• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

applet-signing and java.policy files and all that

 
Nick George
Ranch Hand
Posts: 815
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to make an applet that uses OpenGl, which in turn uses native code to do graphics. I get the following errors:

java.lang.ExceptionInInitializerError

Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.jawt)

Ernest said that it has something to do with "applet-signing and java.policy files and all that," but confessed he was unsure of what to do.

Personally, I have no idea what he's talking about, and I appologize for my borderline-double post, but I am now able to give a more descriptive title, so I decided to go ahead and do it.

Thanks,
Joe.
 
Joe Ess
Bartender
Posts: 9337
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Java Applets run inside a secure area called the "sandbox". They are not permitted to do certain things (access local files, connect to servers other than the one they downloaded from and so on) that could be used by a malicious applet to cause problems. If you want to circumvent these protective barriers you must digitally sign your applet. Digitally signing does two things, it identifies you as the author of the applet and it insures that the applet has not been altered. A policy file is used in this scheme to spell out exactly what security barriers the applet is circumventing. Take a look at Advanced Programming for the Java 2 Platform Chapter 10: Signed Applets for an example.
 
Nick George
Ranch Hand
Posts: 815
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks alot. As I understand that chapter, for me to make the applet, I'd need every visiter to it futz around with some kind of keytool. In other words, I'm outta luck.

But thanks anyway.
 
Joe Ess
Bartender
Posts: 9337
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the user doesn't use the keytool to import the certificate they will get a warning that the certificate may be invalid or otherwise untrustworthy. This is because in the tutorial we created the certificate ourselves. If you purchased a real certificate or imported the fake one with keytool, they would be warned that an applet signed by <some identity> is requesting permission to screw with their system. Any way you shake it, the user will have to authorize access. They do not, however, have to futz with keytool.
 
Nick George
Ranch Hand
Posts: 815
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Excellent. Many Thanks!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic