> My question is simple. I've signed my own jar file that contains my
> applet, but it depends on other jar files such as the swingall.jar. Does
> swingall.jar have to be signed as well?
Not necessarily. If the classes in swingall.jar are not signed,
they will be assigned to a different protection domain which
may not have the same permissions as the classes in the signed
JAR file.
Remember: A protection domain encapsulates 2 pieces of information:
the codesource (this is where the classes came from, and who signed
them), and the permissions granted to it.
Every class is assigned to exactly one protection domain as it is
loaded from its JAR file.
Check
http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc.
html
to see how protection domains are used when making access control
decisions.
Jan