getting applets to work

Started by Sterrenkijker, July 07, 2009, 12:09:49

Previous topic - Next topic

Sterrenkijker

I'm trying to get an applet to work, but I keep getting the same error:
corien@Ubuntu-Corien:~/Bureaublad/towerdefense$ appletviewer testbox.html 
Fatal error occured (2): access denied (java.util.PropertyPermission java.io.tmpdir read)


The appletviewer also gives an error: Permissions for applet refused. "Please accept the permissions dialog to allow the applet to continue the loading process." But I haven't seen any such dialog. Visiting testbox.html in the browser results in a grey screen.

Usually this problem can be solved by signing the jar, but this didn't help. The jar is signed and the problem is still unsolved.
corien@Ubuntu-Corien:~/Bureaublad/towerdefence$ jarsigner -verify -verbose TestBox.jar

         137 Tue Jul 07 14:06:28 CEST 2009 META-INF/MANIFEST.MF
         258 Tue Jul 07 14:06:28 CEST 2009 META-INF/TRADEAND.SF
        1103 Tue Jul 07 14:06:28 CEST 2009 META-INF/TRADEAND.DSA
           0 Tue Jul 07 14:06:22 CEST 2009 META-INF/
smk     2124 Tue Jul 07 14:06:20 CEST 2009 TestBox.class

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

Warning: 
This jar contains entries whose signer certificate will expire within six months. 

Re-run with the -verbose and -certs options for more details.


This is testbox.html:
<html>
  <body style="background-color:gray">
  <applet code="org.lwjgl.util.applet.AppletLoader" archive="lwjgl_util_applet.jar, lzma.jar, TestBox.jar" codebase="." width="720" height="480">

	<param name="al_title" value="appletloadertest">
    <param name="al_main" value="jmetest.awt.applet.TestBox">
    <param name="al_logo" value="appletlogo.png">
    <param name="al_progressbar" value="appletprogress.gif">
    <param name="al_jars" value="TestBox.jar, jME_2.0.jar,lwjgl_applet.jar.pack.lzma, lwjgl.jar.pack.lzma, jinput.jar.pack.lzma, lwjgl_util.jar.pack.lzma, res.jar.lzma">
    <param name="al_windows" value="windows_natives.jar.lzma">
    <param name="al_linux" value="linux_natives.jar.lzma">
    <param name="al_mac" value="macosx_natives.jar.lzma">
 
  </applet>
  </body>
</html>


Does anyone have an idea what's wrong?

kappa

are you also signing lwjgl_util_applet.jar ?

Sterrenkijker

Quote from: javalwjgl on July 07, 2009, 13:45:16
are you also signing lwjgl_util_applet.jar ?

No, because it has already been signed. There are files ODDLABS_.RSA and ODDLABS_.SF in the jars /META-INF/ directory. Should I replace the signings of all the jars?

kappa

best to have one certificate for all jars, java is pretty buggy when you have multiple certificates. best to delete all the certificate (just delete the meta-inf folder) and resign everything with one certificate.

If your app doesn't need signing then just leave the default certificates, else if you do need it then delete the existing certificates and sign everything again (JME does need permissions, so you should resign).

Sterrenkijker

Quote from: javalwjgl on July 07, 2009, 14:20:47
best to have one certificate for all jars, java is pretty buggy when you have multiple certificates. best to delete all the certificate (just delete the meta-inf folder) and resign everything with one certificate.

If your app doesn't need signing then just leave the default certificates, else if you do need it then delete the existing certificates and sign everything again (JME does need permissions, so you should resign).

What about the lzma packages? Should I resign them too (and how?). There are also files with .pack in their names, I can't even open them...

I don't know if my app needs signing. I just got this error and found somewhere on a forum I should sign my jar. But it didn't help.

Matzon

does the appletviewer work correctly with certificates? - if not, you could use a default policy that allows everything:
(from lwjgl)
Quotekeystore "lwjglkeystore";

grant SignedBy "lwjgl" {
  permission java.security.AllPermission;
};

Sterrenkijker

Sorry, I'm a noob on the area of applets, jars and signing. I've created a file applet.policy in the directory of all the jars and my own jar, and put this text in it, but it has no effect.

Quote from: Matzon on July 07, 2009, 19:30:42
does the appletviewer work correctly with certificates? - if not, you could use a default policy that allows everything:
(from lwjgl)
Quotekeystore "lwjglkeystore";

grant SignedBy "lwjgl" {
  permission java.security.AllPermission;
};


broumbroum

This is it, almost... A policy file is a file that defines authority of an Applet using it.
In fact, launching an applet loads the defaut policy file located somewhere in your home folder (a file like *.policy). But if you intend to change those policies, you must edit it with the policytool (jdk/bin/policytool) or it might not reflect the correct paths of your system.
4 steps (this is for appletviewer only):

  • create a certificate with an alias with keytool -genkeypair -alias YOUR_ALIAS
  • sign you applet
  • log permissions you need and add them with the policytool to your policy file (usually granted by YOUR_ALIAS)
  • last but not least, set (-J)-Djava.security.policy=THE_JAVA_SECURITY_POLICY_FILE
Important notice : then running under any browser WON'T BE AS WITH APPLETVIEWER such as you mustn't  specify java.security.policy in IE or Sfari but you have to authorize the applet as a trusted content. 8)