Sitemap

Amicuk Programming Answers

How to sign java applet policy to end user?

-0001-11-30   Views:0

Advertisement

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE? can anyone help me?I found this some where else. It shows how to sign an applet. START OF DOC How To Sign a Java Applet T

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE?
can anyone help me?

The replay answer
Advertisement
I found this some where else. It shows how to sign an applet.
START OF DOC
How To Sign a Java Applet
The purpose of this document is to document the steps required to sign and use an
applet using a self-signed cert or CA authorized in the JDK 1.3 plugin.
The original 9 steps of this process were posted by user irene67 on suns message forum:
http://forums.java.sun.com/thread.jsp?forum=63&thread=132769
-----begin irene67's original message -----
These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).
The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...
1. Create your code for the applet as usual.
It is not necessary to set any permissions or use security managers in
the code.
2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3 path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is any password. Only Sun knows why...
perhaps ;-)
3. Generate key: keytool -genkey -keyalg rsa -alias tstkey
Enter keystore password: *******
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
correct?
[no]: yes
(wait...)
Enter key password for tstkey
(RETURN if same as keystore password):
(press [enter])
4. Export key: keytool -export -alias tstkey -file tstcert.crt
Enter keystore password: *******
Certificate stored in file tstcert.crt
5. Create JAR: jar cvf tst.jar tst.class
Add all classes used in your project by typing the classnames in the
same line.
added manifest
adding: tst.class(in = 849) (out= 536)(deflated 36%)
6. Verify JAR: jar tvf tst.jar
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF
849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
7. Sign JAR: jarsigner tst.jar tstkey
Enter Passphrase for keystore: *******
8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar
130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF
183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF
920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
(tstkey)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
9. Create HTML-File for use of the Applet by the Sun Plugin 1.3
(recommended to use HTML Converter Version 1.3)
10. (Omitted See Below)
-----end irene67's original message -----
To make the plug-in work for any browser you have two options with the JDK 1.3 plugin.
1) Is to export a cert request using the key tool and send it to a CA verification source like verisign.
When the reponse comes back, import it into the keystore overwriting the original cert for the generated key.
To export request:
keytool -certreg -alias tstkey -file tstcert.req
To import response:
keytool -import -trustcacerts -alias tstkey -file careply.crt
An applet signed with a cert that has been verified by a CA source will automatically be recognized by the plugin.
2) For development or otherwise, you may want to just use your self-signed certificate.
In that case, the JDK 1.3 plugin will recognize all certs that have a root cert located in the JDK 1.3 cacerts keystore.
This means you can import your test certificate into this keystore and have the plugin recognize your jars when you sign them.
To import self-signed certificate into the cacerts keystore, change directory to where the JDK plugin key store is located.
For JDK 1.3.0_02: C:\Program Files\JavaSoft\JRE\1.3.0_02\lib\security
For JDK 1.3.1: C:\Program Files\JavaSoft\JRE\1.3.1\lib\security
Import your self-signed cert into the cacerts keystore:
keytool -import -keystore cacerts -storepass changeit -file tstcert.crt
(the password is literally 'changeit')
Now, regardless of which method you use, the applet should be recognized as coming from a signed jar. The user can choose to activate it if he / she chooses. If your applet uses classes from multiple jars, for example Apache's Xerce's parser, you will need to sign those jars as well to allow them to execute in the client's brower. Otherwise, only the classes coming from the signed jar will work with the java.security.AllPermission setting and all other classes from unsigned jars will run in the sandbox.
NOTE: Unless otherwise specified by the -keystore command in all keytool and jarsigner operations, the keystore file used is named '.keystore' in the user's home directory.
The first time any keystore is accessed (including the default) it will be created and secured with the first password given by the user. There is no way to figure out the password if you forget it, but you can delete the default file and recreate it if necessary. For most operations, using the -keystore command is safer to keep from cluttering or messing up your default keystore.

Go to See the other 2 answers

How to sign java applet policy to end user?

Category:DefaultRelease time:-0001-11-30Views:130

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE? can anyone help me?I found this some where else. It shows how to sign an applet. START OF DOC How To Sign a Java Applet T[More]

Signed java applets not working on lion?

Category:DefaultRelease time:-0001-11-30Views:130

After downloading java plugin on osx Lion, signed java applets fail to start. This is the error I get in java console, seems like the certificate is not imported to keychain? any workaround?: java.lang.reflect.InvocationTargetException     at java.aw[More]

Using external libraries over signed Java applet: InvocationTargetException when running locally with 7u51

Category:DefaultRelease time:-0001-11-30Views:130

We have a signed Java applet that uses external libraries, specifically the OpenOffice application libraries. We have a problem running Java applet with 7u51 of "InvocationTargetException" when use these libraries OpenOffice, that is not signed;[More]

I can't run signed Java Applets

Category:DefaultRelease time:-0001-11-30Views:130

HI I have a java applet where I need to have acces to a local file, but I can't get IE to run the applet. (IE do not come with the Secutiy Warning window.) From the homepage, I run the applet via: <applet name=read_file code="read_file.class"[More]

Signed java applet is very slow with 1.4.2_06

Category:DefaultRelease time:2015-10-11Views:130

We have an application which has a signed jar applets was working fine with Java Plug-in (JPI) version 1.4.1_02. Due to customer requirement they want to run the same applet with JPI version 1.4.2_06, After JPI upgrade the applet is running slow. I a[More]

Signed Java Applet

Category:DefaultRelease time:-0001-11-30Views:130

0 down vote favorite I have written an applet with Netbeans. When I click on Clean and Build then Netbean create a jar file "Test.jar" and also another folder called lib in the same directory. I've signed the Test.jar. Basically this applet uplo[More]

Signed JAVA applet still not connecting.

Category:DefaultRelease time:-0001-11-30Views:130

I have a signed applet that works in my development environment, but as soon as I run it from my website, I get this: basic: Referencing classloader: [email protected], refcount=1 basic: Added progress listener: sun.plugin.util.GrayB[More]

Creating signed Java applet for Netscape 4x

Category:DefaultRelease time:-0001-11-30Views:130

I have created a signed jar with SuperUser privileges under Netscape. public void init() { try { if( Class.forName("netscape.security.PrivilegeManager") != null ) { netscape.security.PrivilegeManager.enablePrivilege("SuperUser"); } cat[More]

Simplest way to sign Java applets

Category:DefaultRelease time:-0001-11-30Views:130

is there a way that i could sign applets without using the command line? its kinda in efficient if i may say. thanks in advance.Maybe an IDE will be able to do it? Or you could create a build script (ant is good), so building your applet (including s[More]

Java applet and vertical scroll bar

Category:DefaultRelease time:2015-10-11Views:130

Hi, We are upgrading from SRM 3.0 to 5.0 and are encountering these 2 issues: 1- When clicking on approval preview users get a Java pop up box titled "request authentication", the warning message is: Identification Required. Please select certif[More]

Java 1.5.09/10 Java Applet on Vista - starts but never downloads files

Category:DefaultRelease time:-0001-11-30Views:130

We are attempting to test a java 1.5.07 compiled and signed Java applet with Windows Vista (from MSDN). Logged in as an administrator on the client PC, we installed the 1.5.09 and the 1.5.10 JRE on the client. We then changed the html of the applet p[More]

Hot
Ok Im getting desperate here, I really dont want to get my F60 repaired. Ive had it for about 2 weeks now, and it constantly freezes. It freezes mainly when I put the thing to sleep. It also freezes sometimes when booting up, waking up, switching use [More]
Hello I am intersted in addessing a certain cell in a boolean array. Suppose I have a boolean array called bArr which is of length 10 and contains  values  of { T,T,F,F,F,F,T,F,T,F } and I want to send to an "AND" gate bArr[0] together with  &qu [More]
yadda yadda yadda, forget all those other topics, when are we gonna get to view pdf's in firefox? it's 2009 PEOPLE.. (don't be givin me no whack 3rd party answers, you all know very well what i'm talking about)I have been viewing PDF files in Firefox [More]
Hi, We are working on Oracle 9i bi-directional Stream replication. After set up, and sufficient amount of testing from our side, we are facing fatal error in Capture process in one of the database. Both the db srvr are having similar set up parameter [More]
Can I have some info on Dunning Process In Credit ManagementLet me explain in simple terms: 1) You have a Customer which you had felt, he is doing good business and supplied material on Credit of 45 days. 2) Since this customer is good as you felt, y [More]
I bought CS6 several months ago.  Only in the past few days it has started requiring that I sign in to Adobe each time I run the program AND it requires me to enter the Serial Number each time.  How do I get it to remember that this is a paid, licens [More]
Hi, using DVDSP4, I created a drop zone, then dropped a still photo asset into the drop zone. I need to now move the asset, that is, show a different portion of the asset in the drop zone. How do I do that? THANKS!Didn't want to start a new thread... [More]
Hi, I have trying to help my client to use Folio Builder to create Folios and publish them onto iPad. He created login on acrobat.com and all works fine online. But when he tries to login into folio builder in InDesign with same login information, he [More]
Good day Experts, Is it possible for Profit & Loss Report to have 2 Selection Criteria? our client wants to have Profit & Loss Report per Product  (Project) & Branch (Dimension). We tried to create an A/R & A/P Transactions with Project &a [More]
Hello, I am brand new to workflow. At my client a Manager is responsible for approving his/her subordinates' timesheets. However - if that Manager is absent, they want the Manager's Supervisor to be able to view and perform the approvals for all of h [More]