tags:

views:

298

answers:

3
Q: 

Java Applet - Partially Signed?

Is it possible to sign only part of an applet? Ie, have an applet that pops up no security warnings about being signed, but if some particular function is used (that requires privileges) then use the signed jar?

From what I can tell, some (perhaps most) browsers will pop up the warning for a signed applet even if you don't request privileges at all at execution time. I'd rather avoid that if possible.

A: 

I've been given the impression that Sun wants to discourage the creation of Applets and encourage the usage of Java Web Start. I think this issue of signing applets is part of the problem. See this documentation from Sun: Java Web start FAQ.

I haven't tried this, but could you segment the features that need signing into separate jars that only require permission checks when the user needs the functionality in those jars?

Jason Dagit  2008-09-16 22:39:59
That's not true at all, as Sun's recent efforts to develop a new (vastly improved) plugin should show. Web Start is a totally different animal, though the two are coming closer together. I'll try the multijar, if nothing else it should work with JNLPAppletLauncher.
jsight  2008-09-17 02:07:45
+1  A: 

Try splitting your code into an unsigned jar and a signed jar.

James A. N. Stauffer  2008-09-16 23:09:44
Sounds like a good idea... I'll try it.
jsight  2008-09-17 02:08:16
A: 

In theory you can (signed + unsigned jar), but in practice it will result that your code will be handled as unsigned. The access decision should be made from the thread, not the immediate caller. If the thread contains in the stack a call made from an object from unsigned code, the whole call should be treated as unsigned. If you work around this you've found a bug.

In other words... No.

If I'm not being to curious, may I inquire why do you want to partially sign your code?

Javaxpert  2008-09-18 15:00:16
I've now tried this and it does work. Sun actually does something very similar to get Java3D and JOGL to work in applets as well, and I don't believe that this is considered a bug. Signing the whole app would result in security dialogs at applet load time. This is bad as few need the functionality.
jsight  2008-10-13 02:02:31

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java