[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 389
  • Last Modified:

Suppress: JFrame security warning?

Hi,

I want to get rid off the yellow warning line at the buttom of the applet spawned JFrame.  I use JDK 1.2.2 with Java plug-in.  
 
Scenario.  A user loads a JDK 1.2.2 Swing applet in a browser.  This applet creates a separate Swing JFrame window (javax.swing.JFrame).  The JFrame window has a yellow line "Warning: Applet Window".  I want to be able to remove this line.  
 
The solution should work in MS IE and Netscape.

How do suppress the yellow warning line?

Thanks,

Alex Koifman
 
0
akoifman
Asked:
akoifman
  • 6
  • 2
1 Solution
 
vladi21Commented:
You must sign applet

Code signing resources:

Frequently Asked Questions - Java Security
http://java.sun.com/sfaq/
What Applets Can and Can't Do
http://java.sun.com/docs/books/tutorial/applet/overview/security.html
Security Restrictions
http://java.sun.com/docs/books/tutorial/applet/practical/security.html

Creating Signed, Persistent Java Applets
http://www.ddj.com/articles/1999/9902/9902h/9902h.htm
http://java.sun.com/security/signExample/index.html 
http://www.verisign.com/library/guide/developer/signing/index.html
http://www.suitable.com/Doc_CodeSigning.shtml
http://www.securingjava.com/appdx-c/
java how-to http://tactika.com/realhome/javaht/java-s1.html
Java Signing FAQ  http://www.fastlane.net/~tlandry/javafaq.txt
http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/index.html 


MS:
http://www.thawte.com/support/developer/ms.html
http://www.developer.com/journal/techworkshop/curr.html
http://www.verisign.com/library/guide/developer/authenticode/index.html
http://msdn.microsoft.com/library/psdk/crypto/cryptotools_6cdv.htm
http://msdn.microsoft.com/library/psdk/crypto/portaltool_3u3p.htm

NN:
http://developer.netscape.com/docs/manuals/signedobj/
http://developer.netscape.com/docs/manuals/signedobj/javadoc/Package-netscape_security.html
http://developer.netscape.com/docs/manuals/signedobj/targets/contents.htm
http://developer.netscape.com/support/faqs/objfaq.html
http://developer.netscape.com/docs/manuals/deploymt/4_5PREFS.HTM

NN: Bypass the need for a certificate
Netscape provides a way to accept a codebase as trusted (then a certificate is not needed). This can be useful during development or in a private Intranet. In the Netscape Users directory, there is a file called prefs.js. Adding the line user_pref("signed.applets.codebase_principal_support", true);

will enable JAR file without a certificate to request privileges on your machine. If you agree, it will be possible for an Applet to lauch a program, write a file on your hard disk or print on the printer. You will still have to ask for privileges in your program using the Netscape capabilites classes.
Another way is to lower general security setting to more allow more freedom when running applets locally. Add or modify the following entries in the prefs.js: user_pref("unsigned.applets.low_security_for_local_classes", true);
user_pref("signed.applets.local_classes_have_30_powers", true);
user_pref("signed.applets.low_security_for_local_classes", true);
user_pref("signed.applets.verbose_security_exception", true);


Then you don't need to asked for privileges for local classes.
When adding or modifying the file prefs.js, Netscape must not be running because your modification will be overwritten. So shut down Netscape, edit the prefs.js and then restart Netscape.
0
 
akoifmanAuthor Commented:
If I have my applet signed, will a user be prompted with a dialog about applet security (trusted applet) every time it runs the applet?  If yes, then it is very annoying.  Can I bypass that?

Thanks again,

Alex.
0
 
vladi21Commented:
in ideal case - it will be at first time only
also user can check checkbox("Always trust YourCompany")
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
akoifmanAuthor Commented:
You mean only the first time user runs the applet, or first time the applet appears in the browser window (but with each browser invocation)?

I am using Java plug-in.  DOes it make it easier to get rid of the warning?  Possibly programatically?

Thanks again,

Alex.
0
 
vladi21Commented:
if u use plugin look
http://java.sun.com/security/signExample/index.html
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/index.html


but i never try it :)

but I  have made it for IE and NN without plugin
0
 
vladi21Commented:
Unfortunately the Java Development Kit (JDK TM) 1.1 signing and verification is not supported by the web browsers (NetscapeTM's and Microsoft's.) It is supported in HotJavaTM, http://java.sun.com/products/hotjava and appletviewer.

You can use the JavaTM Plug-in in the browsers to get access to more recent JDK technology, http://java.sun.com/products/plugin. You can run 1.1.x signed applets with the Plug-in plugged into the browsers.
0
 
vladi21Commented:
do u still have problems?
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now