views:

298

answers:

3

Is it possible to sign only part of an applet? Ie, have an applet that pops up no security warnings about being signed, but if some particular function is used (that requires privileges) then use the signed jar?

From what I can tell, some (perhaps most) browsers will pop up the warning for a signed applet even if you don't request privileges at all at execution time. I'd rather avoid that if possible.

A: 

I've been given the impression that Sun wants to discourage the creation of Applets and encourage the usage of Java Web Start. I think this issue of signing applets is part of the problem. See this documentation from Sun: Java Web start FAQ.

I haven't tried this, but could you segment the features that need signing into separate jars that only require permission checks when the user needs the functionality in those jars?

Jason Dagit
That's not true at all, as Sun's recent efforts to develop a new (vastly improved) plugin should show. Web Start is a totally different animal, though the two are coming closer together. I'll try the multijar, if nothing else it should work with JNLPAppletLauncher.
jsight
+1  A: 

Try splitting your code into an unsigned jar and a signed jar.

James A. N. Stauffer
Sounds like a good idea... I'll try it.
jsight
A: 

In theory you can (signed + unsigned jar), but in practice it will result that your code will be handled as unsigned. The access decision should be made from the thread, not the immediate caller. If the thread contains in the stack a call made from an object from unsigned code, the whole call should be treated as unsigned. If you work around this you've found a bug.

In other words... No.

If I'm not being to curious, may I inquire why do you want to partially sign your code?

Javaxpert
I've now tried this and it does work. Sun actually does something very similar to get Java3D and JOGL to work in applets as well, and I don't believe that this is considered a bug. Signing the whole app would result in security dialogs at applet load time. This is bad as few need the functionality.
jsight