Sign All Applet JAR files
Applets are back! And now applets can do more than ever before thanks
to signed JAR files. By signing your JARs, you can get access to the
filesystem and other resources that were previously off-limits,
provided the user grants your applet those privileges. And signing
JAR files is now very easy thanks to tools bundled with the JDK.
However, be certain to sign all JAR files used by your Java applet.
If you sign the JAR file with your main applet class, your applet will
launch. If it later uses classes from another JAR file, though, you
can run into trouble. If the newly-loaded class tries a restricted
operation and its JAR file isn't signed, your applet will fail at that
point with a security exception. Rather than waiting for this and
debugging it when it occurs, save yourself the trouble and sign all of
your JAR files up front.
You can create your own certificate using tools provided by the JDK.
keytool -genkey -alias mykey lets you create your own
certificate. Be sure to specify an expiration date far in the future
with -validity 1000. The default is only 6 months.
Sign your JAR files with jarsigner my.jar mykey (where
my.jar is the name of the jar file to sign).
Deploy all of your JAR files to a folder on your web server, add an
HTML page with the applet tag, and let the world enjoy
your new applet with powerful permissions.
|