4

I have a signed applet on my website that had been working fine for nearly a year. Today, however, it's giving my users a mixed code warning. I found here that certain Apache components, which I happen to be using, can generate a mixed code warning. However, there are two things that concern me.

  1. First of all, my applet consists of a single jar file that's signed, and when I use jarsigner -verify my_signed_file.jar I get the jar verified output. (It's not linking to any external libraries, all of the compiled code is inside this jar file.)

  2. I'm getting this message all of a sudden, even though the my applet jar hasn't been modified in nearly a year. Both I and my client have been using the Java 1.7 runtime for a while now without getting this message, so why would we be getting the message today?

Any thoughts or ideas would be appreciated. Thank you.

--Jay

Community
  • 1
  • 1
jay
  • 1,524
  • 4
  • 25
  • 45
  • 2
    Have you updated the JRE? I beleive a new version (update 21) was released recently, and it's possible that it's stricter about security now. – Antimony Apr 21 '13 at 22:19
  • If you're doing xml parsing in your applet there is sometimes a HTTP request done to the server to find the XML Parser. – Anthony Apr 21 '13 at 22:21
  • Further to @Antimony comment, see [Java 7 Update 21 Security Improvements in Detail](http://blog.eisele.net/2013/04/java-7-update-21-security-improvements.html). This actually sounds like a slight glitch in that the message is nonsensical, but I'd bet 100 to 1 that you are both now using update 21. – Andrew Thompson Apr 22 '13 at 00:59
  • In the latest update, Java no longer supports self-signed certificates. – Mitch Connor May 29 '13 at 18:06

2 Answers2

2

As of Java 7 Update 21, it displays a warning message when it encounters mixed code in your signed applet.

You need to add Trusted-Only: true attribute to your manifest file so it won't show a warning dialog.

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/mixed_code.html

regulus
  • 1,572
  • 12
  • 18
0

you have not made a .crt file to sign your jar with. please take a look at http://docs.oracle.com/javase/tutorial/deployment/jar/signing.html you need to make a .crt file within command prompt to use -jarsigner

Ashley
  • 142
  • 7