File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Applets and the fly likes 'signing' and 'grant' Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark " Watch " New topic
Author

'signing' and 'grant'

Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2046
Hi,
I have revised the java.policy and put:

grant {
permission java.security.AllPermission;
};

Now, I am adding the 'signing' of the jar.

Has signing an applet/jar got anything to do with the 'grant' access? Or are they 2 totally independent factors?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
They both accomplish the same thing, more or less. If you have the AllPermission in place, then signing the applet shouldn't be necessary.


Ping & DNS - updated with new look and Ping home screen widget
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2046
Thanks.

Is it possible to specify 'grants' (give grants) together with the signing of the jar?

As of now, I removed the

grant {
permission java.security.AllPermission;
};

and add specific grants (e.g. io read on 'c:/tmp/*').

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
Signing the jar file also grants all permissions, so adding further permissions in the policy file would have no effect.
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2046
Ulf Dittmer wrote:Signing the jar file also grants all permissions, so adding further permissions in the policy file would have no effect.


Thank you for the reply.

When I deployed the signed version of the jar (using self-signed certificate), I did get a pop up asking me if I want to allow the applet to run, and trust the publisher.

However, there was no change in the permitted actions of the applet.

The applet still doesnt have permission to do stuff, like io reads.

That is why I added those 'grants' in the java.policy.

I wonder if there is something wrong with regards to my signing, or the certificate. Is what you mentioned true also on 'self-signed' certificates?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
That's odd. As far as the applet is concerned, all certificates are equal, so if the user accepts it then all permissions are granted to the applet.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: 'signing' and 'grant'
 
Similar Threads
jarsigner: unabel to sign zipexception
how to get web start working
How to prevent JavaWebStart from starting application twice ?
Disable JWS Auth dialog
Breaking Java WebStart Security