Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

another signed applet question

 
Joe Crew
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Ive been trying to get a signed applet to work with no success. I need to be able to read files on the user's machine. I need a way to read a single file on the user system without prompting the user of any security issues. Of course it runs with the applet viewer but that doesn't help me, it has to be run from IE. Here are my preconditions that I have to follow, jdk1.1.8 and Internet Explorer 6.0. I do not have to deal with Netscape as this will be an Intranet applet and we only support IE (not my decision). If there is some other method to deploy an applet that will let me read files on an Intranet please feel free to let me know. But here is what I have done so far with my Duke example from Sun. And please don't just provide me a link to the Duke example. This is where I got this from and I can't get it to work. Am I missing setting something up on my browser. If you think that I might please let me know and the specific setting. Also I cannot use any pluggins because I have to get this to work on a custom web browser called Ice Browser that does not allow pluggins. Am what I am trying to accomplish even possible?
%>javakey -cs "Duke" true
%>javakey -gk "Duke" DSA 512 Duke_pub Duke_priv
%>javakey -gc cert_directive_Duke
%>jar cf demo.jar readFile.class
%>javakey -gs sign_directive_Duke demo.jar
%>del demo.jar
%>move demo.jar.sig demo.jar
Then when I launch the html file, readFile.html, I get a security exception. Here is my code.

=========== html file ===================
<html>
<head>
<title>File Tester</title>
</head>
<body>
<APPLET
CODE = "readFile.class"
NAME = "readFile"
MAYSCRIPT
WIDTH = 500
HEIGHT = 400>
</APPLET>
</body>
</html>
========== cert_directive_Duke ==========
issuer.name=Duke
issuer.cert=1
subject.name=Duke
subject.real.name=Duke
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US
start.date=14 Nov 2001
end.date=6 Apr 2010
serial.number=1001
out.file=Duke.x509
============ sign_directive_Duke =========
signer=Duke
cert=1
chain=0
signature.file=dukeSig
Joe Crew
 
Manfred Leonhardt
Ranch Hand
Posts: 1492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI Joe,
I think the catch will be "don't even ask the user". As I understand it, that is not possible with JDK1.1.8. You must get a package called: com.ms.security from microsoft. You then need to query the user about the action you want to perform using the PolicyEngine and PermissionID(s). I never personally got it to work with IE, so I was glad about the plug-in.
Good luck,
Manfred.
 
Tim Holloway
Saloon Keeper
Posts: 18367
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Some confusion here. Are they using IE or Ice Browser? Or is it that Ice Browser is using the MS IE components? In any event, since there's no industry-wide standard for signed applets, the IE signing might not work with Ice Browser. Just to complete the mess, since IE 6 lacks Java support, anyone who isn't upgrading will have to have the Sun Java plug-in installed and its signing mechanism is different from IE's.
Having a com.ms package that overrides the security might work, but obviously Microsoft isn't going to support it with their present attitude.
Perhaps the cleanest approach is to standardize on the only supported method - the Sun Java plug-in (benefit - you can take advantage of Swing and other post-1.1 features while you're at it). Unfortunately, this may annoy the user twice - once to install the 5MB plug-in and once to accept the signing certificate - but it is a straightforward process and it only happens the first time they run the applet.
An alternative may be to consider the system as a Windows application installation. If the applet can run outside a web page (i.e. stands alone and not part of a web app), make it a Java Application and bundle it up using one of the Windows installer programs.
Even if you can't do that, you could use an installer to handle the plug-in and certificate stuff. At the least, then, it would appear "respectable", as though it were Lotus Notes or something.
The nice thing about that is that if someone forgets to run the install, the web browser will prompt to install the plugin and certificate for them. If they complain, you're covered, if not, they're covered.
 
Joe Crew
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,
Thank you Manfred and Tim for your lengthy and detailed responses. I had a feeling I could not do what I wanted to do under jdk118 but I have no choice in the matter. To answer Tim, the user will using both Ice Browser and IE. We have developed an embedded system and on the system they will use the Ice Browser exclusively. These embedded devices will reside on an intranet and "supervisors" will be able to access the embedded device from their own personal PC. On a side note we're forcing them to use IE (again not my decisions here). So the entire interface is a web browser that "seems" to be an application. This is why I listed both browsers. The OS on the embedded device is wind river and thier OS right now only supports JDK118, thus my other restraint. Since this embedded system will pretend to be an application in every shape and form (even though they are using a web browser actually), we cannot be popping security warning dialogs at them when they want to perform a text editing operation. We also cannot force them to use the plugin because ICE Browser supports no such thing. Ice in fact was written in Java so there next to no compatibility to IE 6.0 other than they are both web browsers and both say they adhere to W3 standards.
Now now that you know all my limitations I have to abide by with no exception, you know what kind of boat I am in. I wish I could use the plugin but that does not solve my problem with the embedded device itself.
Thanks for your detailed and informative responses.
Joe Crew
 
Joe Crew
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi again,
Follow up question. The reason I am trying to make the signed applet work is because I am having font problems. Perhaps someone will have an answer to this. Again I am using jdk118 and cannot use anything else.
I've created a text editor applet using a jtextpane, jbuttons, jcombos, and so on. There are cut, copy, paste, and mark button, in addition to a font size and font style combo box. The font size jcombo works fine. The font style combo does not. In the jtextpane I am using something like the following:

This sets the font size correctly but the font family (or style) does not change. In my font.properties file in my \lib directory I have added a line like the following:
comic.0=Comic Sans MS, ANSI_CHARSET
Nothing has worked. Then just for fun and to save my sanity I converted my applet to an application again using jdk118. Perfection. It ran great no problems. I could change to any font I wanted to using the code above and as long as I added my font to the font.properties file.
So now I am trying to figure out why the applet is not changing it's font like the application. A co-worker here suggested
"hey, maybe since the font.properties file is a file and the applet is trying to read it, and since applets can't read files, maybe it is a security issue." He then told me to change my current applet to be a signed applet and see if it would fix my problem. Thus, this was my first question to begin with with signed applets and jdk118. But, if anyone else knows detialed information about fonts under jdk118 and why they work with applications and not applets, please pass it along.
Thanks for everything,
Joe Crew
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic