aspose file tools*
The moose likes Applets and the fly likes how to deploy a Swing Applet that accesses the System Clipboard Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "how to deploy a Swing Applet that accesses the System Clipboard" Watch "how to deploy a Swing Applet that accesses the System Clipboard" New topic
Author

how to deploy a Swing Applet that accesses the System Clipboard

Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Hi,
I have made a swings applet that accesses the System Clipboard. I have generated a policy file and made a self signed jar. This applet when run thru the appletviewer it runs fine and is able to access the clipboard also. I have converted the HTML file with the Sun HTML Converter so that the applet runs through the plugin. How do I make sure that when the user accepts the jar (with certificate), the applet gets the proper policy file? How do i ship the policy file? I want that if the user accepts the authenticity of the jar, he should be able to use the complete functionality including clipboard access without doing any settings etc. on his system.
A prompt reply will be appreciated.
Regards,
Amit
[This message has been edited by Amit Agarwal (edited July 04, 2001).]
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Since nobody else answered this, i am doing it myself. This might be a ready reference for lots of people who are facing the same problem as i was. Yes, i was, because i have figured it out in the last 2-3 days.
Since jdk 1.3 it has become difficult to deploy trusted applets with the java plugin using self signed certificates. For use with the java plugins of earlier versions you can simply import the certificate file in IE by double clicking on it and clicking on the install button. This will be available to the java plugin from the IE certificate repository. Since 1.3 java plugin looks at a "cacerts" file in the lib/security folder of the jre and does not use the IE repository, so you will have to manually import the certificate in the cacerts file on each clients machine.
The procedure is as under:

Procedure for Creating a Certificate
1.Create a key using the following command:
keytool �genkey �keyalg rsa �alias myKeyName
If you have run this command for the first time you will have to enter a password for the keystore. This password will be used later on. The key tool will then ask you your name, name of your organizational unit, organization, city, state, country code and confirmation. It will generate a key in the default keystore.
2.Self Sign the key using:
keytool �selfcert �alias myKeyName �validity 180
The default validity of the key is 90 days, but you can change that using the �validity option and specifying the no. of days. This command will prompt you for a keystore password, which is the same password that you entered in step 1.
3.Generate a certificate file using:
keytool �export �alias myKeyName �file myCertificate.crt
You will be again prompted for the keystore password. This command will generate a certificate file of the given name in the current directory.

Procedure for Creating a Signed jar File
1.Create a jar file for the applet using:
jar cvf myAppletJar.jar myApplet*.class myImage*.gif
Specify the jar file name and all the files to be included in the jar. All classes for the applet should be included and other files like images, resource bundles etc. should also be included.

2.Verify the jar using:
jar tvf myAppletJar.jar

3.Sign the jar file using the self-signed key using:
jarsigner myAppletJar.jar myKeyName
You will be again prompted for the keystore password.

4.Verify the signing of the jar using:
jarsigner �verify �verbose �certs myAppletJar.jar


Procedure for Configuring a Client Machine to accept the Signed jar File
1.Import the certificate in the cacerts file using:
keytool �import �alias myKeyName �keystore c:\progra~1\javasoft\jre\1.3\lib\security\cacerts �file myCertificate.crt
For running this command you will need to copy the myCertificate.crt file on the client machine and use the keytool command to manually import the certificate. This has to be done just once on a client machine for use of any applets that are signed using myKeyName. The jre in the Program Files folder is the default for the Java Plugin. This might be different for different operating systems, or other language windows versions. The certificate has to imported in the cacerts file of the lib/security folder of the jre that the java plugin will use.
2.Grant the applet privileges:
Accept the certificate in the dialog box that pops up when you access the applet using the browser. If you grant a one-time (session) access, the dialog box will popup the next time you access the applet.
---------------------------------------------------------------
Amit

[This message has been edited by Amit Agarwal (edited July 05, 2001).]
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Good news guys,
I have checked the usage of trusted applets with Java(TM) Plug-in: Version 1.3.0rc1-T using JRE version 1.3.0rc1 Java HotSpot(TM) Client VM. It seems sun has solved the problem of not looking at the IE repository. Now, you can simply give a link to the certificate on your web page, and ask the user to install it in their browser. Once the certificate is installed your applet's signature will be verified against the IE repository and the user will be asked if he would like to grant the applet privileges.
You no longer need to manually import the certificate in the cacerts file. Although, it may be required for some users who might be using some particular sub version java plugin 1.3, but they can simply upgrade to a newer version.
Amit
Charlie Boss
Ranch Hand

Joined: May 22, 2001
Posts: 44
Originally posted by Amit Agarwal:
Good news guys,
I have checked the usage of trusted applets with Java(TM) Plug-in: Version 1.3.0rc1-T using JRE version 1.3.0rc1 Java HotSpot(TM) Client VM. It seems sun has solved the problem of not looking at the IE repository. Now, you can simply give a link to the certificate on your web page, and ask the user to install it in their browser. Once the certificate is installed your applet's signature will be verified against the IE repository and the user will be asked if he would like to grant the applet privileges.
You no longer need to manually import the certificate in the cacerts file. Although, it may be required for some users who might be using some particular sub version java plugin 1.3, but they can simply upgrade to a newer version.
Amit

hey Amit,
how do you do that

Java Rawks
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Originally posted by Amit Agarwal:
Good news guys,
I have checked the usage of trusted applets with Java(TM) Plug-in: Version 1.3.0rc1-T using JRE version 1.3.0rc1 Java HotSpot(TM) Client VM. It seems sun has solved the problem of not looking at the IE repository. Now, you can simply give a link to the certificate on your web page, and ask the user to install it in their browser. Once the certificate is installed your applet's signature will be verified against the IE repository and the user will be asked if he would like to grant the applet privileges.
You no longer need to manually import the certificate in the cacerts file. Although, it may be required for some users who might be using some particular sub version java plugin 1.3, but they can simply upgrade to a newer version.
Amit

Guys for achieveing this you follow all the steps given above except the Procedure for Configuring a Client Machine to accept the Signed jar File.
The certificate file that you generated is understood by IE. give a linke in the html file to the certificate file. (a link similar to a word doc that you would want to display if the user clicks on it). ask the user to install the certificate using this link. when the user clicks on the link the certificate is displayed. he has to click on the install button on the certificate and follow 2-3 steps (just press next) and finally accept it.
now when the applet is accessed, the user will get a dialog box where he can grant rights to the applet and make it trusted.
-----------
Amit

Bharat Agarwal
Greenhorn

Joined: Jun 16, 2001
Posts: 21
Hi Amit,
I dont know how to make the signed applets and I tried using the way u had said. But when i write the first command as u had written "keytool �genkey �keyalg rsa �alias myKeyName" it is not asking for any password or anythign.......it just display something (the way I would have asked for a maual help, I am using a Linux Server) and comes again to new prompt line......Can you help me out more in details.....
Thanks and regards.
Bharat.
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Hi Bharat,
I'm sorry, i don't know anything about using these tools on a linux server. it would be a good idea to check out sun's site for more information on it. also, the system i have discussed over here enables a person to deploy signed applets for use with IE using the plugin, you need to check out these things about linux platform.
Regards,
Amit
a hui
Ranch Hand

Joined: Oct 14, 2000
Posts: 39
By using this certificate, is this another way of dealing with the security? because I just solved the problem by editing the policy file.
Rohit Agarwal
Greenhorn

Joined: Jul 13, 2001
Posts: 9
Hi Amit,
As per the topic discussion on signed applets. I had done all the necessary steps and installed the certificate using the link on my html page on to the system. But still it is giving me a security exception in both Netscape and IE. It is also not showing me the page where i need to grant it the permission.
I have two clases :
One applet class, another java class.
This applet class creates an instance of this java class and uses its methods which have file.io methods to access the local client machines files.
When i do it without any signing n all and run it in IE / Netscape it is giving me security exception.
Now as per your steps given in the post. I did all the necessary steps
Created a keystore.
Self signed the key
created a certificate using the keystore
created a jar
verified the jar
signed the jar using the keystore
imported the certifcate into the lib directory using link (The certifcate is visible when i check it in the IE browsers internet options - content tab)
Now when i load the applet it is not giving me any dialog box for granting any permission
Should i have a policy file also associated with the class files. Where do i define what permissions are available for this applet.
I need the answer very badly and urgently. Help greatly appreciated.
i will also paste the code of the three files
--------------------------------------------------------------------------------------------------------------
This is the applet class:
--------------------------------------------------------------------------------------------------------------
import java.awt.* ;
import java.awt.event.ActionListener ;
import java.awt.event.ActionEvent ;
import java.applet.Applet ;
import java.io.*;

public class MyComApp extends Applet implements ActionListener
{
Button buttonCompress;
TextField textFile;
MyCom myc;

public void init()
{
// Create Buttons
buttonCompress = new Button("Compress");
// Listen for actions on GenerateKeys, Encrypt and Decrypt buttons
buttonCompress.addActionListener( this );

// Create Labels
Label labelFileName = new Label("Enter The file name");

// Create TextFields
textFile = new TextField( 20 );
// Create Panels with FlowLayout
Panel panelMyCom = new Panel( new FlowLayout() );
panelMyCom.add( labelFileName );
panelMyCom.add( textFile );
panelMyCom.add( buttonCompress );


// Add Panels to the Applet
add( panelMyCom ) ;
// Set Background Color to white
setBackground( Color.white ) ;
}

public void actionPerformed( ActionEvent e )
{
String actionCommand = e.getActionCommand() ;
try
{
if ( actionCommand.equals ( "Compress" ) )
{
int i =0;
myc = new MyCom();
File myfile = new File(textFile.getText());
i = myc.compress(myfile);
}
}
catch (IOException ioe)
{
System.out.println(e);
}
}
}
---------------------------------------------------------------------------------------------------------
This is the java class:
---------------------------------------------------------------------------------------------------------
import java.io.*;
import java.util.zip.*;
public class MyCom
{
public MyCom()
{
System.out.println("Entering Constructor");
System.out.println("Exiting Constructor");
}
public int compress(File fname) throws IOException
{
File outfile;
byte[] data;
Checksum chk = new CRC32();
System.out.println("Entering Compress");
String ofile = fname + "out";
FileInputStream fis = new FileInputStream(fname);
outfile = new File(ofile);
FileOutputStream fos = new FileOutputStream(outfile);
GZIPOutputStream gzos = new GZIPOutputStream(fos);
CheckedOutputStream cos = new CheckedOutputStream(gzos,chk);
int c = 0;
byte b = (byte) c;
while ( (c = fis.read()) != -1)
{
b = (byte) c;
System.out.println("integer value->" +c);
System.out.println("byte value ->" +b);
cos.write(b);
}
cos.close();
long sum = chk.getValue();
System.out.println("The Check sum is :"+sum);
System.out.println("exiting Compress");
return 1;
}

public static void main(String[] args) throws IOException
{
MyCom mc = new MyCom();
System.out.println("Entering Main \n");
System.out.println("Enter file name:") ;
String ufile = ( new BufferedReader( new InputStreamReader( System.in ) ) ).readLine() ;
File myfile = new File(ufile);
System.out.println( "" ) ;
int exitval = mc.compress(myfile);
System.out.println("Exiting Main ");
}
}
------------------------------------------------------------------------------------------------------------------------
This is the html:
------------------------------------------------------------------------------------------------------------------------
<html>
<head>
<title>Business logic implementation in Applet testing</title>
</head>
<body bgcolor="white">
<h1>Business logic implementation in Applet testing</h1>
<a href="file://h:/rohit/sec/rohitcert.crt">install certificate</a>
<hr>
<p>
<center>
<applet code="MyComApp.class" width="630" height="412" archive="rohitjar.jar">
You are probably not running a Java enabled browser. Please use a Java enabled browser (or enable your browser for Java) to view this applet...
</applet>
</center>
</body>
</html>
Rohit
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Originally posted by a hui:
By using this certificate, is this another way of dealing with the security? because I just solved the problem by editing the policy file.

The policy file can help you run your applet in appletviewer, but will it help you to run it in IE?
a hui
Ranch Hand

Joined: Oct 14, 2000
Posts: 39
Yes, by changing the policy file I have it working on both IE and Netscape.
But the question is, what do you do for deployment of this applet to other computers? If you generate a certificate file, does the other clients can use this applet?
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Editing your policy file is the ultimate thing to do. But, it should be specific so that only the applet you wish to be trusted should be granted the privileges, otherwise it becomes risky.
For deploying the applet to other machines, it is not actually possible to edit their policy files. here the certificate comes to the recue. the client must be given access to the certificate thru a link on the webpage. the client should install the certificate on his machine. now, when he runs the applet on his system, IE would check the signed applet against the certificate and ask him if he wishes to grant it rights. If he does, the applet gets all privileges.
a hui
Ranch Hand

Joined: Oct 14, 2000
Posts: 39
I guess my concern is for the clients, how many steps do they have to go through to authenticate an applet? Could you clearly list these steps?
Thank you
AH
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
the user needs to go thru two steps. first is to install the certificate, this is required just once for every machine. this is achieved by clicking on the link to the certificate and pressing the install button and follow the instructions (2-3 confirmations). once this is done, the scertificate of the signed applet can be authenticated against the installed applet.
the second step is to grant rights to the applet. when you access the applet, IE checks the certificate of the applet jar, authenticates it against the installed certificate and pops up a dialogbox where the user can grant access to the applet for a session or forever or even deny it. so according to the users choice the applet runs in a trusted environment. if the user chooses to grant rights to the applet for a session, he wil be prompted with the same dialog box when he accesses the applet the next time.
Manuela Hofer
Greenhorn

Joined: Sep 19, 2001
Posts: 2
Originally posted by Amit Agarwal:
the user needs to go thru two steps. first is to install the certificate, this is required just once for every machine. this is achieved by clicking on the link to the certificate and pressing the install button and follow the instructions (2-3 confirmations). once this is done, the scertificate of the signed applet can be authenticated against the installed applet.
the second step is to grant rights to the applet. when you access the applet, IE checks the certificate of the applet jar, authenticates it against the installed certificate and pops up a dialogbox where the user can grant access to the applet for a session or forever or even deny it. so according to the users choice the applet runs in a trusted environment. if the user chooses to grant rights to the applet for a session, he wil be prompted with the same dialog box when he accesses the applet the next time.

I've a signed applet which works with java plugin 1.3. but i've a problem with it. when i insert the link with the certificate, i can install it, but i doesn't get the dialogbox where i can grant access. after installing the certificate there happens nothing. when i try to save the file (this is the work of my applet) i get a security exception access denied. how can i fix this bug?
Amit Agarwal
Ranch Hand

Joined: May 09, 2001
Posts: 92
Manuela, check your jar, probably it is not properly signed. Use the same key, from which the certifiacte was generated, to sign the jar.
Manuela Hofer
Greenhorn

Joined: Sep 19, 2001
Posts: 2
I've checked my jar-File with the jarsigner -verify -verbose command. My jar-File is signed. I've done it once again with the same key with which i was creating the certificate, but it doesn't work!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to deploy a Swing Applet that accesses the System Clipboard