Policy file versus Java Plug-in Signed Applets Certificates.
Reading Java Tutorial (http://java.sun.com/docs/books/tutorial/security1.2/toolsign/receiver.html) I see that I need to create a Policy file to grant permission to applets signed by a specific certificate.
But if I just add the certificate to the Java Plug-in (Certificate tab) as a Signed Applet, the applets signed by this certificate will execute in all browsers without any restrictions.
So my questions are:
- Is the policy file an obsolete way to achieve this?
- Does the Java Plug韓 generate a policy file under the covers with the imported certificates? If this is correct, where is that file located?
Thanks in advance,
Chemi.
> I need to create a Policy file to grant permission to applets signed by a specific
certificate.
No, default behavior is that the jre will ask the user the "do you trust" question.
Policy files are used for a controlled environment like a company. Use the java.security to
add a java.policy url (pointing to an Intranet location). The admin can then set up less
ristriction when and if needed in this policy file.
> But if I just add the certificate to the Java Plug-in (Certificate tab) as a Signed Applet,
A policy can come with a keystore, if that's the case you can import the keys in that
keystore (used by your company) and set up a "signed by" policy trusting all code if it's
signed by a trusted company (no need for CA signature).
http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
The keystore can allso be used for authentication since the keystore is a key pair.
When connecting to an SSL site the server can request you identify yourselve. You will
have to send the public version of your private key, the server can check it's keystore to
see if the your key is in there.
http://forum.java.sun.com/thread.jspa?threadID=614462&tstart=0
