Sitemap

Amicuk Programming Answers

How to sign java applet policy to end user?

-0001-11-30   Views:0

Advertisement

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE? can anyone help me?I found this some where else. It shows how to sign an applet. START OF DOC How To Sign a Java Applet T

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE?
can anyone help me?

The replay answer
Advertisement
I found this some where else. It shows how to sign an applet.
START OF DOC
How To Sign a Java Applet
The purpose of this document is to document the steps required to sign and use an
applet using a self-signed cert or CA authorized in the JDK 1.3 plugin.
The original 9 steps of this process were posted by user irene67 on suns message forum:
http://forums.java.sun.com/thread.jsp?forum=63&thread=132769
-----begin irene67's original message -----
These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).
The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...
1. Create your code for the applet as usual.
It is not necessary to set any permissions or use security managers in
the code.
2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3 path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is any password. Only Sun knows why...
perhaps ;-)
3. Generate key: keytool -genkey -keyalg rsa -alias tstkey
Enter keystore password: *******
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
correct?
[no]: yes
(wait...)
Enter key password for tstkey
(RETURN if same as keystore password):
(press [enter])
4. Export key: keytool -export -alias tstkey -file tstcert.crt
Enter keystore password: *******
Certificate stored in file tstcert.crt
5. Create JAR: jar cvf tst.jar tst.class
Add all classes used in your project by typing the classnames in the
same line.
added manifest
adding: tst.class(in = 849) (out= 536)(deflated 36%)
6. Verify JAR: jar tvf tst.jar
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF
849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
7. Sign JAR: jarsigner tst.jar tstkey
Enter Passphrase for keystore: *******
8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar
130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF
183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF
920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
(tstkey)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
9. Create HTML-File for use of the Applet by the Sun Plugin 1.3
(recommended to use HTML Converter Version 1.3)
10. (Omitted See Below)
-----end irene67's original message -----
To make the plug-in work for any browser you have two options with the JDK 1.3 plugin.
1) Is to export a cert request using the key tool and send it to a CA verification source like verisign.
When the reponse comes back, import it into the keystore overwriting the original cert for the generated key.
To export request:
keytool -certreg -alias tstkey -file tstcert.req
To import response:
keytool -import -trustcacerts -alias tstkey -file careply.crt
An applet signed with a cert that has been verified by a CA source will automatically be recognized by the plugin.
2) For development or otherwise, you may want to just use your self-signed certificate.
In that case, the JDK 1.3 plugin will recognize all certs that have a root cert located in the JDK 1.3 cacerts keystore.
This means you can import your test certificate into this keystore and have the plugin recognize your jars when you sign them.
To import self-signed certificate into the cacerts keystore, change directory to where the JDK plugin key store is located.
For JDK 1.3.0_02: C:\Program Files\JavaSoft\JRE\1.3.0_02\lib\security
For JDK 1.3.1: C:\Program Files\JavaSoft\JRE\1.3.1\lib\security
Import your self-signed cert into the cacerts keystore:
keytool -import -keystore cacerts -storepass changeit -file tstcert.crt
(the password is literally 'changeit')
Now, regardless of which method you use, the applet should be recognized as coming from a signed jar. The user can choose to activate it if he / she chooses. If your applet uses classes from multiple jars, for example Apache's Xerce's parser, you will need to sign those jars as well to allow them to execute in the client's brower. Otherwise, only the classes coming from the signed jar will work with the java.security.AllPermission setting and all other classes from unsigned jars will run in the sandbox.
NOTE: Unless otherwise specified by the -keystore command in all keytool and jarsigner operations, the keystore file used is named '.keystore' in the user's home directory.
The first time any keystore is accessed (including the default) it will be created and secured with the first password given by the user. There is no way to figure out the password if you forget it, but you can delete the default file and recreate it if necessary. For most operations, using the -keystore command is safer to keep from cluttering or messing up your default keystore.

Go to See the other 2 answers

How to sign java applet policy to end user?

Category:DefaultRelease time:-0001-11-30Views:130

i have putted my applet class on server, i want all end users can access it on server, how to sign the java.policy to there JRE? can anyone help me?I found this some where else. It shows how to sign an applet. START OF DOC How To Sign a Java Applet T[More]

Signed java applets not working on lion?

Category:DefaultRelease time:-0001-11-30Views:130

After downloading java plugin on osx Lion, signed java applets fail to start. This is the error I get in java console, seems like the certificate is not imported to keychain? any workaround?: java.lang.reflect.InvocationTargetException     at java.aw[More]

Using external libraries over signed Java applet: InvocationTargetException when running locally with 7u51

Category:DefaultRelease time:-0001-11-30Views:130

We have a signed Java applet that uses external libraries, specifically the OpenOffice application libraries. We have a problem running Java applet with 7u51 of "InvocationTargetException" when use these libraries OpenOffice, that is not signed;[More]

I can't run signed Java Applets

Category:DefaultRelease time:-0001-11-30Views:130

HI I have a java applet where I need to have acces to a local file, but I can't get IE to run the applet. (IE do not come with the Secutiy Warning window.) From the homepage, I run the applet via: <applet name=read_file code="read_file.class"[More]

Signed java applet is very slow with 1.4.2_06

Category:DefaultRelease time:2015-10-11Views:130

We have an application which has a signed jar applets was working fine with Java Plug-in (JPI) version 1.4.1_02. Due to customer requirement they want to run the same applet with JPI version 1.4.2_06, After JPI upgrade the applet is running slow. I a[More]

Signed Java Applet

Category:DefaultRelease time:-0001-11-30Views:130

0 down vote favorite I have written an applet with Netbeans. When I click on Clean and Build then Netbean create a jar file "Test.jar" and also another folder called lib in the same directory. I've signed the Test.jar. Basically this applet uplo[More]

Signed JAVA applet still not connecting.

Category:DefaultRelease time:-0001-11-30Views:130

I have a signed applet that works in my development environment, but as soon as I run it from my website, I get this: basic: Referencing classloader: [email protected], refcount=1 basic: Added progress listener: sun.plugin.util.GrayB[More]

Creating signed Java applet for Netscape 4x

Category:DefaultRelease time:-0001-11-30Views:130

I have created a signed jar with SuperUser privileges under Netscape. public void init() { try { if( Class.forName("netscape.security.PrivilegeManager") != null ) { netscape.security.PrivilegeManager.enablePrivilege("SuperUser"); } cat[More]

Simplest way to sign Java applets

Category:DefaultRelease time:-0001-11-30Views:130

is there a way that i could sign applets without using the command line? its kinda in efficient if i may say. thanks in advance.Maybe an IDE will be able to do it? Or you could create a build script (ant is good), so building your applet (including s[More]

Java applet and vertical scroll bar

Category:DefaultRelease time:2015-10-11Views:130

Hi, We are upgrading from SRM 3.0 to 5.0 and are encountering these 2 issues: 1- When clicking on approval preview users get a Java pop up box titled "request authentication", the warning message is: Identification Required. Please select certif[More]

Java 1.5.09/10 Java Applet on Vista - starts but never downloads files

Category:DefaultRelease time:-0001-11-30Views:130

We are attempting to test a java 1.5.07 compiled and signed Java applet with Windows Vista (from MSDN). Logged in as an administrator on the client PC, we installed the 1.5.09 and the 1.5.10 JRE on the client. We then changed the html of the applet p[More]

Hot
Is there a way to prevent the background color from All-Day-Events in iCal? I would prefer to print/view the calendar w/o the background colors.No one answeredRead other 2 answers [More]
My HP motherboard fried but the hard drive was fine. I extracted it, and put it an external enclosure and made it external. I plugged it in and it shows up on disk utility, but now I don't know what to do. I want to be able to transfer my old files t [More]
hi all , im looking help on the following problem , we currently use configurable materials to manufacture product , currently when an order BOM is created for a sales order using a standard material BOM and for example a part is removed from a phant [More]
I have had d phone for up to 12 months. Although a good phone, I experience frequent refusal to power on. This requires taking it to Nokia care almost on monthly basis. I use only Nokia chargers, & don't allow the battery to drain b4 charging. What c [More]
I'm hoping that I'm missing something really obvious here and someone can kindly sort me out. I've got loads of comp albums. In fact the vast majority of my library is mix CDs from various clubs/DJs/etc. Previously I had the lib sorted by artist and [More]
Anyone know if Blackberry is planning on coming out with a touchscreen that has a hidden keyboard that you can slide out or flip open to?While nothing official from RIM has been stated or published, the blogs have this informatoin on the 9800 "Slider [More]
Hello, I am new to Advance Pricing and I have the following question. I need to develop an API, which returns the price for a given item with out creation an order org Quote. We have defined a formal to calculate the price from 3 pricing attributes ( [More]
How can i retrieve my downloaded podcast and itunes university data files using IOS 5?I don't know about iTunes U files since I don't use them but look for your podcasts in the Music App. Tap on More in the bottom right corner of the app and you can [More]
Hi, Is it possible to delete master data selectively? SE14 or DB02 can be of help? RegardsHi, Please have a look at the below points:. 1.You can only delete the master data record if there is no transaction data exist for the master data that you nee [More]
I have the adobe photoshop cs3 package installed on my work computer for some odd reason all the CS3 programs crash on start up (I'm using windows vista) I can't be bothered finging out the issue because im getting a new work computer and this comput [More]