I have a Java applet that I need to deploy on my website.
My website has a lot of pages and the applet appears on a number of them. My website's base domain is www.mycompany.com. But the applet will appear on, for example: www.mycompany.com/dog, www.mycompany.com/cat, www.mycompany.com/pen, etc.
The package of the entry point is com.mycompany.MyApplet.
Following the instructions at Java Security Manifest Changes in the Browser, I have created the below manifest for my app. Will someone please review it for me so that I get it correct? Basically I don't want any sort of warning to show up when people try to run my applet from my website.
MANIFEST
Manifest-Version: 1.0
Created-By: 1.7.0_51
Permissions: sandbox
Application-Name: My Farming Business
Application-Library-Allowable-Codebase: www.mycompany.com/where_the_applet_jar_actually_lives
Caller-Allowable-Codebase:www.mycompany.com
Codebase: www.mycompany.com
Presently I get the following dialog after redeploying with the above manifest:
Application Blocked by Security Settings: Your security settings have
blocked an untrusted application from running
Ref: How do I inject new manifest into an existing jar for applet
Also, I have used the following steps to sign my jar:
keytool -genkey -keystore myKeyStore -alias mekeytool -selfcert -keystore myKeyStore -alias mejarsigner -keystore myKeyStore jarfile.jar me
As for the error you get I can think of three possible problems:
1) Your applet does not ask permission for what it is trying to do.
What happens? The "permissions" is telling the user how much "power" does the application have over the user's computer. "sandbox" doesn't let the application do much and "all-permissions" gain the applet a little more control. of course, you would want to use the lowest permission you can (i.e. sandbox) because the lower permission you use, the less warning prompts the user get. However, if, for example your applet is trying to gain access to the user's personal files but it's "permissions" attribute is set to "sandbox" the applet won't work, as it did not ask permission for what it is trying to do.
How to solve it? Simple, just change Permissions: sandbox to Permissions: all-permissions
2) Your computer is not allowing self signed applications to run.
What happens? Most browsers have very strict rules applying to applets. especially if you're requiring all-permissions (which you are not).
How to solve it? Change your java security in java control panel to something lower. you can either search for "java control panel" in your computer or go yourself to this path (windows 8 can't find the java control panel for some reason so you have to look for it yourself) C:\program files\java\jre7\bin\javacpl.exe in the JCP go to security tab and change it to medium.
3) Your operating system doesn't allow you to run applets that you signed your self. (pay attention "applets that you signed your self" not "self signed applets", which is everything that doesn't have an official certificate. Operating systems usually treat them differently.)
How to solve it? Upload the applet to a web host service and enter it from another computer, all computers but the ones you signed the applet with should be able to open the applet.
As for what you mentioned about users not getting any security prompts, it is an almost impossible demand. With the variety of OS, browsers and anti-viruses you can never know. However, there are a few methods in which you can reduce the amount of security prompts:
- Self signed applets (self signing is what you did with the command prompt) are very likely to always show security prompts. You can buy an official SSL and it will reduce the amount of prompts significantly.
- If you are requiring "all-permissions" you'll get much more prompts than if you require "sandbox" permissions.
I highly recommend you to look at the following links:
SSL: Where could I buy a valid SSL certificate?
Permissions: http://docs.oracle.com/javase/tutorial/deployment/applet/security.html
If you've got problem number 1 that would be the manifest file:
Manifest-Version: 1.0
Created-By: 1.7.0_51
Permissions: all-permissions
Application-Name: My Farming Business
Application-Library-Allowable-Codebase: www.mycompany.com/where_the_applet_jar_actually_lives
Caller-Allowable-Codebase:www.mycompany.com
Codebase: *
Eitherwise (If your problem is 2 or 3), you don't even have to change the manifest file.
As @tigran mentioned, if you want to run your applet from several different places you'd probably want to change "codebase" to *.
You need to change the permission section to get it to work:
Manifest-Version: 1.0
Created-By: 1.7.0_51
Permissions: all-permissions
Application-Name: My Farming Business
Application-Library-Allowable-Codebase: www.mycompany.com/where_the_applet_jar_actually_lives
Caller-Allowable-Codebase:www.mycompany.com
Codebase: *
Permissions: all-permissions is the key part.
I signed a java applet here and it worked fine. It runs in the browser.
The steps to generate the key and sign the applet were (it is slightly different from your steps):
keytool -genkey
keytool -selfcert
//here the trick...it actually created another jar !
jarsigner -signedjar tecladoVirtualSigned.jar tecladoVirtual.jar mykey
This new applet runs. The old app (not signed) shows that permission problem.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 仙女界的扛把子 的文章《How do I write a manifest file for the new java se》','https://www.manongdao.com/article-592833.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}