This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Java in General and the fly likes about applet signature Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "about applet signature" Watch "about applet signature" New topic
Author

about applet signature

walter wang
Ranch Hand

Joined: Jun 02, 2001
Posts: 154
there is a link has a sample and article about applet
signature
http://www.esus.com/javaindex/j2se/jdk1.2/javaxswing/toplevelcontainers/japplet/jappletsec/signjappcontrol.html
I read this article .but i have a question about follow sentences

What happens when you download a signed applet is this: the browser downloads the JAR file and checks whether it is signed. If it is, it will check the security policy configuration file whether the "usePolicy" RuntimePermission is set. There are two policy files, a system-wide one, (JRE_HOME/lib/security/java.policy) and a user specific one (USER_HOME/.java.policy). In my case, my system-wide one is at C:\Program Files\JavaSoft\JRE\1.3.1\lib\security and my user one is at C:\Windows\.java.policy. When the plug-in starts, it will concatenate both of them together and use them as a security policy for the rest of the session. If the usePolicy permission is set, security is controlled based on the permissions that are set in the policy files, even if you have an RSA signed applet signed by a trusted authority that wants full control over your client's machine. This allows you to have finer-grained security control over what your signed applets are able to do.

but i also find two java policy file in my pc which is win2k
fisrt java.policy file
c:\program files\javasoft\jre\1.3.1\securtiy\java.policy
second java policy file
c:\jdk1.3.1\jre\lib\security\java.policy
but which is my user java policy file?
i put modified java.policy
into those two directorie.
even i put it into c:\documentsandsetting\walter(my user name)
my modified java.policy has even more permissions
it is like belowings
grant {
permission java.lang.RuntimePermission "usePolicy";
permission java.io.FilePermission "C:${/}esusfoo", "write";
};
but when i try click this link as article said.
If you run this signed applet (http://www.esus.com/applets/WriteTwoFiles.html), using the same modified policy file, esusfoo was successfully accessed but, a AccessControlException is thrown in accessing esusfoo2, as expected.
results are : both files are accessdenied exception
why???

thanks in advnace


public class Walter { public boolean is_Working_Now (boolean is_boss_Coming) { return is_boss_Coming; }
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: about applet signature