Browsers JVM access to the security packages

Segev Levi (segevl@radware.co.il)
Thu, 10 Dec 1998 17:47:07 +0200

Hi,

I worte a client-server application which uses serialization to transfer
objects over the net (it's a big Web-Based Network Management System).
The application is activated through an HTML file by a CGI protocol. Meaning
you have to access an HTML file with a Web browser in order to activate the
application, which of course resides on the server. After the application
has been started the client creates independant communication channels with
the application running on the server.

I used JDK-1.1.6 and wanted to authenticate the objects each side gets.
Since it is all activated through the applet the browser has to import and
interpret all the classes I need to use at the client side. Those classes
include, for example, the DSAPublicKey class.

I used to get security exceptions and to my surprise I was told that the
browser JVM, running an applet, dosn't have access to the "sun.security"
package that I use to authenticate the objects.
I checked, and found it to be correct. When I ran it as a client-server (not
activated through an applet, but real client-server application) it worked
perfectly.
Using the Java Plug-In didn't help as well, of course (if the browser is not
permitted to access those classes, the Java Plug-In won't help).

What I'd like to know is, what is the right way to do this thing?.
Is there a way to enable the browser access to those classes?
How else can I authenticate the objects I send over the net?
Is JDK 1.2 helps me in any way?

Thanks in advance,
Segev Levi.