I'm under Ubuntu and I have already installed icedtea.
the is the applet I'm trying to execute is auto signed.
I know that there is a security config under icedtea to prevent such applet to be run.
I'm asking where/how can I add an exception so that website will be authorized to run his applet ?
You must add your certificate (the one you used to sign the applet) to your keystore.
The way to do this depends on your browser and operating system, you'l need to specify these for more help.
Related
I am working on a small java applet tool, among other things to load some images from the hard disk, and upload them to the host server.
The problem is that I don't want a verified CA to sign it, and I need the Java security settings still on "high" in the Java control panel.
The applet should run on few computers, and is not publicly available.
Now when I load the HTML page, with the security settings on "high" (default/recommended), the JRE blocks this applet because it is not CA signed. Security set to "medium" works fine, but the security settings should not be lowered only for this tool.
Is there any way to sort of add this applet as a "trusted applet", allowing it to read files and connect it to the host server through a socket connection?
Thanks
Try adding yourself as a root CA on the browsers concerned.
Is it possible (maybe using Java security) for a Web Start application to write a file into java.home\lib\ext on the client's Windows XP?
I need this regardless of the user credentials as defined by Windows.
I don't think it is possible - while you can give the permission to escape the sandbox to a signed web start java app,this will run with the windows user privileges, which is not necessarily in the "administrators" group.
I have signed a Java Applet jar using Verisign certificate.
When Java Applet is run from a html/javascript , a dialog box appears which asks whether the unknown certicate needs to be trusted or not & the Java Application should be run or not. When clicked on Run button(indicating Agreed) & checking(ticked on) the checkbox which indicates that the user is not asked everytime , the Java Applet window is displayed.
Kindly confirm whether even after signing the Java Applet with a certificate which belongs to a trusted thirty party Certifying Authority(CA) like Verisign , the first alert dialog asking for confirmation whether to run the untrusted Java application is normally asked or not.
That depends on the browser's configuration. Unless the signer of the certificate is one which the browser has already been configured to accept automatically, the user will still be prompted to accept the certificate at least once.
Remember, your code is asking permission to perform privileged actions on the user's machine. Just because your identity has been verified by a trusted third party, doesn't mean that the user must automatically trust your code.
To clarify Dan's answer: Yes, it will always ask the user the first time. This is the default configuration of the Java plug-in. The configuration could be changed, but that would be a very bad practice.
My website uses SSL and takes them directly to a Java applet after login. The applet yields a warning screen proclaiming that the website's certificate can't be verified. After clicking "Yes" to continue anyway, a second pop up appears with:
Identification required. Please select certificate to be used for authentication.
Underneath that message, there is a white box that I assume is supposed to list certificate options. Mine doesn't have any options, so I am forced to click "OK" and the applet doesn't load.
The certificates for the website are installed on the browser. I also installed them by right-clicking on the Java icon within the Windows task bar, clicking "Open Control Panel" and installing them through the Security options.
Nothing seems to work. Does anyone have any ideas?
You have your Tomcat or whatever configured to request or require SSL client certificates. The effect at the client is the same for both: an incoming CertificateRequest. So it pops up the 2nd dialog. If you cancel and it is 'request' not 'require', the applet should load.
I have had numerous problems with applets and HTTPS recently, including what look like Java plugin bugs, and have concluded that the answer is really to load them via HTTP in plaintext.
The first dialog should be fixed by not using a self-signed SSL certificate.
I created a JApplet using Netbeans 6.5.1 that accesses a database. When the program is run by itself, it runs perfectly. The issue is when you try to put it online using a web application in Netbeans, it will not access the database. I was told by somebody that the problem is that Java security will not allow you to do this. Is this correct? How do I fix this problem? Thanks.
As already mentioned, an unsigned applet can only make network connection to the host from which the applet originated. However, if the database is hosted on a different server than the originating applet then you will have to make the applet signed. If the application is not for production use, you can self sign the applet (not suitable in production use where the signing has to be done by a trusted Certificate Authority. Certificate authorities typically charge a fee for the service of validating their clients' credentials.) However, for testing and demo purposes, you can create a self-signed certificate. With self-signed certificates, the browser displays a warning to the user mentioning that the information given in a self-signed certificate has not been validated by a trusted third party (Certificate Authority).
For self signing the applet take a look at the following links:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
The other things to keep in mind are the JDBC driver types to use. Type-1 and Type-2 drivers are not suitable to be used within applet due their dependence on native binary code. Type-3 and Type-4 are ones you should be using to connect to database from within an applet.
The best solution is to NOT make database connection from an applet (if possible) but instead use a server side application to connect to the database on behalf of the applet.
as Clint pointed out, an applet is only allowed to connect to it's origin server.
to work around this, you can sign your applet with a certificate from a root authority, but certificates cost 200-400$/year.