security/cacerts. (JRE home outside the JDK)
  2) Signed the jar using jarsigner and a certificate generated from the "trusted CA" (Entrust CA and certificate).
  3) Imported the signing certificate into the Java plugin using import in the plugin control panel.
  4) Created a new keystore (keytool,jks) and imported the signing certificate into the keystore with alias "developer". The keystore is stored in the user home as .keystore.
  5) Created a .java.policy for the user and attaching the keystore in 4) to it. ( also stored in user home ).
  6) Used the policy tool to grant socketpermissions to the specific codebase ( testing with file:/C:/test/* initially ) signed by "developer"
  After this, when I ran the test page under IE 5.5SP2 and Netscape 7.1 it worked without any security exception. Ditto for using the appletviewer and the policy file I created for the user.
  The weird part occurred when I removed the policy entry from the user policy file. After doing this, Netscape and IE still allow the applet to execute - somehow remembering that it was granted permissions at some point. The appletviewer does not allow it to execute, generating security exceptions.
  It appears the old policy is being cached somewhere, but I cannot find where. If I replace the applet jar with an unsigned version it does fail in IE and Netscape. I tried cleaning the plugin cache and removing the "deployment.certs" files related to the users but still get the same behaviour.
  Does anyone know where the old policy information is being stored ? Does anyone know how to revoke the permissions so that I am restored to my original base environment ( no permissions for "designer" signed applets ) ? Would attempting to utilize the AccessController.doPriveleged( xxxx ) operations in JDK 1.4 avoid all of this confusion with policy files, keystores and certificate storage ? After all the messing about I would like a zero-footprint alternative ( or minimzed footprint anyway ).
  Any ideas would be most welcome.
  Regards,
  James.

  Hello Again.
  I am either enlightened or confused at this point. I found that as long as all of my related Jars are signed ( even by self-signed certificates ) I am granted SocketPermissions for calls outside of the originating server. Unsigned code is refused, but even when the Jars were signed using a self-signed certificate the Socket calls were allowed.
  Am I experiencing the appropriate behaviour in this case ( which would mean not having to utilize policy files to distribute an applet that uses calls to arbitrary servers - e.g. JavaMail ) or am I suffering from something damaged in my environment ?
  It has been a long time since I played with signed applets and I am having difficulty determining what operations require policy file entries/AccessController.doPrivileged() calls and which are granted when a user elects to trust a signed applet without policy.
  Any assistance in clearing up my confusion would be appreciated.
  Regards,
  James.

• Signed applet and HTML parameters

  I've created a signed applet and everything works fine, except for the fact that i can't add parameters to the applet.
  Without the parameters in the HTML the applet inits and starts and can be used without problems. But when I add paramaters, the applet reports a "class not found exception".
  I used HTML-converter to convert the applet tag to object/embed tags.
  Has anyone had the same problem or knows what I'm doing wrong? I'd really appreciate some help.
  Thanks in advance,
  Erik
  My HTML source:
  <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = CODE VALUE = "TNA" >
  <PARAM NAME = ARCHIVE VALUE = "TNA.jar" >
  <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3.0">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>
  -->

  Try this:
  OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = "java_code" VALUE = "TNA.class" >
  <PARAM NAME = "java_archive" VALUE = "TNA.jar" >
  <PARAM NAME = "java_type" VALUE="application/x-java-applet;version=1.3.1">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>

• Signed Applets And IE Security

  Hi, all!
  I have a signed applet (x.509) run in IE with plug-in 1.4.0b92. In most cases the behavior is as it is expected - a window prompting user to deny, allow or always alow the certificate in the applet appears. But there are some cases when this window doesn't appear and the users are able to run the applet. No certificates are previously installed or granted(at least there aren't any items in Certificates tab or in .keystore file in user home).
  Does anybody could say what is the normal behavior of the plug-in - does it always prompt the user when a signed content is run; does it depend on Security setting in the browser?
  Thanks in advance for any help or further information!
  Regards, Ivo Kolev

  Hi,
  Do you clear you Plug-in Cache explicity ?
  May be sometimes your IE uses the plug in to restore the applet from the cache.
  But I remember having observed the same problem when I used a signed applet. The dialog box appears 'mostly always' but sometimes it just doesnt :)
  if you are able to resolve the problem...let me know

• Signed applets and dialogs

  hi all,
  question to clarify my understanding of signed applets.
  got a bog-standard applet. nothing clever or special.
  got myself a bog-standard cert from thawte.
  signed the applet and put it on a webserver.
  displays the correct security notice on first load. continue and "Always trust this company" etc...
  all runs fine.
  in the applet init, i've put in
  java.awt.AWTPermission perm = new java.awt.AWTPermission("showWindowWithoutWarningBanner");
  try {
    AccessController.checkPermission(perm);
    System.out.println("access allowed?");
  } catch (AccessControlException ex) {
    ex.printStackTrace();
  }open the main frame, and all is good. no banner or access denied exception.
  show a popup menu, or tooltip. no banner.
  display a dialog. oops, a banner "Java Applet Window" and the bottom section of the dialog is covered with the warning msg.
  so i'm confused.
  does this mean that this permission does not apply to dialogs? (if so, what?)
  even with a cert, this msg cannot be removed? (please tell me no)
  wrap and recode all dialog openings with AccessController.doPrivileged? (i dont wanna do this)
  or i missed something with the setup.
  i've been searching the forums for some info, but seem to be going in circles. editing the policy file on all client comps is not a valid option, unless there is sometrick i dont know about .
  tia
  -a

  hi,
  i got the answer from the link
  http://www.javaworld.com/javaworld/jw-12-2000/jw-1215-security.html

• Signed Applet and no permission

  Hi,
  we have an applet which writes a file on the local disc. Therefore this applet is signed with a valid verisign certificate. Everything works perfect, as long we use the vm 1.4.2_08. Now we changed the vm to 1.4.2_10 and writing a file is no more possible.
  I never used a policy file, because we have a proper signed applet. I found many articles, which all say that if you have a signed applet a modification of security files is not neccessary.
  If I modify the java.policy and add these lines:
  permission java.awt.AWTPermission "readDisplayPixels";
  permission java.awt.AWTPermission "createRobot";
  permission java.io.FilePermission "${user.home}/screenshot.jpg", "read,write,delete";
  everything works ok. But our applet runs on more than 40.000 clients. I am not willing to modify all clients. There must be another solution.
  Any hint is appreciated.
  I have checked some more vm. The problem occurs also with the vm 1.4.2_04.
  thx thorsti
  Message was edited by:
  thorsti16

  Try to use doPrivileged or do the "privileged" action in a thread started
  in run.
  Is the jre asking the user the "do you trust question"? If not someone might
  have switched off trusting signed applets in the java.policy (like a profesional
  company where backoffice has a say in what to trust, not the user).
  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• Signed applets and restrictions ?

  Hello,
  I've a question regarding applets security : in fact I've tried to sign myself a Jar file containing all required classes for an application (using the jarsigner tool from Sun). However I'm still getting security problems even of it was digitally signed ans don't understand exactly the causes : Could somebody explain me them ? I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ? Would it mean that we can't get these permissions without paying any submissions ?
  TU a lot...
  PA
  http://wwww.doffoel.com

  I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ?
  Its not compulsory to go to verisign for signing your applet. You can also create your own certificates with Java's keytool. Its 200% free of cost. However, if you are inclined to build a commercial application, where you don't know the clients, who download the applet, get certs from verisign , Thales et al.
  Would it mean that we can't get these permissions without paying any submissions ?
  No. Not at all. You can always make a descent application without going to the standard certificates and without paying $$$.
  Post your quetions in http://forum.java.sun.com/forum.jsp?forum=63 for expert answers.
  Have a look at this famous thread for signing applets.
  http://forum.java.sun.com/thread.jsp?forum=63&thread=132769
  good wishes,
  Rajesh

• Signed applet throws security exceptions

  Since nobody seems to be reading the Signe Applet forum, I decided to try here:
  Hi all
  I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
  The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
  So, signing will have to work.
  Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
  It works on JVM 1.5.0_06 but not on 1.4.2_08.
  Please help me make if work under any JVM.
  The error I get is:
  Java(TM) Plug-in: Version 1.4.2_08
  Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\miha
  Proxy Configuration: Automatic Proxy Configuration
       URL: http://orion.nil.si/proxy.pac
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  l:   dump classloader list
  m:   print memory usage
  o:   trigger logging
  p:   reload proxy configuration
  q:   hide console
  r:   reload policy configuration
  s:   dump system properties
  t:   dump thread list
  v:   dump thread stack
  x:   clear classloader cache
  0-5: set trace level to <n>
  java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
  TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
  java.lang.NullPointerException
       at net.propero.rdp.ISO.connect(ISO.java:123)
       at net.propero.rdp.MCS.connect(MCS.java:84)
       at net.propero.rdp.Secure.connect(Secure.java:153)
       at net.propero.rdp.Secure.connect(Secure.java:171)
       at net.propero.rdp.Rdp.connect(Rdp.java:498)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
  FATAL: java.lang.NullPointerException: nullWhat is funny, is that I have two applets, and one works and the other one doesn't. It is like this:
  Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
  Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
  All JARs are signed using the same key/certificate.
  Both applets try to connect to the same "host1".
  Both applets try to use the same proxy - which is different from "host1".
  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

• WebService call from signed applet and MS Vista

  Hi.
  I'M developing a system that needs to call web services from a signed applet.
  I have made the solution like this.
  The applet starts by checking that the 12 needed libs is present under the <java home>\lib\ext folder. if not it will download the files automatically and restart the browser.
  This works fine in Windows XP because the signed applet gives me read/write access to the whole machine, but in Vista this isn't possible anymore (as i understand it).
  My question: Is it possible to put these libs in another folder that the ext lib? I have tried to define the "archive" tag in my Object tag but i get the class not found exception thrown in my face.
  If there is a solution to this i would very much like some pointers!
  If not what can i do to get access to the <java home>\lib\ext folder under Vista?
  Regards
  Michael Pallesen

  When invokin applet methods via javascript, you are accessing privileged actions from an unsafe source.
  Depending on your needs, you could either load the system variables in applet init into class variables and return the information contained in the class variables to javascript or wrap the method calls inside AccessController.doPrivileged() calls.

• Problem with a signed applet and a user machine.

  Hello. I´m having some problems with a signed applet with some dependences.
  In one particular computer the applet doesn´t load.
  The java version installed in that computer is 1.6.0_25.
  The invocation tag:
  <applet name=applet id="applet" code=Applet/RequestApplet.class width=155 height=21 archive="RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The RequestApplet.jar and dependences:
     bcmail-jdk13-145.jar(signed by bouncy castle), jce-ext-jdk13-145.jar(signed by bouncy castle), AbsoluteLayout.jar, plugin.jar, RequestApplet.jar(signed by me)*this files are all in the same folder.
  The requestApplet.jar manifest:
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.7.1
  X-COMMENT: Main-Class will be added automatically by build
  Class-Path: bcmail-jdk13-145.jar jce-ext-jdk13-145.jar plugin.jar Abso
  luteLayout.jar
  Created-By: 10.0-b23 (Sun Microsystems Inc.)
  Main-Class: Applet.RequestApplet
  Name: Applet/ResponseApplet$1.class
  SHA1-Digest: fO5IPiwEH3OhvlprhBecmMIAVJI=
  Name: Applet/NewJApplet.class
  SHA1-Digest: 6XSpm7lQEQRi39TegoUYv2aFJrk=
  Name: Applet/ResponseApplet.class
  SHA1-Digest: v1EbKUFB+QdvO05xx8UzAMNIyRs=
  Name: Applet/ResponseApplet$4.class
  SHA1-Digest: XH4I67psXZTelpz0AMAYc/Ej8QY=
  Name: Applet/RequestApplet$1.class
  SHA1-Digest: KAP5sAC4Thv/6GClkFAdGUVzgYA=
  Name: Applet/ResponseApplet$5.class
  SHA1-Digest: CVPnKrW2SgNEkRzYnVnQe3KGrIU=
  Name: Applet/ResponseApplet$3.class
  SHA1-Digest: SjfW1k1K7BA9m3AxmHi+jvRE+9o=
  Name: Applet/ResponseApplet$2.class
  SHA1-Digest: 3Pu18CZMLuEh7/n3y7XxFSkuNQY=
  Name: Applet/RequestApplet.class
  SHA1-Digest: Tky85es5+o371adetH9XVEI2Z+o=The error:
  java.lang.RuntimeException: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at java.lang.Class.getDeclaredConstructors0(Native Method)
       at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
       at java.lang.Class.getConstructor0(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
       at java.awt.event.InvocationEvent.dispatch(Unknown Source)
       at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
       at java.awt.EventQueue.access$000(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       ... 20 more

  Thanks. I´ll try with your tips. But if i put all the dependences in archive I get this error.
  The tag:
  <applet name=applet id="applet" CODEBASE="." code="Applet/RequestApplet.class" width=155 height=21 archive="bcmail-jdk13-145.jar, jce-ext-jdk13-145.jar, AbsoluteLayout.jar, plugin.jar, RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The error:
  Java Plug-in 1.6.0_25
  Usar versión JRE 1.6.0_25-b06 Java HotSpot(TM) Client VM
  Directorio local del usuario = C:\Documents and Settings\Administrator
  c:   borrar ventana de consola
  f:   finalizar objetos en la cola de finalización
  g:   liberación de recursos
  h:   presentar este mensaje de ayuda
  l:   volcar lista del cargador de clases
  m:   imprimir sintaxis de memoria
  o:   activar registro
  q:   ocultar consola
  r:   recargar configuración de norma
  s:   volcar propiedades del sistema y de despliegue
  t:   volcar lista de subprocesos
  v:   volcar pila de subprocesos
  x:   borrar antememoria del cargador de clases
  0-5: establecer nivel de rastreo en <n>
  basic: Receptor de progreso agregado: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@f39b3a
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/bcmail-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/jce-ext-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/AbsoluteLayout.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/plugin.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/RequestApplet.jar

• Signed Applet and native code

  Hi all,
  I have an application which I deploy with webstart and includes native code. This all works perfectly with webstart. I now want to deploy it as an applet. This works accept for the native code. I have done heaps of searching and cannot determine the most appropriate way to make the native code visible to the applet.
  Ultimately I am at the point where i recieve a UnsatisfiedLinkError when calling loadLibrary(...) for the native code. Currently i have the native code (dll's for windows, so's for Solaris etc) in independent jars which are also signed (as needed for webstart).
  Could anyone give me some advise or a reference to more info on this topic.
  I am using Java 1.5 and am happy to use 1.6 if neccessary.
  Thanks,
  Dave

  Andrew - of course you were correct about the signed cert - I misspoke when the CA signed applet didn't show a warning. (You were also right that I must have checked 'always accept' the certificate on the server I had the CA signed cert on).
  I think you guys are on to something about the privileged actions. It would explain where one popup has the icon and the other doesn't. We have Javascript making calls into the applet and we do use JNI (although I don't think there are any calls back). We do wrap these calls in privileged actions but maybe we missed something. What I've seen before is a security exception is thrown if we don't wrap them - but maybe there are areas where we don't and it doesn't throw an exception or it does and we eat it somehow (and for whatever reason doesn't cause anything noticeable).
  Now that I know it could likely be the applet code and not necessarily a build issue with signing the jars, I have another place to look...
  I'll check it out and let you know what I find.

• Signed applet and javascript communication

  Hi All,
  I have an (jar) signed applet which I use to access system properties (e.g user.home). I also have a javascript code that communicates (call to a public function) with the applet to get the property "user.home" from the applet. Everything works fine in Java plugin 1.3 but since I have installed the latest plugin 1.4.2_01 from http://www.java.com/en/download/windows_automatic.jsp website I can not access the system properties even though everything in the code is same.
  I can however still access public functions/variables from the same applet which do not access system properties in the new plugin 1.4.2_01.
  The browser I am using is IE and OS is Windows 2000.
  Does anybody know if Sun has changed the security policy for 1.4.2_01, in the new plugin for java-javascript communication to block access to functions which uses system property,fileIO, socket etc. even if they are signed applet??
  Thanks in advance..

  When invokin applet methods via javascript, you are accessing privileged actions from an unsafe source.
  Depending on your needs, you could either load the system variables in applet init into class variables and return the information contained in the class variables to javascript or wrap the method calls inside AccessController.doPrivileged() calls.

• IIS, Javascript, Signed Applet and ASP Blank Page Problem

  Hi,
  I'm having a problem using a Signed Applet in a site that runs in a IIS (Windows Server 2003).
  My aspx web page uses the applet to read my smart card and get information from it.
  This applet uses an auxiliar dll (stored in a second Signed Jar file) in order to read the information from my smart card.
  The way the solution is design:
  1) Aspx page is asked from server
  2) Internet Explorer recieve the page and asks the server for it content (images, applet, javascripts, etc)
  3) After this the JVM runs (console opens)
  4) After the Aspx page render fully a javascript register onload fires and call an applet method
  5) Applet receive the call and run the logic of the method:
       - reads the smart card;
       - calls Javascript function in order to fill aspx fields with information from smart card
       - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
  5) The server makes some logic with the information receive and responds to client registering in aspx page a call to another Javascrit function
  6) The client received the asnwer from server and runs the Javascript function registered on step 5)
       This Javascript calls another method from applet and runs the following logic:
       - reads more information from smart card;
       - call javascript function in order to fill more fields of aspx page with the information readed
       - calls Javascript function the simulates a click in a botton of aspx page (in order to call server side part sending data readed from smart card to server)
  7) The server makes some logic and call another pages with no Applets
  8) Client asks for a second page with the same applet and we start with another logic express on steps 1);2);3),4);5) and then 7).
  This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
  When this happens the server just responds with a blank page.
       - with fiddler I can seer the request for the aspx page (that uses the applet)
       - but server responds with a blank html page
  The JVM doesn't fire.
  The IIS log don't show errors.
  The eventviewer doesn't show errors.
  The problem is solved with an IIS reset or a Application Pool reset.
  After a while the problem returns.
  This problem occours for other user in another machine, the server just stops responding correcly to request regarding pages with applets, the other pages still continue to work.
  If we disable Java Control Panel->Advanced->Java Plug-in->Enable the next-generation Java Plug-in the problem seend to stop, but we can't force all clients to disable this option right?
  Or there is a way to force the Applet to run with this option disabled?
  As anyone experience similar problem?
  Regards,
  OF

  This is all ok, until sometimes the server stop responding correcly for requests regarding this two pages with the Applet.
  When this happens the server just responds with a blank page.
  - with fiddler I can seer the request for the aspx page (that uses the applet)
  - but server responds with a blank html pageWell, if http requests look identical in case of success and failure (pay attention to cookies, etc) then it has to be something on the server side.
  It could be that server gets into this wrong state because of previous requests made by applet but it is hard to tell.
  I am not clear how old/new plugin can make a difference unless your applets run in the legacy mode (i.e. you are actually trying to reuse SAME instance of the applet when
  it is loaded next time).
  I'd start with
  1) carefully comparing good/bad sessions
  2) checking whether server will serve correct response to another client when it serves "bad" page for current client
  3) add debug statements to aspx - it is scripted page, may be some condition is not met and then it returns blank?
  4) record all http requests in one session until you get to "error" state and then use any http server testing tool to "replay" this set of requests.
  You should be able to get server into the same state without use of applet. Then you can try to tweak set of requests to see what makes a difference.

• About applets and secure connection

  Hello. I've read some threads but I can't understand a thing about applets and SSL.
  I've a signed applet. This applets is embedded with applet tag in a jsp page.
  The applet works as a file uploader.
  With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
  Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
  Thank you

  Hello. I've read some threads but I can't understand a thing about applets and SSL.
  I've a signed applet. This applets is embedded with applet tag in a jsp page.
  The applet works as a file uploader.
  With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
  Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
  Thank you

• How to create signed applet and make it work with browser

  i hav an applet that needs to write a file to onto local system resource. i came to know that the applet needs to be signed. so i searched some guides to create a signed applet but most of them specify how to use it with applet viewer and not on a browser. plz help me with how to sign an applet and and allow it to write a file from within a browser.

  On linux, something like this:
  keytool -genkey -alias signSocket -keystore socketstore -keypass abc123 -dname "cn=your name" -storepass abc123
  jar cvf Socket.jar *.class
  jarsigner -keystore socketstore -storepass abc123 -keypass abc123 -signedjar SSocket.jar Socket.jar signSocket
  And in html:
  CODE = "YourClass.class"
  ARCHIVE = "SSocket.jar"
  ...