Re: JCE and APPLET

Jan Luehe (Jan.Luehe@Eng)
Mon, 11 May 1998 15:45:28 -0700 (PDT)

Date: Mon, 11 May 1998 15:45:28 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: JCE and APPLET
To: java-security@web1.javasoft.com, ssl-talk@netscape.com, coelho@linf.unb.br

Luciano:

> Is it possible to implement an applet using the JCE API?
> As it has been stablished at the JCE architecture, when
> a block of code makes a call to any getInstance() method,
> the java.security file is read to find a provider which
> implements an engine for the
> class that is being instantiated, right? In
> this case, how could an applet do it? Does it have to be
> signed to, at least, have IO permissions?

The java.security file is parsed when the java.security.Security
class is instantiated. All the "getInstance" calls are routed
through the Security object (the instance of java.security.Security),
which manages the list of registered providers.
Anybody can retrieve that list, it is not subject to any access controls.

> If I want to use my own provider (at the applet, of course), how
> would I do it?

An applet can register its own provider dynamically at runtime,
provided it has the appropriate permission.
Please check

http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html#Securit
y

on how to grant your applet the required permission.

Jan