Treat my applet as certified?

steviec

I'm playing around with a java applet at the moment that I want to connect to a website and read information. I know the piece of code works when I do it in a regular java program but I get connection refused in my applet which I believe is because applets aren't allowed make connections unless they're certified. I was wondering if there's a way to just treat it as certified when its running on my own computer? I know there's no security risk with it.

BizzyC

Look into jar-singing. You can make a cert yourself, and sing a jar (containing applet) with it.
Should get it to work on your own PC.

steviec

Ok tried that and I think it worked... just got the message 'the signer certificate will expire within 6 months'

Still didn't work though, getting the following list of errors when I run the applet:

java.security.AccessControlException: access denied (java.net.SocketPermission w
ww1.bipm.org:80 connect,resolve)
java.security.AccessControlException: access denied (java.net.SocketPermission w
ww1.bipm.org:80 connect,resolve)
        at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:
427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:459)
        at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
        at sun.net.www.http.HttpClient.New(HttpClient.java:287)
        at sun.net.www.http.HttpClient.New(HttpClient.java:299)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLC
onnection.java:792)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConne
ction.java:744)
        at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection
.java:669)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:913)
        at java.net.URL.openStream(URL.java:1007)
        at Time.reinit(time.java:35)
        at Time.init(time.java:27)
        at sun.applet.AppletPanel.run(AppletPanel.java:374)
        at java.lang.Thread.run(Thread.java:595)
java.lang.NullPointerException
        at Time.reinit(time.java:45)
        at Time.init(time.java:27)
        at sun.applet.AppletPanel.run(AppletPanel.java:374)
        at java.lang.Thread.run(Thread.java:595)

Is it possible to get applets to connect to a website at all? I know this piece of code works fine before I put it into an applet.

ressem

tried that and I think it worked.

Yes it's possible.

What step exactly did you carry out?
e.g
you generated a cert,
you generated a jar
you signed the jar
you imported the cert

-
All of section 2 in
http://java.sun.com/security/usingJavakey.html
?

http://java.sun.com/security/signExample12/#doityourself

steviec

Hmm I'm not sure.

I compiled my program, put it in a jar.

Then I generated a keystore and then applied a key to the jar which i think signed it?

I was following the tutorial here:

http://www.cs.princeton.edu/introcs/85application/jar/sign.html

Edit: It does work when I just open the html file in my browser. It's from appletviewer on the command line that I get errors...

MrPinK

You can do it without cert's and signatures by editing your policy file. Run policytool from the command line. Then open up $java_home/jre/lib/java.policy and add a new entry. The codebase is the jar file that your code is in. Click on the drop down menus to give the applet whatever permissions you want.

Hobbes

Been a while since I've done it but isn't the applet only allowed to talk to its parent server?

MrPinK

Hobbes wrote:

Been a while since I've done it but isn't the applet only allowed to talk to its parent server?

By default, yes. But the security manager can be configured to give/restrict permissions to any particular classes, no matter where they're loaded from.