Reputation: 673
Clarifications over java applet warnings
I'm working on deploying a Java applet over JNLP. The functionality of the Applet works as expected, my problems lies within the Security Warnings displayed during run time. I've searched extensively for answers on when and why they appear without any sufficient answers so I thought I try to get some answers here.
Premises: My Applet is signed using a self signed certificate which is also imported as trusted CA (the 'safer looking' warning is displayed). I will use a real certificate from Thawte or Verisign in production but this should be good enough for now. No external permissions is needed and disk access is done only through JNLP.
Since I want to be able to use FileSaveService and FileOpenService I've specified the j2ee-application-client-permissions tag in the security part of my JNLP file.
Javascript is used to invoke public functions in the applet.
This happens right now: When the applet is loaded I get a security prompt warning me that this Applet will run with unlimited access to the system. The warning is the trusted kind with the blue info display rather than the yellow warning. Why do I get this warning? Will this always appear even if I stick to using only JNLP libraries? How is this warning determined, is it by scanning my code or by reading some setting I can change? Is there a list of allowed classes to run without getting this warning?
Once the applet loads and I try to open a file dialog I get prompted again saying that the application has requested read/write permissions.
I assume the later warning is a JNLP warning since it first appeared when I started to use JNLP. Why do I get prompted both at startup as well as during use? Do I need to get both and will I get both once I have a proper certificate?
Most importantly I would like to get rid of the first warning since it looks rather scary to allow my applet to run with unrestricted access (especially since that is not at all my intention!). Is there any documentation that clears out what triggers the warnings and how to deal with them?
Edit: The file is validated with Janela without errors. Everything launches as it should, it's the warnings I want to understand.
<script>
var attributes = {
id:'id',
codebase:'www.mydomain.com/jars/',
width:1,
height:1,
name:"Name"
};
var parameters = {
jnlp_href:"www.mydomain.com/jars/jnlp.jnlp"
}
deployJava.runApplet(attributes, parameters, '1.6');
</script>
JNLP file
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="/jars/jnlp.jnlp">
<information>
<title>Title</title>
<vendor>My Company</vendor>
<description>Description</description>
<description kind="short">Desc</description>
<offline-allowed />
</information>
<resources>
<j2se version="1.6+" />
<jar href="ext1.jar" main="false" download="eager"/>
<jar href="ext2.jar" main="false" download="eager" />
<jar href="mainJar.jar" main="true" download="eager"/>
</resources>
<applet-desc
name="name"
main-class="com.myCompany.applet.mainClass"
width="1"
height="1">
</applet-desc>
<security>
<j2ee-application-client-permissions/>
</security>
</jnlp>
Upvotes: 3
Views: 1225
Answers (1)
Reputation: 1173
You don't have to sign your applet. If you don't sign, then the first warning doesn't appear.
http://docs.oracle.com/javase/tutorial/deployment/applet/security.html
Upvotes: 1
Related Questions
- Why do we need JNLP File in Java and Applet?
- Java applet warning on JRE 1.7u45
- Java applet Security Warning checkbox
- Java applet security warning prompt in 1.7 upade 55
- Java Security Warning
- Security Warning in signed applet
- java is insecure message when running some applets
- Applet/Web Start securtiy
- Java security vulnerability for basic applet
- Why is suddenly this java security warning shown on our applet