Hi ncoleman,
I have done exactly what you have mentioned.
But still I get a security exception in IE6.0 while
creating a directory through applet.
I have used a .jar file for my applet to work. Do I need to use
.cab file for IE?
Apart from this I have also taken permission in the init() of the
applet.
SO what went wrong?
It is really a very nice effort regarding the signing of applets.But the problem I am facing is that after completing the "The 10 steps" successfully, I am unable to access a local file through IE6.0...I have even tried through an entry in Certificates option of the IE6.0....The message I get is of successful import of the certificate but it does not show up in the area.
I am on Win XP and using jdk1.4 plug-in and IE 6.0....Any help will be highly appreciated..
I was wondering about that as well, and think I found the other thread, in which the only interesting thing was:
http://bugzilla.mozilla.org/show_bug.cgi?id=109067
The thread was http://forum.java.sun.com/thread.jsp?forum=63&thread=183585
I did what the document said and in my applet where I used to have :
executer = new Thread (AThreadedWorkerApplet.this);
executer.setPriority(Thread.NORM_PRIORITY);
executer.start();
I now have:
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// privileged code goes here
executer = new Thread (AThreadedWorkerApplet.this);
executer.setPriority(Thread.NORM_PRIORITY);
executer.start();
return null;
}
});
so it was a small change indeed (only it won't run without VM anymore, I will fix that in the morning ;-))
Hope this helps. By the way, we use a polling mechanism in our applets, without relying on JSOBject or whatever and the applets run practically verywhere (mac, unix, windows and on IE and netscape when at least liveconnect is supported).
Hi,
I learn that clealy on ur help, however, I met a problem during my work.
Can I specify my problem following:
I went throught the 9 steps but when I type the last command:
keytool -import -keystore cacerts -alias duke -file mycert.crt
I get the error:
================================================================
keytool error: java.io.FileNotFoundException: cacerts (Access is denied)================================================================
I think that's the system admins not allow me to modify it since i do a project in college to use signed applet technology, is that right?
Ishould contact them and ask for permission or I have any other solution? Can you show me some idea?
I have trying to handle a MSAccess Database with DSN using an applet.
I have followed you solve, but at the runtime I am getting an error stating "SQLException No suitable Driver Found".
I have tried the same code with a console based program, it does not create any problem, but when I tried it with appletviewer or browser that problem occur.
public class test extends Applet implements ActionListener
{
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
String str=null;
TextArea ta;
public void init()
{
ta= new TextArea(10,30);
add(ta);
Button b1 = new Button(">>");
add(b1);
b1.addActionListener(this);
ta.setText("Initialization...\n");
}
public void actionPerformed(ActionEvent ae)
{
ta.appendText("Inside actionPerformed\n");
try
{
ta.appendText("Inside try block\n");
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
ta.appendText("Class loaded\n");
/******** upto this point it works fine ************/
con=DriverManager.getConnection("jdbc:odbc:dbcon","","");
ta.appendText("Connection created\n");
stmt=con.createStatement();
ta.appendText("Statement created\n");
rs=stmt.executeQuery("select * from student");
ta.appendText("Resultset created\n");
Hello every one,
i write sign applet and it function in any machine where
there is installed jdk.
Now i need to know how i can run this applet in machines where
there no installed jdk
This work of applet is to execute a process on the client for
example notepad.exe.
can anyone send me the signed Applet code so that i can have an idea of how to develop my owen signed code. if anyone can send pls send it to akilasivam@hotmail.com id.
The purpose of this document is to document the steps
required to sign and use an
applet using a self-signed cert or CA authorized in
the JDK 1.3 plugin.
The original 9 steps of this process were posted by
user irene67 on suns message forum:
http://forums.java.sun.com/thread.jsp?forum=63&thread
=132769
-----begin irene67's original message
These steps describe the creation of a self-signed
applet. This is useful for testing purposes. For use
of public reachable applets, there will be needed a
"real" certificate issued by an authority like
VeriSign or Thawte. (See step 10 - no user will
import and trust a self-signed applet from an unkown
developer).
The applet needs to run in the plugin, as only the
plugin is platform- and browser-independent. And
without this indepence, it makes no sense to use
java...
1. Create your code for the applet as usual.
It is not necessary to set any permissions or use
security managers in
the code.
2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3
path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is any password. Only Sun
knows why...
perhaps ;-)
3. Generate key: keytool -genkey -keyalg rsa -alias
tstkey
Enter keystore password: *****
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity,
ST=YS, C=US
correct?
[no]: yes
(wait...)
Enter key password for tstkey
(RETURN if same as keystore password):
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity
scope
jar verified.
9. Create HTML-File for use of the Applet by the Sun
Plugin 1.3
(recommended to use HTML Converter Version 1.3)
10. (Omitted See Below)
-----end irene67's original message
To make the plug-in work for any browser you have two
options with the JDK 1.3 plugin.
1) Is to export a cert request using the key tool and
send it to a CA verification source like verisign.
When the reponse comes back, import it into the
keystore overwriting the original cert for the
generated key.
To export request:
keytool -certreg -alias tstkey -file tstcert.req
To import response:
keytool -import -trustcacerts -alias tstkey -file
careply.crt
An applet signed with a cert that has been verified
by a CA source will automatically be recognized by
the plugin.
2) For development or otherwise, you may want to just
use your self-signed certificate.
In that case, the JDK 1.3 plugin will recognize all
certs that have a root cert located in the JDK 1.3
cacerts keystore.
This means you can import your test certificate into
this keystore and have the plugin recognize your jars
when you sign them.
To import self-signed certificate into the cacerts
keystore, change directory to where the JDK plugin
key store is located.
For JDK 1.3.0_02: C:\Program
Files\JavaSoft\JRE\1.3.0_02\lib\security
For JDK 1.3.1: C:\Program
Files\JavaSoft\JRE\1.3.1\lib\security
Import your self-signed cert into the cacerts
keystore:
keytool -import -keystore cacerts -storepass changeit
-file tstcert.crt
(the password is literally 'changeit')
Now, regardless of which method you use, the applet
should be recognized as coming from a signed jar.
The user can choose to activate it if he / she
he chooses. If your applet uses classes from
multiple jars, for example Apache's Xerce's parser,
you will need to sign those jars as well to allow
them to execute in the client's brower. Otherwise,
only the classes coming from the signed jar will work
with the java.security.AllPermission setting and all
other classes from unsigned jars will run in the
sandbox.
NOTE: Unless otherwise specified by the -keystore
command in all keytool and jarsigner operations, the
keystore file used is named '.keystore' in the user's
home directory.
The first time any keystore is accessed (including
the default) it will be created and secured with the
first password given by the user. There is no way to
figure out the password if you forget it, but you can
delete the default file and recreate it if necessary.
For most operations, using the -keystore command is
s safer to keep from cluttering or messing up your
default keystore.
Re: How to sign an applet (and get it to work)
Jun 8, 2006 1:53 AM
(reply 55
of 63) (In reply to
#2 )
hi..
i've tried your tips..
but at the 6th step, i cannot signed it
when i entered these lines,
jarsigner MyApplet.jar tstkey
Enter Passphrase for keystore: ****
the message is-->
jarsigner: attempt to rename MyApplet.jar to MyApplet.jar.orig failed
I had a problem with an Corba connecting applet. But I followed the steps described in your article and signed the applet, and it solved the problem. Tanks a lot for the best tutorial on the subject that I have read.
The message:
"jarsigner: attempt to rename X.jar to X.jar.orig failed"
Appears when another application is using the original jar, and jarsigner therefore cannot do with it what it wants. Please close all other applications (typically a browser, trying to run an applet in the jar, or similar) when executing the jarsigner tool.
Email this Topic
Edit this Topic
