Urgent: Problem with Clipboard in Netscape and Activator

I have written an applet which utilises the system clipboard.

Netscape Browser:
On the local maschine I the clipboard works. In Netscape I get the dialog box for granting/denying the applet's clipboard access.

But when I load the applet from *remote* the Netscape Browser does not ask the user for granting or denying the clipboard access, but in the Java Console I get following message:
netscape.security.ForbiddenTargetException: User didn't grant the UniversalSystemClipboardAccess privilege.

My questions:
Why don't I get the grant/deny-dialog when the applet is loaded from a remote server?

How can I activate the clipboard for remote applets? (Answers with the Netscape prefs-File will not be accepted).

By the way my applet classes are located in a normal zip-Archive (not jar). And no object-signing is used (due to problems for non us-citizens to get a signing-certifcate for private programers).

Befor the clipboard is accessed following command is used to activate the clipboard-access:

Sun Activator:
My applet should also work on the Sun Activator. On the local maschine the clipboard works, but when the applet is loaded from remote I get an exception.

My questions:
How can I utilise the system clipboard in a applet loaded from a remote server?

Is it possible to activate the clipboard from with in the applet, like in Netscape with a grant/deny-dialog box?

Pointing system for obove questions:
In general: all answers must be complete and a step by step manner description.

A answer which *solve* my problem 100% (in all parts Netscape and Activator) will get an additional 100 points (= 200 points).

If the answer lies in signing the jar-archive: The experts which offers an object-signing solution must sign my applet with his Netscape object-signing certificate and will receive an additional 100 points (=200) on a successful test of the clipboard functionality.

Answers with the sun java certificate will receive additional 50 points (=150 points) on successful test.

It is very urgent and I don't have to much time to play around! That's why you get so many points when delivering a good answers.
Who is Participating?
gadioConnect With a Mentor Commented:
e4monschAuthor Commented:
I tried to make a signed applet for the sun activator but it didn't work. Here the files:

# This is a sample certificate directive file.

# the id of the signer

# the cert to use for the signing

# the id of the subject

# the components of the X500 name for the subject
subject.real.name=Ian P. Monsch
subject.org.unit=Software Engineering
subject.org=Technikum Winterthur Ingenieurschule

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=7 Apr 1998
end.date=6 Apr 2002

# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.

# Which signer to use. This must be in the system's database.

# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.  

# Cert chain depth of a chain of certificate to include. This is
# currently not supported.

# The name to give to the signature file and associated signature
# block.  (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.

Batch file to create the jar's:
@ECHO Clean up rubble
del tma_admin_client*.* > NUL
del tma_user_client*.* > NUL
del TMA.x509 > NUL
@ECHO Creates certifcate TMA.x509
javakey -gc cert_dir_TMA
@ECHO Creates signed admin client jar
jar cf tma_admin_client.jar.unsigned \mm\gui\*.class \mm\gui\util\*.class \mm\security\*.class \tma\client\admin\*.class \tma\rmi\*.class \tma\server\*_Stub.class \tma\util\*.class
javakey -gs sign_dir_TMA tma_admin_client.jar.unsigned
del tma_admin_client.jar.unsigned
ren tma_admin_client.jar.unsigned.sig tma_admin_client.jar
@ECHO Creates signed user client jar
jar cf tma_user_client.jar.unsigned \mm\gui\*.class \mm\gui\util\*.class \mm\security\*.class \tma\client\user\*.class \tma\util\*.class
javakey -gs sign_dir_TMA tma_user_client.jar.unsigned
del tma_user_client.jar.unsigned
ren tma_user_client.jar.unsigned.sig tma_user_client.jar

Does anyone discover an error.

Regards Ian

In regard to your first question, you are right, you need to sign your applet (i.e., put all the classes the applet uses which need extra privileges in a signed Java archive).

Netscape display the Grant/Do not Grant dialog only for applets run locally and all teh gigned applets.

I did create signed applets. For that I obtained a certificate from Thawte. The command which I used was:

signtool -k "Certificate name in quotes" -d "Directory where the private key is" -e".class" -Z jar_file_name -c9 .

signtool is available with Netscape. This command signs the .class files and put them into a JAR file using max. compression.

I am not sure about the Activator, but if you can use the Capabilities API with it, the rules are probably the same.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

e4monschAuthor Commented:
Sri, this does not cover all my questions I will reopen again.
May be I get a better answer.

I just made some tests. It seems as if the Sun Activator does not use the javakey database which is utilised by the appletviewer. But how I do I get signed applets running on the activator?

Regards Ian

e4monschAuthor Commented:
msmolyak: Do you still have a valid Netscape Object Signing Certificate? If so, can you sign my applet for my?

Regards Ian
I do, but since it belongs to the company I work for, I am afraid I cannot use it to sign applets not developed here. Generally by singing applet I guarantee that I developed it so that anyone who uses it could decide whether to trust this applet. You can apply for individual signing certificate from Verisign, they are only $20.
e4monschAuthor Commented:
I live in Switzerland and the Versign certificate is only available for US programers. Otherwise I have to pay US$400 for it, but I cannot aford this as student.

The applet is part of a project work for the university I am studying at. It will not be used outside the university campus. I guarantee. Cant you give my a had here. You know that I will give an additional 100 points for it.

You would just have to sign my applets and send them back to me.

Regards Ian

It is not a matter of points, Ian. I think it would be unethical for me to do that since the company trusts me to use its certificate appropriately.

Let me know if I can help you in any other way.

e4monsch, I don't think that msmolyak can help you here since he will be truely endangering the good name of his company and his position. Any damage that you may cause accidently to someone will be his company's responsibilty.
But, since its not for commertial use, what you can do is generate a test certificate with the signtool, and then every user that will want to use that applet, will first have to improt your certificate to his browser. he will have to do that by pressing a link that you will define in the intro page to the applet. If you consider this to solve your problem I'll give you more details.
e4monschAuthor Commented:
Bribing seems not to work. hi.

What about the Thewate-Test-Certificates would those work for object signing or do I really need a Class2 or Class3 Certificate?

Regards Ian

e4monschAuthor Commented:
gadio: Please more information about the signtool. Please describe the procedure and where to get software and certificates.

Regards Ian

e4monschAuthor Commented:
gadio: Please more information about the signtool. Please describe the procedure and where to get software and certificates.

Regards Ian

e4monschAuthor Commented:
gadio: I got the signing tool, but when executing i get the following error message:

d:\signtool\signtool -d . -G TMA

signtool: No certificate database in "."
signtool: Check the -d arguments that you gave

How do I generate the certificate db?

Regards Ian

e4monsch, I'll soon give you an answer, I jest wanted to warn you: you can corupt the db files if you play with the signtool so first back them up. The files are cert7.db and key3.db . They should be in the netscape home dir. On pc it should be in c:/program files/Netscape/Users/myname

Ian, I think what gadio is about to suggest is a good way to do it. Thawte's (they are from South Africa) certificates are cheaper ($200, they do not issue individual certificates as far as I know). They will work fine. If you want a real certificate I can explain you how to get it. Otherwise go with the self-generated one.
First as I said, creat a backup. After that creat another copy and put the copy in another dir in order to work on them. Create the test cert. by the command:
signtool -G MyTestCert -d work_db_dir

work_db_dir is the working copy dir you made. next there are few optional Qs:

certificate common name: Test Object Signing Certificate
organization: Netscape Communications Corp.
organization unit: Server Products Division
state or province: California
country (must be exactly 2 characters): US
username: someuser
email address: someuser@netscape.com
Enter Password or Pin for "Communicator Certificate DB":[Password will not echo]

note that you have to give a password to protect the new certificate.
after that you will get tow files starting with x509 . Keep them - they are important.

now you can sign -

Signing a File
To sign a file using the Netscape Signing Tool, follow these steps:

1.   Create an empty directory.

% mkdir signdir

2.   Put your class files file into it.

3.    Specify the name of your object-signing certificate and sign the directory.

% signtool -k MySignCert -d work_db_dir -Z testjar.jar signdir
using key "MySignCert"
using certificate directory: /u/jsmith/.netscape
Generating signdir/META-INF/manifest.mf file..
--> test.f
adding signdir/test.f to testjar.jar
Generating signtool.sf file..
Enter Password or Pin for "Communicator Certificate DB":

4.   At the prompt, type the password to your private-key database.

     If it accepts the password, signtool responds as follows:

adding signdir/META-INF/manifest.mf to testjar.jar
adding signdir/META-INF/signtool.sf to testjar.jar
adding signdir/META-INF/signtool.rsa to testjar.jar
tree "signdir" signed successfully

5.   Test the archive you just created.

% signtool -v testjar.jar
using certificate directory: /u/jsmith/.netscape
archive "testjar.jar" has passed crypto verification.

           status   path
     ------------   -------------------
         verified   yourclass.class

Note that you still can't use the signed file in the brawser, since you still didn't imported it into the brawser. Start with this I'll soon comment in the following info.

Now, in order to import this you have to have at least one of these options:
1. the web server that your site will be on will be Netscape Enterprise Server 3.0
2. The administrator will let you configure mime type for a cacert extension.
3. You have the ability to run CGI's

Tell me which ones are correct and we will continue.
Also note that most of the info I'm giving you comes from:

e4monschAuthor Commented:
I found it out by myself about 10 minutes ago. Made my own certificate and it worked. Woow, I was happy like a little child on christmas.

gadio: You will get 200 Points (Graded A) for it. Because my Sun Activator problem is still pending, I will open up the question again. But you will get the points, promise. (By the way good snapshot of the netscape developer website).

msmolyak: Why didn't you mention the signtool before?

Ok guys, who of you can help me with the sun activator? So far I was able to sign my applet with the javakey and it worked with the appletviewer, but it did not work with the sun activator. I was told by sun that I should place the identitydb.obj in the user profile dir, but it did not help. Who can help.

Regards Ian

e4monschAuthor Commented:
gadio: Please mark this question as answer, so I can give you the points.

Regards Ian

e4monschAuthor Commented:
Adjusted points to 200
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.