Signed applets, going crazy
hi,
I think I've posted enough thread on signed applets and
still haven't got the solution and i'm the strong believer
that any sought of problem will be solved in the forums,
and I still believe in that. Ok! I don't wan't to bore u,
here is my problem:
1) I've signed the applet using keytool and specify the
signed.jar file in the archive parameter in <applet> tag,
but each and every client have to get the .java.policy
file to be placed on their windows home directory!!!
Is that the rt way to do it, or is there any way to link
the .java.policy while signing the applet. I've tested
this application and its working fine in the intranet, but
every client must have a copy of .java.policy file in his
home directory.
2)I've also tried in signing the cab files, ok fine but don't
know how to set the permissions in the .ini file in SDK for
java, no proper documentation and also when i got to
use the plugin converter to use my applet since the
browser does'nt recognise the rmi classes, so when i use
the plugin, and also the cabbase parameter, i'm not able
to get it, but i'm able to get one of my applet get going
which is a normal applet tries to write a file on to the
desktop, but it doesn't have the plugin.
3)Is there anyway to make applet work without using the
plugin concept. I came to know the if i specify archive
for rmi.zip, it should work, but I cou'lnt do it, is there any
other versions of rim.zip
Sorry 4 a long story,
ThanX for baring me.
kiran,
hiitskiran@yahoo.com
[1722 byte] By [
hikiran] at [2007-9-26 1:14:59]
hi..
I think, there are different step to handle a security on IE and netscape,
This is the step to handle security problem on IE
1. Create Cab File
cabarc -p -r -s 6144 N takepic.cab takepic.class
2. Create certificate
makecert -sk private -n "cn=I Gusti Putu Anom" anom.cer
3.create spc from certificate
cert2spc anom.cer anom.spc
4. create ini file contains permission you want
[com.ms.security.permissions.PrintingPermission]
[com.ms.security.permissions.PropertyPermission]
Unrestricted=false
IncludedProperties=java.vendor
[com.ms.security.permissions.ThreadPermission]
AllThreadGroups=true
AllThreads=true
[com.ms.security.permissions.UIPermission]
ClipboardAccess=true
TopLevelWindows=true
NoWarningBanners=true
FileDialogs=true
EventQueueAccess=true
5. signcode -j javasign.dll -jp perms.ini -spc anom.spc -k private takepic.cab
on you java code, create permission for IE and netscape
for IE, you can use PolicyEngine (com.ms.security.PolicyEngine) and PermissionID
for PermissionID, you write the Target (example PermissionID.UI)
for netscape, you use netscape.security.PrivilegeManager
you can find the netscape Lib at C:\Program Files\Netscape\Communicator\Program\java\classes\java40.jar
and you should create a jar file
(I still develop it for netscape, it's not done at the moment)
and for IE, you can find the lib at C:\WINNT\java\Packages\GI53BPN9.ZIP, but I use all package
I hope this will help you
I Gusti Putu Anom A
Software Engineer
Balicamp
Bali - Indonesia
hi,
ThanX 4 ur reply, but here are the two problems i'm facing in signing the cab files.
1) I dunno how to set the permissions for the following:
permission java.util.PropertyPermission "user.home","read";
permission java.util.PropertyPermission "file.separator","read";
permission java.io.FilePermission "${user.home}${/}Desktop${/}*","read,write";
permission java.net.SocketPermission "*:1024-65535","accept,connect,listen,resolve";
permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
2) Since my client applet uses rmi classes i gotta use plugin, where in
i can't specify the cabbase as my signed cab file, but
when i don't use the plugin, it works fine.
By the way signing the jar file using the keytool and
the client has to copy the .java.policy file with all the
permissions into his windows home directory, is that the
correct way.
if you use Signed applet step for IE,
you don't need to set the permission like that.
the six steps will run for IE
but if you want to set the permission, you can you PolicyTool.exe to edit java.policy file.
this file (PolicyTool.exe) is in you JDK/bin directory
if you use PolicyTool to modify your java.policy, this will work only on your computer, and not for another comp.
and also, this will throw security exception on the browser.
I suggest you, that you use the six steps,
after you use the six steps, and you run your applet from browser, This will show dialog box (a security alert )that ask user for permission.
if user click yes (grant), you can access the local system
if user click no (deny), you are not allowed to access local system
I thing, the client don't want to copy java.policy in their computer.
if you use Signed applet step for IE,
you don't need to set the permission like that.
the six steps will run for IE
but if you want to set the permission, you can you PolicyTool.exe to edit java.policy file.
this file (PolicyTool.exe) is in you JDK/bin directory
if you use PolicyTool to modify your java.policy, this will work only on your computer, and not for another comp.
and also, this will throw security exception on the browser.
I suggest you, that you use the six steps,
after you use the six steps, and you run your applet from browser, This will show dialog box (a security alert )that ask user for permission.
if user click yes (grant), you can access the local system
if user click no (deny), you are not allowed to access local system
I thing, the client don't want to copy java.policy on their computer.
