signed java applet restrictions?

Question

I wrote a java applet and self signed it. When I run it in eclipse or as a executable jar it works fine. But when I upload it, it doesn't do anything. It loads, and the self signed cert warning does come up and I click yes but nothing. I was under the impression that signed applets had no restrictions. What could be the problem?

Huh? Why would a jar file "do something" when you "upload it"? How does it "load"? What is doing the "loading"? Why? — Jonathan Feinberg, Nov 25 '09 at 18:04
I think it's pretty obvious that I upload it to my server, and then load it in an html page in tags. What else could I have meant? — Ilia Choly, Nov 25 '09 at 18:32
Any number of things, silverbandit91, which is why Jonathan was asking for clarification. — delfuego, Nov 25 '09 at 18:54
Silverbandit, you would be astonished if you knew what people think is obvious. — Thorbjørn Ravn Andersen, Nov 25 '09 at 19:09

Bostone · Accepted Answer · 2009-11-25T18:16:55.623

2

You sign your applet with a certificate. If that cert doesn't come from authority such as Thawte in "real life" situation your applet will not be considered safe by your browser without user explicitly granting you access by relaxing Jaca policy (or accepting self-signed cert). Dev tools such as Eclipse have that relaxed policy built in so that's why you don't have a problem

And the pricing is pretty stiff

edited Nov 25 '09 at 18:16

answered Nov 25 '09 at 18:11

Bostone

36,858
39
167
227

Sorry, I didn't make it clear. I do accept the self-signed cert. Still doesn't run. – Ilia Choly Nov 25 '09 at 18:28
There's companies other than Verisign that will do you a much cheaper deal. (And you can use a stolen credit card...) – Tom Hawtin - tackline Nov 25 '09 at 20:38

score 2 · Answer 2 · answered Nov 25 '09 at 18:45

See http://java.sun.com/docs/books/tutorial/deployment/applet/security.html. I quote:

When a signed applet is accessed from JavaScript code in an HTML page, the applet is executed within the security sandbox. This implies that the signed applet essentially behaves likes an unsigned applet.

Signing applet code like this has no effect except popping a security warning dialog.

There are a number of things you might have meant by "when I upload it, it doesn't do anything" other than "I create an applet jar and upload it to my server, then reference it in an applet tag of an HTML page and when I open the page, the security warning dialog pops up but I click it and nothing further occurs".

I don't think so, because I have other signed applets that can read and write to files without a problem after confirming the cert. — Ilia Choly, Nov 26 '09 at 00:09
Then it sounds like you've found a way to subvert Sun's intent. You should publish. — spork, Nov 30 '09 at 17:44

score 0 · Answer 3 · answered Jan 08 '13 at 13:53

You need The parameter "mayscript" when you want your applet to store information e.g. on cookies.

<applet code="MainApp.MainClass.class" height="645" mayscript="" width="100%">
    <param name="archive" value="MainApp.jar" />
</applet>

Hope this helps

signed java applet restrictions?

3 Answers3