• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Stop asking for permissions on the Java Plugin.

 
Jorge Montes
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Here's the problem. On my system there is a document that you have to print with a java applet. The applet prints a document and then writes success (or error) on a text file. Oracle has been strengthening security on the Java Plugin used by clients, now, when you try to use external resources (such as printer or Hard Drive) you have to ask for client's permission. We have fixed it by lowering the security on the plugin Control Panel. It worked for a while but the plugin is constantly asking for permissions in each use of resources. Users are mad by this behavior.

We have no other choice that start signing the applet and for some administrative reasons (that i don't get) we are not buying the certificate, we are going to be our own Certificate Authority (CA). This is what i have done (i followed this tutorial):

1. Created a CSR (Certificate Signing Request) with my keytool.
2. I sent the .csr file to my CA (from my company) so they produce the certificate.
3. They sent me 2 files, one was the certificate .cer and the other one was a .pb7 file (i do not get why i need the last one).
4. Installed the .cer file to my keystore (jks) with the keytool.
5. Signed the applet and its related libraries with an ant script. It worked ok, the only problem is that i could not make the verification i suppose its because my company it's the CA. So the signing was ok, but the verification was not ok.

It Returned:

Do you think there is some problem with the certificate?.
Anyway, i moved forward and skipped that verification.
I made an EAR file of the application with the applet and its jars signed, now the sysadmins (Of Websphere Application Server) are asking me where they should put the certificate in order to this works on every client. And i really don't know. Can someone explain me if the certificate suppose to be on the application server?, or maybe on other place? am i doing something wrong?

Thanks in advance
 
Paul Clapham
Sheriff
Posts: 21548
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you have a self-signed certificate then the applet plugin isn't going to routinely trust the applet you signed with it. Instead it will ask your users to confirm that they trust it every time they load it.

If that isn't what you want then your administrators should reconsider their decision.
 
Jorge Montes
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your response. But what if the client computer is on a windows domain and sysadmin might be able to install remotely the certificate or install it on the Websphere Application Server so the user can trust it once and never need to do it again. Am i wrong?
 
Paul Clapham
Sheriff
Posts: 21548
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know. I've heard about people trying to install things on the client's machine like that but I never tried it. (Because it was completely impractical for our client base even if we had wanted to.) Apparently there's a "java.policy" file which you can install but all I know about it is that people post here when they can't make it work.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic