signed-applet

Last night a new Java 7 update has been released: 7u65. I have a web application where a service applet is loaded, and after the update, my tests on different PCs did not show issues nor wrong behaviors. Later, I started to receive issue reports related to my product's Java service applet. All the reports came from users who updated Java JRE to 7u65 (from 7u60): The applet was not loading at all. I display a "Loading" screen when the application starts, and this was not being displayed. Also, all the services provided by my Java applet were unavailable. After changing the Java Control Panel's

I've compiled my applet, created a jar file, generated a keystore db with keytool, signed the jar with jarsigner, and exported the public key cert with keytool. Now when I run my applet in the browser it does work, after prompting me if I'm sure I want it to run. The problem is it says "Publisher: UNKNOWN" in the box. Is there anyway I can set that to my alias, since I coded the applet? A 'self signed' certificate is not worth the bits it is written on. If you can make a certificate that claims it is you, I can just as easily forge one. That is why the JRE lists the publisher as 'unknown'. It

Why should I sign my JAR files? I know that I need to sign my client-side JAR files (containing Applets) so that special things like filesystem access can be done, and so that the annoying bit at the bottom of windows doesn't show, but why else? And do I need to sign my server-side JAR files containing Servlets, etc.? Some basic rules for when and when not to sign JARs would be appreciated - thanks! The short answer - don't, unless your company policy forces you to. The long answer Signing jars is effectively telling your customer "I made this, and I guarantee it won't mess up your system. If

Due to tighter security restrictions in 7u51 , due in January, I'm trying to sign my JNLP file. Our application requires certain custom system properties to be set, and the values of some of those properties are different depending on where the applet is being deployed. I would like to avoid having to re-sign the JAR containing the JNLP template for each deployment. The naive approach of putting <property name="my-prop" value="*"/> in the JNLP template does not work. Even with <property name="my-prop" value="fixed-value"/> in the template, I sometimes get a dialog saying "This application is

When I was trying to self-sign in the jar like below. jarsigner -keystore my keystore myjar.jar myalias It gives warning like: No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2014-05-08) or after any future revocation date. Please help to resolve the problem. The recent Java 7 provides a (courtesy?) warning about something which has been in place for a decade... Trusted Timestamping was introducing in Java 5 (2004). The motivation was so that developers would not be

I've a signed applet (which verifies correctly with jarsigner ) that for some reason will not allow copy and paste from the system clipboard into a JTextField despite the documentation telling me that it is supposed to work for signed applets. Furthermore, I've other applets which are signed with the same keyfile that do let me copy and paste text. I have searched high and low on the internet and can't seem to find any clues. What is making me pull my hair out is that there seems to be no way to debug this (no output in the console - no thrown exceptions). Does any one have any ideas on how I

As of Java 7u45 an applet will display a warning message (even if signed with a trusted cert) if a webpage tries to interact with it via javascript and that page isn't listed in the manifest's Caller-Allowable-Codebase attribute. Release notes about this change: http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html Oracle blog post about this bug: https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and Attribute description: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable I have tried just a wildcard (*)