0

I've a simple HelloWorld applet, I am embedding that in the HTML. It worked fine. But I put the applet in the jar and signed the jar, but it does not load saying "Self signed jars can't be supported" I am signing using ICA issued cert. More over we never faced this issue before 1.7.51 version. BTW : I went through Oracle Documentation on adding parameters

According to it I tried to add following attributes in the signed MANIFEST.MF namely : Permissions: sandbox, Trusted-Library: true but this also did not help. I am not sure I'am missing something.

Manifest looks like this :

Manifest-Version: 1.0
Trusted-Library: true
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Codebase: *

Created-By: 1.7.0_45 (Oracle Corporation)

Name: HelloWorld$1.class
SHA1-Digest: xcxzcbxzcbxzcbxzcb=

Name: HelloWorld.class
SHA1-Digest: xaadfasfdasdfsafd=

Adding console logs :

com.sun.deploy.security.BlockedException: Your security settings have blocked a self-signed application from running
    at com.sun.deploy.security.SandboxSecurity.showBlockedDialog(Unknown Source)
    at com.sun.deploy.security.TrustDecider.askUser(Unknown Source)
    at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)

enter image description here Thanks. JE

java_enthu
  • 2,279
  • 7
  • 44
  • 74

2 Answers2

0

The Trusted-Library entry is relevant only before Java 1.7.45. Since that you need to add the parameters mentioned in that question.

Community
  • 1
  • 1
jan
  • 2,741
  • 4
  • 35
  • 56
  • I went through the link and I also updated the manifest. But still I see that applet is not loading. I've updated Manifest file in the question now ! – java_enthu May 07 '14 at 13:58
  • @java_enthu Please specify what exactly does do you mean with "not loading". Can you upload a screenshot or paste the exception from the java applet console? – jan May 07 '14 at 15:48
  • @java_enthu Which security settings have you choosen in the java control panel? You said this is not an self signed certificate. Please try to install it to the java trusted authorities and retry. – jan May 07 '14 at 15:53
  • This is not a self signed cert. and security is default (High, minimum recommended) – java_enthu May 07 '14 at 15:54
  • @java_enthu Well the error does say that. So whether you signed wrong or you bought one, that root CA is not in the default list of the trusted authorities. You can verify that by copying it directly to the trusted ones. – jan May 07 '14 at 15:56
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/52224/discussion-between-jan-and-java-enthu) – jan May 07 '14 at 15:58
0

Well I found the solution for this :

Check following three things.

1) Certificate has valid chain upto root and CA/ICA are public root.
2) Manifest.MF must have 2 attributes.
  • Codebase: < location/hostname on which you are going to deploy your jar>
  • Permissions: One of two values (Sandbox or all-permissions)

Check more information here.

java_enthu
  • 2,279
  • 7
  • 44
  • 74