My project is to use applets to create a real-time message Queue monitoring program, because of the local resources involved, the applet must be digitally signed and authenticated. I use the environment is WINDOWS2000, the application server is WEBLOGIC6.0, the development environment is JBUILDER4.0. Before I remind you to be sure to pay attention to the server side and the concept of the client. Those files should be on the server side, those files should be on the client.
First on the client to use JRE1.3.0_01 (Java running Environment 1.3.0.1 version) to replace the IE JVM (Java Virtual machine), you can go to the WWW.JAVA.SUN.COM website to download, the download is good to install the client first, the installation process is very simple.
In the server side of the call applet's HTML file also need to include it in order to install the JRE without prior installation of the client download, the specific wording, please continue to look down;
The specific steps are as follows:
Server side:
1. Unzip all of the package files that the program needs to use (I'm using the WebLogic JMS package with the command Jar XF Weblogicc.jar), and then use the JDK's pack and go command to compile the monitor. Class is packaged in a package with the package just unpacked. (If I have both the monitor and the unpacked package in the same directory), are DOS commands, the specific commands see jdk1.3 (1.2) in the bin directory,
The order is as follows:
Jar CVF Monitor.jar *.class
This command generates a package named Monitor.jar
2. Create the KeyStore and keys for the package file (Monitor.jar) you just created. Among them, KeyStore will be used to store the keys (private keys) and public key authentication, alias aliases here for Monitor.
The order is as follows:
Keytool-genkey-keystore Monitor.keystore–alias Monitor
This command generates a KeyStore file named Monitor.keystore, and then this command, the system will ask you many questions, such as your company name, your address, you want to set the password and so on, all by their own casually write.
3. Sign the jar file with the key you just generated
The order is as follows:
Jarsigner-keystore Monitor.keystore Monitor.jar Monitor
This command will sign the Monitor.jar file and will not generate a new file.
4. Import the public key into a CER file, which is the only file to copy to the client.
The order is as follows:
Keytool-export-keystore Monitor.keystore-alias Monitor-file Monitor.cer
This command will generate the Monitor.cer authentication file, of course, these steps are likely to ask you just set the password. This completes the server-side settings. You can then copy the jar file and the KeyStore file and the CER file (I'm monitor.jar,monitor.keystore,monitor.cer here) to the server directory. I used weblogic6.0, so I copied it under C:eawlserver6.0configmydomainapplicationsdefaultwebapp_myserver's own directory.
Client:
1. You should first install JRE1.3.0_01, and then copy the server-side generated monitor.cer files to a specific directory of the JRE, which I am here:
C:Program the filesjavasoftjre.3.0_01libsecurity directory.
2. Pour the public key into the JRE Cacerts (this is the default keystore for the JRE)
The order is as follows:
Keytool-import-alias Monitor-file Monitor.cer
-keystore Cacerts
Note that you are required to enter the Cacerts password, which should be changeit instead of the keystore password you set yourself.
3. Modify the policy policy file and use the command in DOS Policytool
The system automatically pops up a Policytool dialog box, as shown in Figure 4, where you first select the open item of the File menu to open the C:Program filesjavasoftjre.3.0_ The Java.poliy file in the 01libsecurity directory, then select Change KeyStore in the Edit menu, and in the dialog box, enter the new KeyStore URL:
File:/c:/program Files/javasoft/jre/1.3.0_01/lib/security/cacerts, here you should pay attention to the backslash, enter JKS in the new KeyStore type, This is a fixed format for cacerts, and then click Add Policy Entry, and in the dialog box that appears, enter in codebase:
http://url:7001/*
The URL is the IP address of the server, 7001 is my weblogic port, if you are on another application server, such as Apache, the port number can be omitted.
Type in Signedby (alias alias): This is monitor and then click the Add Peimission button, and in the dialog box that appears, select the permissions you want to give to this applet, here are a number of permissions, readers can find their own information to see. I'm going to use allpeimission, right signedby. Enter Alias: monitor
Last saved, in the Save item on the File menu.
Of course you can see that I have implemented a signature authentication for multiple packages.
This completes the client's setup. When the client uses IE to run the applet program, it will ask you whether the signing authorization, select authorization, the package will automatically download from the server to the local computer, and IE will automatically start the JRE, in the lower right column can be seen, the equivalent of IE Java console.
4. Calling an applet's HTML file
As you all know, because of the security of JAVA2, the HTML file for the applet's normal invocation is no longer available, but it can be changed to an ActiveX type call. Specific to the different ways IE and nescape, which can be found on the sun on the ready-made tutorials. I will not say more, just my small program for IE wrote the HTML for everyone to see.
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<center>
<object classid= "Clsid:8ad9c840-044e-11d1-b3e9-00805f499d93"
Width= "900" height= "520" align= "Baseline" codebase= "http://192.168.2.217:7001/j2re-1_3_0_01-win-i.exe#Version=1,3,0,0"
<param name= "Java_code" value= "Wise.monitor.applet.monitorApplet"
<param name= "Java_codebase" value= "monitor/classes"
<param name= "Java_type" value= "application/x-java-applet;version=1.3"
<param name= "ARCHIVE" value= "Monitor.jar"
<param name= "scriptable" value= "true"
</OBJECT>
</center>
One of the things I want to emphasize, because every time the applet needs to repackage the signature, procedures are very cumbersome, so in the implementation of a number of changes will be placed in the HTML file, to the applet to go, this point online article a lot, I go to see it.
The other is a friend asked me, then this is not too much trouble, each client has to do a complex DOS command operation, I can only say that one of my current level can only be a good client file CER files and Java.policy and Cacerts files directly copied to the client, of course, this also has a flaw, if someone else's computer has been authenticated, it will be lost. We can discuss these problems together.
There is also a bit of optimization, that is, in the packaging, I only talk about the use of all the security-related packages and source programs to hit a package. So if the package is very large, it will greatly affect the speed of the download, if you can use the local computer package is good, this JRE also do, the specific to the control Panel of the JRE console to set. This leaves the reader to grope for themselves.
Conclusion
I found that the online Java-related information is very small, less Chinese, so I hope that they will be able to share some small knowledge with you, save a lot of repetition of the lack of diligence. If you are not clear about this problem, or further discussion on this issue, please contact me, my mailbox is afeilb@163.net. I hope we can make progress together!
