I am working on deploying a Java applet on JNLP. The applet functionality works as expected, my problems lie within the security warnings displayed at runtime. Many times I searched for answers to the question of when and why they appear without sufficient answers, so I thought that I would try to get a few answers here.
Premises: My Applet is signed using a self-signed certificate, which is also imported as a trusted CA (a "secure search" warning is displayed). I will use this certificate from Thawte or Verisign in production, but at the moment this should be good enough. No external permissions are required, and disk access is only through JNLP.
Since I want to be able to use FileSaveService and FileOpenService, I specified the j2ee-application-client-permissions tag in the protective part of my JNLP file.
Javascript is used to call public functions in an applet.
This is happening right now: When the applet is loaded, I get a security warning warning that this applet will work with unlimited access to the system. A warning is a trusted view with a blue information display, not a yellow warning. Why am I getting this warning? Will it appear even if I use only JNLP libraries? How is this warning detected by scanning my code or reading some settings that I can change? Is there a list of allowed classes to run without warning?
As soon as the applet loads, and I try to open a dialog with the file, I again get a hint saying that the application requested read / write permissions.
, JNLP, , JNLP. , ? , , ?
, , , ( , !). - , , ?
:
Janela . , , .
<script>
var attributes = {
id:'id',
codebase:'www.mydomain.com/jars/',
width:1,
height:1,
name:"Name"
};
var parameters = {
jnlp_href:"www.mydomain.com/jars/jnlp.jnlp"
}
deployJava.runApplet(attributes, parameters, '1.6');
</script>
JNLP
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="/jars/jnlp.jnlp">
<information>
<title>Title</title>
<vendor>My Company</vendor>
<description>Description</description>
<description kind="short">Desc</description>
<offline-allowed />
</information>
<resources>
<j2se version="1.6+" />
<jar href="ext1.jar" main="false" download="eager"/>
<jar href="ext2.jar" main="false" download="eager" />
<jar href="mainJar.jar" main="true" download="eager"/>
</resources>
<applet-desc
name="name"
main-class="com.myCompany.applet.mainClass"
width="1"
height="1">
</applet-desc>
<security>
<j2ee-application-client-permissions/>
</security>
</jnlp>