This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Applets and the fly likes Signed applet throws security exceptions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Applets
Bookmark "Signed applet throws security exceptions" Watch "Signed applet throws security exceptions" New topic
Author

Signed applet throws security exceptions

Miha Vitorovic
Greenhorn

Joined: May 18, 2006
Posts: 2
Hi all

I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.

The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.

So, signing will have to work.

Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.

It works on JVM 1.5.0_06 but not on 1.4.2_08.

Please help me make if work under any JVM.

The error I get is:


What is funny, is that I have two applets, and one works and the other one doesn't. It is like this:

Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.

Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.

All JARs are signed using the same key/certificate.

Both applets try to connect to the same "host1".

Both applets try to use the same proxy - which is different from "host1".


The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.

Any suggestions?

Mike5
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Welcome to JavaRanch.

because applet needs to be Java 1.1 compatible.

I hope that doesn't mean you're planning to run it on the MS JVM, because that has bugs and incompatibilities in this area.

that I can not use doPrivilege() ... So, signing will have to work.

You may have to use both, see here.


Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.

It works on JVM 1.5.0_06 but not on 1.4.2_08.

I'm not too surprised that tools shipped with 1.5 produce something that doesn't work with a 1.4 JVM. Have you tried the 1.4 jarsigner?

Might the use of policy files (as outlined in the wiki page linked above) be possible? That wouldn't work with a Java 1.1 JVM either, of course.
[ May 18, 2006: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Miha Vitorovic
Greenhorn

Joined: May 18, 2006
Posts: 2
Originally posted by Ulf Dittmer:
Welcome to JavaRanch.


Thanks.


I hope that doesn't mean you're planning to run it on the MS JVM, because that has bugs and incompatibilities in this area.


I plan to cross that bridge when I get to it


I'm not too surprised that tools shipped with 1.5 produce something that doesn't work with a 1.4 JVM. Have you tried the 1.4 jarsigner?


Yes, it didn't help.


Might the use of policy files (as outlined in the wiki page linked above) be possible? That wouldn't work with a Java 1.1 JVM either, of course.


No, because then we would have to tell our "anonymous" users who might have heard of Java, but know nothing about it, how to modify their policy files, and this is something we would like to avoid.

But most of all I have a feeling that it has something to do with the way how JVM sandbox works and is not well documented (because I have searched the Web quite a lot).

I have seen somewhere that Securoty Manager also protects threads and thread groups from each other.

How does that work and could that be the case here?

Also, do package names have anything to do with the Security Manager?

Does anybody know?

Cheers, Mike5

[ May 18, 2006: Message edited by: Miha Vitorovic ]
[ May 18, 2006: Message edited by: Miha Vitorovic ]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Signed applet throws security exceptions
 
Similar Threads
Failing applet connection with (SSL) https connection using proxy
Applet JDBC connection to a Different Host Than the Web Server
Security problem on some PC's
Low Priority: AppletViewer doesn't work, real world does?
socketPermission: Access Denied