I have an application which I'm using as a JApplet. It accesses the internet, but I've found the issue why it's not working is because it apparently is not trusted.
How can I go about making the application trusted :)
The only way to make an applet trusted, is to sign all jars.
If you do not have an official certificate, you can create your own which the user then needs to accept.
Use "keytool" in the JDK for these operations.
Related
For my education I often have to program math exercises for our site, which will be used in schools.
I had to port a .swf file to java applet, mainly because the .swf ran really slow.
The game/excercise worked fine in both Eclipse and my localhost, but when we put it on the site it always got blocked by Java.
I have read that you need a certificate, but that self signed certificates dont work.
I have tried to do it (Not sure if I was succesful), and the applet was still blocked.
What am I supposed to do to make it work?
Why don't you try Java Web Start instead of applets?
You chan check it at http://www.oracle.com/technetwork/java/javase/applet-migration-139512.html
From https://www.java.com/en/download/help/java_blocked.xml
Java has further enhanced security to make the user system less
vulnerable to external exploits. Starting with Java 7 Update 51, Java
does not allow users to run applications that are not signed
(unsigned), self-signed (not signed by trusted authority) or that are
missing permission attributes.
So, from Java 7 Update 51, users cannot run unsigned application (without a certificate), self-signed application (applications signed with a certificate that doesn't come from trusted authority), or applications missing Permission Attribute.
As the documentation says about self signed applications,
Applications of this type present the highest level of risk because
publisher is not identified and the application may be granted access
to personal data on your computer.
Also, as stated in the documentation, if you can still use self signed applications you need to add it to the exception site list,
As a workaround, you can use the Exception Site list feature to run
the applications blocked by security settings. Adding the URL of the
blocked application to the Exception Site list allows it to run with
some warnings.
I know a real Java Applet on a Website should be officially signed to work properly and have full access. I just want to test the functionality of a java applet on my localhost without buying a certificate. So the question to me is can a self signed Java Applet have full permissions if executed on the localhost?
Yes, but it might involve changing the security settings of the Java plug-in and the browser.
First i would like to say that the .jar does not contain any malicious software or code. It's not harmfull, everything is fine. I signed my .jar and I'm trying to load it into my website using this code:
<applet width="765" height="503" code="Loader.java" archive="HolyDivinity718V1.1.jar" name="Holy Divinity"></applet></p>
But when i run it i get this error:
Application Blocked. Click for details. Your security settings have blocked a self-signed application from running.
The client is a webclient of a game that I'm running. What's the reason that it's getting blocked?
Since recently all self signed java applets are blocked. You can do one of the following things:
Buy and sign your applet with an official certificate
Decrease your security slider to medium
Use the exception site list
Sign your app with a self signed certificate and add your certificate to the java trust store
I've made a Java applet and I self signed it before, but due to security changes in recent Java updates, self signing no longer gives the applet the necessary permissions.
I need the applet to be able to read the local file system to use images and to be able to connect to a MYSQL database.
The applet used to work with the database when I self signed it, but not anymore.
In addition, many unknown users will be using the applet, so I won't have control over their machines.
Where can I get my applet professionally signed and if possible, is there another way to self sign that will make the applet work?
Purchase a certificate from any reputable certificate authority. Use that to sign your code. List of CAs
Or, some companies also do this: Sign the jars themselves, but pre-populate the JDK trust store with your (self created) CA cert. If you have control over the JRE that is installed on all user machines, you can place your certificate in JRE/lib/security/cacerts so that is trusted ahead of time.
update: This page (Java Control Panel Documentation) describes what type of signature is required for various client side security level settings:
As long as the applet 'phones home' to the DB & this demo. of the JNLP API file services1 works for the problem machines you should be set to go for a Plug-In 2 JRE (1.6.0_10+) JRE. And if the client has less than that, they should seriously look to update. The Deployment Toolkit Script can assist with that.
It is relevant in that:
It uses a self signed certificate
It allows a sand-boxed app. to read/write to the local file system.
An applet launched using JWS has access to the API.
This should only be considered a work-around. The correct way to solve the problem is to heed the advice offered to get a certified code certificate. Oracle seems to be heading towards making it so that unsigned or self-signed code will not just be sand-boxed, but entirely forbidden (& that is for the best).
As an aside re. DB access: For the protection of the DB. The applet should be forced to go through a 'public interface' (via the site that hosts the applet). Do not give the applet direct access to the DB. Otherwise hackers also have direct DB access.
i wrote a web application which is used in our intranet. I alswo wrote a small Java Applet to integrate with our windows desktops (opening applications and files). Of course i get a security warning everytime i access my web application.
I've read on stackoverflow that it should be possible, to sign my applet and roll out the certificate to all my clients (Windows XP and Windows 7) to get rid of the securitywarning.
Is there a tutorial how to do that? Can i do that without purchasing a expensive certificate because i'm only using this application in my intranet?
Thx for any information and best regards!
I found the solution here: http://wikigu.blogspot.co.at/2011/06/signing-java-applet-with-your-own-ca.html
The last step is to install the generated crt (in the example it's the "server.crt") file into the Trusted Publishers certificate store.
Edit: i just realized that it is just working in Internet Explorer (applet is executed without any warning or dialogue) but not in Firefox. Firefox still shows a security warning. Does anybody know how to get rid of the warning in Firefox?