Applet digital signature, granting access to local resources

Visit this article to introduce the applet digital signature to grant access to local resources.

Step one: Make the Applet class into a jar package
For example, execute the following statement on the command line:

　　JAR-CVF Myapplet.jar Class

Step Two: (Embed the applet in the Web page) (see Appendix for how to embed the Apple method in HTML)
Here's how to embed the applet section:

＜APPLET
CODEBASE = "."
CODE = "jcomponent.FileReaderApplet.class"
ARCHIVE ="MyClass.jar"
NAME = "TestApplet"
WIDTH = 400
HEIGHT = 300
HSPACE = 0
VSPACE = 0
ALIGN = middle
＞
＜/APPLET＞

Step Three: (Generate certificate and signature)

　　 1, keytool-genkey-keystore pepper.store-alias Pepper
This command is used to generate a keystore, after execution should produce a Pepper.store file in the c:/admin, here pepper is my own name, you can modify it. Also in the execution of the command when there are prompts you to enter the secret key library password, here you must remember, or later to use when you can not enter.

　　 2, Keytool-export-keystore Pepper.store-alias pepper-file Pepper.cert
This command is used to generate the certificate to use when signing, and the pepper here can also be replaced by the name you need. After this command is executed, a Pepper.cert file is generated in the c:/admin.

　　 3, Jarsigner-keystore pepper.store Myapplet.jar Pepper
This command uses the certificate generated above to sign our jar file.

Step four: Create a new policy file and add the policy file (modify file)

1, in the c:/admin to produce a file called Applet.policy, its contents are as follows:
keystore "FILE:C:/admin/pepper.store", "JKS";
Grant Signedby "Pepper"
{Permission Java.io.FilePermission "< >", "read"; =;
This file allows the applet signed by Pepper to have Read permission on all local files.

2, modify the java.security in the ${java.home}/jre/lib/security directory, find the following two lines:
Policy.url.1=file:${java.home}/lib/security/java.policy
Policy.url.2=file:${user.home}/.java.policy

Add the third line below
　　 Policy.url.3=file:c:/admin/applet.policy
The Applet.policy file we created earlier is only valid when this modification is completed.

Step five: (Convert HTML file)
Run the HTMLConvert tool mentioned earlier to convert the original filereaderapplet.html into the following form:

!--"Converted_applet"-->
!--CONVERTER VERSION 1.3-->
<object classid= "Clsid:8ad9c840-044e-11d1-b3e9-00805f499d93"
WIDTH = HEIGHT = $ NAME = "Testapplet" ALIGN = middle Vspace = 0 hspace = 0 codebase= "http://java.sun.com/products/p" lugin/1.3/jinstall-13-win32.cab#version=1,3,0,0 ">
<param NAME = CODE VALUE = "JComponent." Filereaderapplet.class ">
<param NAME = CODEBASE VALUE = "."
<param NAME = ARCHIVE VALUE = "Myapplet.jar" >
<param name = Name VALUE = "Testapplet" >

<param name= "type" value= "application/x-java-applet;version=1.3"
<param name= "scriptable" value= "false" >
<COMMENT>
<embed type= "application/x-java-applet;version=1.3" CODE = "jcomponent". Filereaderapplet.class "CODEBASE =". ARCHIVE = "Myapplet.jar" NAME = "Testapplet" WIDTH = HEIGHT = ALIGN = Middle Vspace = 0 hspace = 0 scriptable=fals E pluginspage= "http://java.sun.com/products/plugin/1.3/plugin-install.html" > <NOEMBED> </COMMENT>

</NOEMBED> </EMBED>
</OBJECT>
!--
<applet CODE = "JComponent." Filereaderapplet.class "CODEBASE =". ARCHIVE = "Myapplet.jar" WIDTH = HEIGHT = = = "Testapplet" ALIGN = middle Vspace = 0 hspace = 0 >

</APPLET>
-->
!--"End_converted_applet"-->

We don't see the complexity of writing here, but these are all automatically implemented by the HTMLConvert tool. This tool has two modes of operation, command-line and graphical.

OK, now this applet can run the ability to read and write files. If you want to consider implementing this applet on the Internet, you do not need to do the above steps on all clients, you only need to create a directory on your server, such as c:/admin, to map this directory to www.testApplet.com/admin. Here the www.testApplet.com is a hypothetical URL that will Pepper.cert, Pepper.store, filereaderapplet.html, Myapplet.jar and Applet.policy are placed in this directory, and then modify the Applet.policy file as follows:
KeyStore "http://Www.testApplet.com/admin/pepper.store",

"JKS"; Grant Signedby "Pepper" {Permission java.io.FilePermission "< >", "read";};

3, and each client only needs to modify their ${java.home}/jre/lib/security directory under the Java.security file is as follows:
Policy.url.1=file:${java.home}/lib/security/java.policypolicy.url.2=

file:${user.home}/.java.policypolicy.url.3= http://Www.testApplet.com/admin/applet.policy

Of course, each client still needs to install the JRE.

Appendix: About hhtml Embedding the Applet method into Jar pack

Questions about HTML embedding applets
Introduction to the properties of labels
　 Property meaning 　　　　
Width applet on an HTML page
Height applet on an HTML page
Name applet on the HTML page, used for multiple applets on an HTML page of the zone name
Code Applet class name, must have suffix "class" when there is no attribute archive, write the class name directly when there is a property archive, you must take the package name
The class relative path of the Codebase applet, relative to the HTML page position
FileName of the jar package where the Archive applet resides

　Introduction to Tags < param> properties
　Property meaning 　　　　
Name of the parameter passed by the name applet
Parameter values passed by the value applet

When the applet is embedded in a class file
Property code ==========applet Class name, must be with suffix name
Property codebase---------------The relative path of the class file relative to the HTML page

　Applet for a jar package, embedded HTML writing
Property code ==========applet class name, including package name
Property codebase----------------The relative path of the Applet jar package relative to the HTML page
Property Archive-----------------------Applet jar package file name