Re: Confused with JAVA security !!!!

Marianne Mueller (Marianne.Mueller@Eng)
Fri, 6 Mar 1998 16:28:29 -0800 (PST)

Date: Fri, 6 Mar 1998 16:28:29 -0800 (PST)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: Confused with JAVA security !!!!
To: swarraj@hotmail.com

> Date: Thu, 05 Mar 1998 13:22:34 -0800
> From: swarraj <swarraj@hotmail.com>
> Mime-Version: 1.0
> To: mrm@Eng
> Subject: Confused with JAVA security !!!!
> Content-Transfer-Encoding: 7bit
>
> Hi !!
> Why i am not able to run ur signed applet example (Duke) on my machine
> with Netscape Navigator 4.04.
> I came to know that there is some problem with DSA vs RSA algorithms,
> but now tell me how to run that example.

Unfortunately the JDK 1.x applet signing and the Netscape 4.x signing
are not interoperable. It has mainly to do with the fact that we are
using the DSA algorithm for signing and they are using the RSA algorithm,
but, there are also some subtle file format differences that presented
problems. These issues are being addressed so that in some future
releases we can have some interoperability.

>
> Actuallly my task is to print from an applet (on client machine) and i
> am facing the security exception problems. I tried by not signing the
> applet and by using Netscape security APIs,and work on unsigned applet
> only. On local machine everything works fine but when that applet is
> ported on the Netscape server runing on the NT machine , i get
> netscape.security.ForbiddenTargetException
>
>
> Will u please tell me what is wrong ??
> Thanks and Regards!!!
>
> Swarraj Kulkarni

I really don't know how to do this on Netscape - sorry! - but if you
are interested in getting started with JDK 1.2, here's a small example
that shows how you will be able to do this with the new improved
security model that is part of 1.2. You'll need to download and use
a copy of JDK 1.2. (I think when 1.2 comes out,
people's best bets will be to gain access to the 1.2 functionality by
using the Activator plugins.) The way we handle granting fine-grained
access control is via external policy files, NOT by changing the source code.
So for example to allow your code to print to some printer, you would grant
permission for your code to do so in an external policy file. you could
grant or deny permissions over time without ever modifying the source
code or the compiled code. In the code snippet below, install the tiny
policy file in a file named .java.policy in your home directory.

For more info on the JDK1.2 security model, see
http://mirror.eng/products/jdk/1.2/docs/guide/security/index.html
(Warning: some of these docs are out of date in the most minor sense -
we are about to come out with the JDK 1.2beta3 release which will
include some doc updates.)

Anyway for more info on netscape's APIs see
http://developer.netscape.com/software/signedobj/index.html

--Marianne

1. PrintApplet.java

import java.awt.*;
import java.util.*;

public class PrintApplet extends java.applet.Applet {

Frame frame = null;
Properties props = null;
TextArea output = null;

public void init() {
frame = new Frame();
props = new Properties();
output = new TextArea(30,60);
add("north", output);
output.append(" To every release, there is a season\n");
frame.pack();
}

public void start() {
show();
Toolkit.getDefaultToolkit().getPrintJob(frame, "name of print job",
props);
}
}

2. PrintApplet.html

<title>Print Applet</title>
<hr>
<applet code="PrintApplet.class" width=400 height=200>
</applet>

3. $HOME/.java.policy

// let any code print
grant {
permission java.lang.RuntimePermission "print.queueJob";
};