frequal.com

Sign All Applet JAR files

Applets are back! And now applets can do more than ever before thanks to signed JAR files. By signing your JARs, you can get access to the filesystem and other resources that were previously off-limits, provided the user grants your applet those privileges. And signing JAR files is now very easy thanks to tools bundled with the JDK.

However, be certain to sign all JAR files used by your Java applet. If you sign the JAR file with your main applet class, your applet will launch. If it later uses classes from another JAR file, though, you can run into trouble. If the newly-loaded class tries a restricted operation and its JAR file isn't signed, your applet will fail at that point with a security exception. Rather than waiting for this and debugging it when it occurs, save yourself the trouble and sign all of your JAR files up front.

You can create your own certificate using tools provided by the JDK. keytool -genkey -alias mykey lets you create your own certificate. Be sure to specify an expiration date far in the future with -validity 1000. The default is only 6 months.

Sign your JAR files with jarsigner my.jar mykey (where my.jar is the name of the jar file to sign).

Deploy all of your JAR files to a folder on your web server, add an HTML page with the applet tag, and let the world enjoy your new applet with powerful permissions.

Last modified on 2 Jul 2008 by AO