I was in the process of turning my jar that reads and writes files into an applet. It displays properly until I add in the read and write function. Then Firefox just shows a black box (no error popups).
I have done a lot of research and it seems in order to get it to work I need to have the applet signed and then it will ask the user for permission, however I also read that I can't make an applet write files and it must be server side.
So my question is can I make an applet read and write files without sever side scripting?
and if so how do I get my applet signed (I read some tutorials but I'm kinda new to this).
An applet that is signed can read and write files on the local machine.
There are two types of certificates that you can use, the first is a certificate you create with keytool, an app that comes with the JDK. The second option is to sign an applet with a certificate from a Certificate Authority like Verisign.
The difference is that the self made certificate will show warning messages to the client specifying that the certificate isn't trusted. This is just a warning, but can scare users. The downside of a certificate from a real certificate authority is that it cost money.
To generate a certificate use
keytool -genkey
then to do the signing, it depends how you build your applet.
For instance if you use Ant, there is a signjar task that will sign the applet.
So my question is can I make an applet read and write files without sever side scripting?
Sure, and in a 1.6.0_10+(1) JRE (the 'Next Generation' plug-in), it does not even require the Jars to be digitally signed.
An applet deployed using Java Web Start in a next gen. plug-in has access to the JNLP API services. The FileContents object of the API provides basic I/O. Here is a demo. of using the FileContents (the source is also available at the link).
(1) Note: JWS could launch free-floating applets since Java 1.2. But with 1.6.0_10+ a JWS applet can remain embedded in a browser window (for Win. & *nix at least - I hear 'no Mac.').
Related
I'm using the following link to access JNLP API's:
Using Filechooser
The project: JWSFileChooserDemo
Basically I want an Open and Save dialog box to get "text" file from user, saving it on server, reading it, processing etc and then showing the same .java file on Website.
For the above 2 lines I've tried:
1. "Integration of Applet with Web Application", this integration works correctly but integration of "Applet .jar file in Web Application" restricts the reading of file.
2. Then I used Servlets to do the same job, but file reading doesn't works therefor me.
3. Now, I'm using JNLP, Java Web Start for the same.
But according to what I've read on the website, the applet should be signed for these file operations. Under NetbeansIDE there is an option to enable WEB START and self-signing an applet. But this doesn't work for me.
I created the same program as mentioned in the link(using javax.jnlp), but after clicking on Open, it is looping towards else statement which shows "User cancelled save request.".
I think, the above error is due applet is not signed properly as when I run the JNLP file given on the link..it asks for following confirmation i.e.
So, should I sign an applet using Project properties->WebStart->Enable WebStart->signing->self-signing by generated key or by signing it using keytools which generated certificate i.e .crt file. Is there any other way to do this?
Is there any other way to do this?
It is possible to use the JNLP API services in an unsigned application. Having said that, Oracle has decided that in a future JRE, unsigned code will not be loaded at all (using the default security preferences).
Note that those two linked pages refer to two different ways to load files.
'Using Filechooser' uses the JFileChooser provided with Swing. An applet/JWS app. that uses a file chooser needs to declare all-permissions in the launch file.
The JWSFileChooserDemo demo. OTOH, uses the JNLP API file services, and would produce a prompt at run-time similar to the one shown. At the moment these do not need to be signed.
As far as 'self signed' goes, Oracle has also put warnings against using that. The publisher of a self-signed app. at the moment, will show as UNKNOWN with extra warnings about accepting code from unknown sources. In the future, the JRE will also automatically reject self-signed code.
For the longer term, the only real option is to supply a digitally signed app. Signed using a verified certificate from a Certification Authority.
Here is what I want to do:
user creates document (html)
edit -> save PDF on server
ask if user wants to sign the document
(yes) here is the problem
(no) no problem
???? (not important)
So now the problem I face is how to do that (yes) in step 3. If the signature is on the server no problem, I have some html->php->pdf classes that can sign with digital signatures but the signature must be on the server as a file. The question is, how can I do it directly on the server. The user chooses yes, the signature is read (from his reader on his computer) and send to the server and signing is done. Here I believe I can't do it without something like Java or so. In my opinion PHP and JavaScript sure as hell aren't going to be enough for this action.
Has anyone ever encountered a problem like that? Maybe some ready to use library?
P.S. not quite sure if the tags are correct, but couldn't figure out which to put.
If the certificate with a private key is on the client, then you need a client-side module to do signing. JavaScript won't be enough as it won't have access to the key on the client. While you can try calling CAPICOM from JavaScript, this is a partial (no PKCS#11 support), Windows-specific and obsolete solution. Better option is to have a browser applet written in Java that will perform signing (see below).
Our SecureBlackbox product has a distributed signature add-on which does exactly what you describe (PHP, Java, ASP.NET and compiled modules are supported at the moment). You can see the scheme how the add-on works:
In our product we offer pre-built browser modules - Java Applet, ActiveX control and Flash applet, yet Java applet is in most cases enough as it can access PKCS#11 storages and Windows Certificate storage on Windows. For browsers that don't support Java applets SecureBlackbox allows to use the applet via Java Web Start, as an external "application".
You will probably need to re-create this complete scheme, however it's a big trick to calculate the hash on the server and pass it to the client for signing and then embed the signature back to the document.
It would probably be easier to transfer the complete document to the client and have a Java applet that will sign that document using iText or Java edition of our SecureBlackbox and then upload the document back to the server.
I coded a Java program to read and modify a file on the computer. The program is based only on 1 class.
At the moment who want to use it has to run it from terminal, I'm looking on how to insert it on a webpage and make it run on the visitor's computer. It would be fine to have a file chooser (the user will want this modification).
I searched on internet and found Java applets, but I read that they aren't downloaded and executed locally so the program won't work.
How to provide a Java class file from a webpage, for use on the computer of the end-user?
If you really want to download a Java program and run it locally, you should check out Java Web Start.
Briefly, it allows the user to download and run a Java program locally on their machine. It does clever stuff like identify if an updated version is available for download, and will run the cached version if that's the current version.
Here's a tutorial.
..it would be fine to have a file chooser ..
In that case, there are basically the two options as I've outlined in comments throughout this question & the answers. I'll collect them together here:
Digitally sign the applet, get the user to accept the digitally signed code when prompted (before the applet is loaded), then offer a JFileChooser to browse to the file.
If the user has a plugin 2 JRE (chase the links in the JWS info. page for more details), it is possible to deliver the applet to the user unprompted, then leverage the JNLP API to produce a file chooser. The user will be prompted before the dialog appears, this time with a more specific warning.
JWS
For an example, see my applet based GIF animation tool which uses the JNLP API when the user goes to load image frames or save the animated GIF.
That applet is not open source (mostly because of my laziness in not wanting to revisit & tidy the code) but there is a much better example of using the JNLP file services that comes complete with source.
Digital signatures
I don't have any great links about the process of digitally signing code, but note that the 'example of using the JNLP file services' listed above provides one set of signed Jars for 2 different security environments. It also (hopefully obviously) demonstrates how to digitally sign code using Ant (it all happens by invoking the default task in the build.xml).
Applets can modify files locally, if they are signed and the user allows them to.
Read up on signed applets.
I read that they aren't downloaded and excuted locally
Whereever you read that, it is 100% incorrect. Applets are downloaded into the browser and executed at the client host.
I built a quick applet to record audio and send the audio to a server. Everything works great with exception of the policy file issues. I can't very well have users open up the policy tool and edit the permissions for applets, as I'm sure that would turn off 100/100 users. Are there any options anyone can think to get around it? Is there a way to have the applet prompt them for acceptance like in Flash?
PS It's a Node.JS server. How funny, a Java client talking to a JavaScript server :)
Is there a way to have the applet prompt them for acceptance..
Digitally sign the applet code. See Signing and Verifying JAR Files for more details.
Don't they (the end user) have to import the key to their keystore?
Short answer, no. Long answer, the end user only has to click 'OK/Yes' when prompted to trust the digitally signed code, and whatever importing may be required happens automatically.
Try the trusted version of the file service demo. for a taste of how it might be for the end user (i.e. 'easy').
I know similar questions have been asked but i have searched for hours and as of yet have not come up with a workable solution.
I have a Java applet which will be a "paint" like application. So, I need the user to be able to upload images from their file system. I first tried using a JFileChooser which works great in the eclipse environment. However, when put online i get a "java.security.AccessControlException: access denied" exception.
I was thinking that perhaps within the applet i could call a script (located on my server) which would prompt the user to select a file - but i have no idea how to do this. I am using zymic web hosting, so the only supported scripting language is PHP.
I also tried signing the applet. Since i don't want to spend money on certificates, i self signed the applet. When i tried running it, I got an error stating "The Publisher Cannot Be Verified By A Trusted Source".
Any help would be greatly appreciated. - Thanks:)
A trusted applet can most certainly load files from the local file-system. The "Publisher Cannot Be Verified By A Trusted Source" message that is produced by self-signed applets is onerous & scary (for good reason), but if the user OKs it, it works just fine.
Here is a small demo. of exactly that.
Since the 'Next Generation' Plug-In, even sand-boxed applets can access the local file system. See the last 2 links on the Applet tag info page for further details.
Here is an applet that uses the Next Generation file abilities.
Unsigned applets can not access the file system for security reasons.
There is a tutorial about uploading files using PHP here
Maybe you can work that into your page in order to allow the file to be uploaded and then load it from your web server with the applet.
Do keep in mind the warning at the end of that example under the section "php - file upload: safe practices"