1

I have a JAVA Applet to perform digital signatures, certificate validations, and so on. It's signed with a valid certificate, it has a correct Manifest (I suppose) with values as:

Permissions: all-permissions
Specification-Title: Applet Certificados digitales
Specification-Version: v1.3
Specification-Vendor: mycompany
Application-Name: Applet Java mycompany

And, it works perfectly, into a "applet" tag, thanks to NPAPI friendly browsers (tested only on Firefox and IExplorer). It has been running so by years ...

Now I want to let Chrome and Edge users use it, by using JNLP. And here it's ALMOST ok. I say "almost" because I can read store certificates, access to my ASP.NET WebApi, perform digital signatures .... but now I can't open smart cards to read certificates, due that SecurityException when I set the security manager:

  public SmartCardProvider_SecurityManager(final ApduConnection conn) {
    super(NAME, VERSION, INFO);
    defaultConnection = conn;

    AccessController.doPrivileged(new PrivilegedAction<Void>() {
        @Override
        public Void run() {
            if (!(System.getSecurityManager() instanceof SmartCardProvider_SecurityManager)) {
                    System.setSecurityManager(new SmartCardProvider_SecurityManager(System.getSecurityManager()));
                   // Exception -> JVM Shared, not allowed to set security manager
            }
....

Where

private static final class SmartCardProvider_SecurityManager 
     extends SecurityManager { .....

This is my JNLP:

<?xml version="1.0" encoding="utf-8"?> 
 <jnlp spec="1.0+" codebase="" href="thefile.JNLP">
 <information>
   <title>mycompany - JAVA apps</title>
   <vendor>mycompany</vendor>
   <homepage href="http:\\www.mycompany.com" />
   <description>the description</description>
 </information>
 <security>
   <all-permissions/>
 </security>
 <resources>
   <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
   <jar href="APPLET_NAME.jar" main="false"  />
 </resources>
 <applet-desc documentBase="" 
    name="the_name" 
      main-class="myjavanamespace.clsApplet" 
      width="450" 
      height="250"> 
    <param name="0123225223   ..... /> some ciphred params ... 
    <param name="permissions" value="all-permissions" /> 
</applet-desc>

My last try was to add this param:

<param name="separate_jvm" value="true"/>

But I get the same exception. I am out of ideas, so any help will be appreciated.

Current run enviroment:

  • Java Plugin 11.72.2.15

  • Using JRE 1.8.0_72-b15 Java HotSpot(TM) 64-Bit Server VM

Morcilla de Arroz
  • 2,104
  • 22
  • 29
  • Is it necessary for this applet to be embedded in a web page? I suspect it will be a lot easier to get a separate JVM in a free floating (non-embedded) applet. – Andrew Thompson Feb 06 '16 at 04:58
  • @AndrewThompson hi, in fact, when its embedded in the web page, I use JSObject to interact with server through JS+Webmethod. All its ok here. For chrome and edge its open via JNLP, and then ASP.NET WebApi its used. Maybe I can use another "main" void in this case to open it in a JFrame, for example (or maybe I have to surrender, and develop a standalone java app) ? – Morcilla de Arroz Feb 06 '16 at 08:07
  • 1
    *"I use JSObject to interact with server through JS+Webmethod."* The [days of embedded applets are numbered](https://blogs.oracle.com/java-platform-group/entry/moving_to_a_plugin_free). Either migrate the functionality to pure JS (which I'd recommend, if possible) or have a more enabled desktop app. that communicates directly with the web service layer. Anything else will just be wasting time. – Andrew Thompson Feb 06 '16 at 08:57
  • 1
    @AndrewThompson its a pity because for example sign with a certificate or read smart cards its impossible with JS. So its time to Redo all, better than "make up it". I appreciate a lot your info, i`m a NET developer and i did not know that java news! Thanks – Morcilla de Arroz Feb 06 '16 at 15:39

1 Answers1

0

I have migrated the funcionality to a stand-alone java app, invoking it with "the same" JNLP ('application-desc' instead of 'applet-desc', and 'arguments' insted or 'params nodes'). The security error has gone.

I was trying to change the smart code provider, to get the real reason of this question, but, as Andrew Thompson said, and I agree, it's worthless to spoil more effort with an applet, as they are going to be discontinued on March 2017 aprox.

By now, I will keep my old applet meanwhile the new app comes to Production.

Morcilla de Arroz
  • 2,104
  • 22
  • 29