Message-Id: <199904201905.MAA15579@laguna.eng.sun.com>
Date: Tue, 20 Apr 1999 12:05:04 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: A question!
To: java-security@java.sun.com, sym@sun.usst.edu.cn
--Ambush_of_Tigers_640_000
Content-Type: TEXT/plain; charset="us-ascii"
Content-MD5: mYnwBS4FD6LQfHouIO5rpA==
X-Sun-Content-Length: 1845
If you want to use the JRE 1.2 security model in your browser,
make sure that the applet html-file on your server has the
appropriate tags that will cause the browser to install the JRE 1.2
(see the attached applet html-file).
> jar cfv signedWriteFile.jar writeFile.class writeFile.html
Also, the applet html-file should not be included in the
applet JAR file. Instead, it should reference the applet JAR file as
it codebase.
If you use the attached file as you applet's html-file, things
should work.
> I put the .java.policy and .keystore on the directory C:\Windows.
You should put those files in the directory referenced by the
"USERPROFILE" NT system property.
Jan
> jar cfv signedWriteFile.jar writeFile.class writeFile.html
>
> step 3:
>
> jarsigner -verbose signedWriteFile.jar sym
>
> step 4:
>
> keytool -export -alias sym -file sym.x509 -rfc
>
>
> client:
>
> step 1:
>
> keytool -import -alias sym -file sym.x509
>
> step 2:
>
> policytool
>
> content of .java.policy :
>
> keystore ".keystore";
>
> grant signedBy "sym", codeBase
"http://202.120.223.12/sym/signedWriteFile.jar" {
> permission java.io.FilePermission "C:${/}writetest", "write";
> };
>
> I put the .java.policy and .keystore on the directory C:\Windows.
>
> I don't know why the signed applet still can't access the client resources.
Perhaps something wrong with my
> operation, but I can't find it. Do we need do some configuration on Server?
>
> Please give me some advices. Thank you!
>
>
> Sincerely
>
> Shi Yongmei
> 99/04/20
>
>
--Ambush_of_Tigers_640_000
Content-Type: TEXT/html; name="signedPluginEx.html"; charset="us-ascii"; x-unix-mode="0644"
Content-Description: signedPluginEx.html
Content-MD5: 4mxyBuVziOg9oFyDzaX75g==
X-Sun-Content-Length: 1525
/tmp/foo
on a Solaris system (or to the file C:\tmpfoo
on a
Windows 95 or Windows NT system.)
and here's the source.
This applet is signed by Duke - if you've configured your system to allow applets signed by Duke to run, go and check your /tmp area! (Or your c: drive, if you're running on a PC.) You'll find a file named "/tmp/foo" (or, on a PC, "tmpfoo"), with an important message from Duke :-)