• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

about applet signature

 
Ranch Hand
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
there is a link has a sample and article about applet
signature
http://www.esus.com/javaindex/j2se/jdk1.2/javaxswing/toplevelcontainers/japplet/jappletsec/signjappcontrol.html
I read this article .but i have a question about follow sentences

What happens when you download a signed applet is this: the browser downloads the JAR file and checks whether it is signed. If it is, it will check the security policy configuration file whether the "usePolicy" RuntimePermission is set. There are two policy files, a system-wide one, (JRE_HOME/lib/security/java.policy) and a user specific one (USER_HOME/.java.policy). In my case, my system-wide one is at C:\Program Files\JavaSoft\JRE\1.3.1\lib\security and my user one is at C:\Windows\.java.policy. When the plug-in starts, it will concatenate both of them together and use them as a security policy for the rest of the session. If the usePolicy permission is set, security is controlled based on the permissions that are set in the policy files, even if you have an RSA signed applet signed by a trusted authority that wants full control over your client's machine. This allows you to have finer-grained security control over what your signed applets are able to do.

but i also find two java policy file in my pc which is win2k
fisrt java.policy file
c:\program files\javasoft\jre\1.3.1\securtiy\java.policy
second java policy file
c:\jdk1.3.1\jre\lib\security\java.policy
but which is my user java policy file?
i put modified java.policy
into those two directorie.
even i put it into c:\documentsandsetting\walter(my user name)
my modified java.policy has even more permissions
it is like belowings
grant {
permission java.lang.RuntimePermission "usePolicy";
permission java.io.FilePermission "C:${/}esusfoo", "write";
};
but when i try click this link as article said.
If you run this signed applet (http://www.esus.com/applets/WriteTwoFiles.html), using the same modified policy file, esusfoo was successfully accessed but, a AccessControlException is thrown in accessing esusfoo2, as expected.
results are : both files are accessdenied exception
why???

thanks in advnace
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic