I built a quick applet to record audio and send the audio to a server. Everything works great with exception of the policy file issues. I can't very well have users open up the policy tool and edit the permissions for applets, as I'm sure that would turn off 100/100 users. Are there any options anyone can think to get around it? Is there a way to have the applet prompt them for acceptance like in Flash?
PS It's a Node.JS server. How funny, a Java client talking to a JavaScript server :)
Is there a way to have the applet prompt them for acceptance..
Digitally sign the applet code. See Signing and Verifying JAR Files for more details.
Don't they (the end user) have to import the key to their keystore?
Short answer, no. Long answer, the end user only has to click 'OK/Yes' when prompted to trust the digitally signed code, and whatever importing may be required happens automatically.
Try the trusted version of the file service demo. for a taste of how it might be for the end user (i.e. 'easy').
Related
First I would like to thank this excellent site for all the help for the developers.
I am facing a problem that I need the user to browse to a specific folder on his/her machine then click the submit button.
I like to get all the filenames and types from this folder and read it in a servlet.
Idon't need upload functionality, I need to read the filenames and types in the selected folder.
Is this possible?
Thanks in advance.
The problem with reading the local file system from a web-page within the browser is the sandbox the browser runs in. Normally, you are not able to get out of that sandbox to read the local file system in such a way.
There are a few way around that, for Java you could use a signed applet, or you could use an signed ActiveX control.
Both shouldn't be that difficult, but the Java applet will have a better support all round, since the ActiveX only works on windows.
It's the signing that will become the real problem though. Is this something in a contained environment, or for the actual internet for everyone there to be able to use?
If it's a contained environment, you might be able to pull it off using a self signed certificate. Else you will need a certificate from an actual certificate authority. These can get pretty expensive.
I coded a Java program to read and modify a file on the computer. The program is based only on 1 class.
At the moment who want to use it has to run it from terminal, I'm looking on how to insert it on a webpage and make it run on the visitor's computer. It would be fine to have a file chooser (the user will want this modification).
I searched on internet and found Java applets, but I read that they aren't downloaded and executed locally so the program won't work.
How to provide a Java class file from a webpage, for use on the computer of the end-user?
If you really want to download a Java program and run it locally, you should check out Java Web Start.
Briefly, it allows the user to download and run a Java program locally on their machine. It does clever stuff like identify if an updated version is available for download, and will run the cached version if that's the current version.
Here's a tutorial.
..it would be fine to have a file chooser ..
In that case, there are basically the two options as I've outlined in comments throughout this question & the answers. I'll collect them together here:
Digitally sign the applet, get the user to accept the digitally signed code when prompted (before the applet is loaded), then offer a JFileChooser to browse to the file.
If the user has a plugin 2 JRE (chase the links in the JWS info. page for more details), it is possible to deliver the applet to the user unprompted, then leverage the JNLP API to produce a file chooser. The user will be prompted before the dialog appears, this time with a more specific warning.
JWS
For an example, see my applet based GIF animation tool which uses the JNLP API when the user goes to load image frames or save the animated GIF.
That applet is not open source (mostly because of my laziness in not wanting to revisit & tidy the code) but there is a much better example of using the JNLP file services that comes complete with source.
Digital signatures
I don't have any great links about the process of digitally signing code, but note that the 'example of using the JNLP file services' listed above provides one set of signed Jars for 2 different security environments. It also (hopefully obviously) demonstrates how to digitally sign code using Ant (it all happens by invoking the default task in the build.xml).
Applets can modify files locally, if they are signed and the user allows them to.
Read up on signed applets.
I read that they aren't downloaded and excuted locally
Whereever you read that, it is 100% incorrect. Applets are downloaded into the browser and executed at the client host.
I know similar questions have been asked but i have searched for hours and as of yet have not come up with a workable solution.
I have a Java applet which will be a "paint" like application. So, I need the user to be able to upload images from their file system. I first tried using a JFileChooser which works great in the eclipse environment. However, when put online i get a "java.security.AccessControlException: access denied" exception.
I was thinking that perhaps within the applet i could call a script (located on my server) which would prompt the user to select a file - but i have no idea how to do this. I am using zymic web hosting, so the only supported scripting language is PHP.
I also tried signing the applet. Since i don't want to spend money on certificates, i self signed the applet. When i tried running it, I got an error stating "The Publisher Cannot Be Verified By A Trusted Source".
Any help would be greatly appreciated. - Thanks:)
A trusted applet can most certainly load files from the local file-system. The "Publisher Cannot Be Verified By A Trusted Source" message that is produced by self-signed applets is onerous & scary (for good reason), but if the user OKs it, it works just fine.
Here is a small demo. of exactly that.
Since the 'Next Generation' Plug-In, even sand-boxed applets can access the local file system. See the last 2 links on the Applet tag info page for further details.
Here is an applet that uses the Next Generation file abilities.
Unsigned applets can not access the file system for security reasons.
There is a tutorial about uploading files using PHP here
Maybe you can work that into your page in order to allow the file to be uploaded and then load it from your web server with the applet.
Do keep in mind the warning at the end of that example under the section "php - file upload: safe practices"
I have a signed applet on a website. Because of this, the Java security dialog appears, and the user needs to grant permission to the applet before it can do it's work. What I want to do is this:
I want the website to explain the
security dialog box to the user
before it comes up. The page will
show some explanation text in a div,
and after a few seconds, the security
dialog will appear.
If the user already allowed the certificate in a previous session, it should
just run the applet without any extra
dialog.
The problem is that the security dialog appears as soon as the applet is embedded in the page. I can delay embedding, but there's no way to check it's permissions from the applet itself, since it needs to do it before it's loaded.
Perhaps I could load a second, normal applet that runs invisibly, and checks the permissions. But how would I go about doing that? Are there any Java classes that can check if a certificate has been trusted by the client?
Thanks.
You can check the certificate and signature of a JAR file programmaticly, just as the JVM would when loading the applet. It's not gonna be easy, but, at least at first glance, you're going to have to do this:
Use a hidden applet to download your JARs and verify their certificates, like the applet viewer would. You can do this manually using the java.security.cert package. The best way to figure out how to do that was the JarSigner source code, especially the verifyJar(). Something like:
// download the JAR
URL url = new URL("jar:http://mywebsite.com/myjar.jar!/");
JarURLConnection jarConnection = (JarURLConnection)url.openConnection();
// get the certificates and other security stuff
CodeSigners[] codeSigners = jarConnection.getJarEntry().getCodeSigners();
Certificate[] certificates = jarConnection.getJarEntry().getCertificates();
// verify the signatures
// don't know the code, but you can analyze JarSigner example at http://download.oracle.com/javase/tutorial/security/toolfilex/rstep2.html
Use LiveConnect (maybe something else?) to set a cookie so you know "if the user already allowed the certificate in a previous session".
Launch your applet, possibly depending on the results of (1) stores in cookies created in (2).
I haven't give this that much thought, so there might be a better way. Good luck, and post back!
I was in the process of turning my jar that reads and writes files into an applet. It displays properly until I add in the read and write function. Then Firefox just shows a black box (no error popups).
I have done a lot of research and it seems in order to get it to work I need to have the applet signed and then it will ask the user for permission, however I also read that I can't make an applet write files and it must be server side.
So my question is can I make an applet read and write files without sever side scripting?
and if so how do I get my applet signed (I read some tutorials but I'm kinda new to this).
An applet that is signed can read and write files on the local machine.
There are two types of certificates that you can use, the first is a certificate you create with keytool, an app that comes with the JDK. The second option is to sign an applet with a certificate from a Certificate Authority like Verisign.
The difference is that the self made certificate will show warning messages to the client specifying that the certificate isn't trusted. This is just a warning, but can scare users. The downside of a certificate from a real certificate authority is that it cost money.
To generate a certificate use
keytool -genkey
then to do the signing, it depends how you build your applet.
For instance if you use Ant, there is a signjar task that will sign the applet.
So my question is can I make an applet read and write files without sever side scripting?
Sure, and in a 1.6.0_10+(1) JRE (the 'Next Generation' plug-in), it does not even require the Jars to be digitally signed.
An applet deployed using Java Web Start in a next gen. plug-in has access to the JNLP API services. The FileContents object of the API provides basic I/O. Here is a demo. of using the FileContents (the source is also available at the link).
(1) Note: JWS could launch free-floating applets since Java 1.2. But with 1.6.0_10+ a JWS applet can remain embedded in a browser window (for Win. & *nix at least - I hear 'no Mac.').