Pheox - Forums
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Top Downloads] Top Downloads   [Groups] Back to home page 
[Register] Register /  [Login] Login 

How to use JCAPI in applet? RSS feed
Forum Index » General Issues
Author Message
[Post New]22/03/2006 13:54:30
Subject: How to use JCAPI in applet?
[Up] #1
Anonymous


hello,
i'm tried to use JCAPI in applet but it doesn't work. How can i solve this problem, or JCAPI does not work in web applications?

thkx
[Post New]23/03/2006 19:09:02
Subject: Re:How to use JCAPI in applet?
[Up] #2
tommy

Visitor

Joined: May 30, 2005
Messages: 148
Offline
Hello Anonymous,

Of course you can use JCAPI within an applet.
Perhaps you can extend your problem description with more detailed information?

I have made a test applet for you to try out, see applettest.zip. If it doesn't work for you, then please inform us about the problem, and please include the stack trace from your Java console.

Cheers,
Tommy
 Filename applettest.zip [Disk] Download
 Description JCAPI test applet.
 Filesize 214 Kbytes
 Downloaded:  20 time(s)

[Post New]26/01/2007 14:45:04
Subject: Re:How to use JCAPI in applet?
[Up] #3
Anonymous


Hello, Tommy.

I'm new to JCAPI. I need it to access MS keystore from an applet.

I'm getting this exception in this piece of code:

System.out.println("+++ Before getting keystore");
ks = KeyStore.getInstance("msks", "JCAPI");
System.out.println("+++ instance: " + ks.getType());
ks.load(null, null);
System.out.println("+++ ks loaded" + ks.size());

Java output:

+++ instance: msks
java.security.AccessControlException: access denied (java.util.PropertyPermission jcapi.includeNonAccessibleCertStores read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at com.pheox.jcapi.n.b(Unknown Source)
at com.pheox.jcapi.j.a(Unknown Source)
at com.pheox.jcapi.j.c(Unknown Source)
at com.pheox.jcapi.JCAPIKeyStore.engineSize(Unknown Source)
at java.security.KeyStore.size(Unknown Source)
at pruebas.jcapi.AppletFirmaPruebas.getClientCertificates(AppletFirmaPruebas.java:192)
at pruebas.jcapi.AppletFirmaPruebas.try3Times(AppletFirmaPruebas.java:166)
at pruebas.jcapi.AppletFirmaPruebas.signStructure(AppletFirmaPruebas.java:75)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

The JARs I use, are all signed. JCAPI with the sign provided, the others with mine.

I see no great difference between my code and your own examples.

Thanks a lot,
MN
[Post New]26/01/2007 21:41:45
Subject: Re:How to use JCAPI in applet?
[Up] #4
tommy

Visitor

Joined: May 30, 2005
Messages: 148
Offline
Hi MN,

It looks like you've used JCAPI together with an unsigned applet.
Our test applet (just like JCAPI) is signed with a qualified Java code signing certificate (our is issued by Thawte) that is trusted by Java. The Java security model will only allow a "trusted applet" to access vital OS/Java functions. All other applets are considered untrusted and can thus only access a limited set of resources. A quick and small introduction of this subject can be viewed in section 8 Access Control at http://java.sun.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html

In your current situation, there are a couple of possible solutions to overcome your problem:
- Buy yourself a qualified Java code signing certificate and use its associated private key to sign your applet.
or
- Modify your java.policy file to allow certain or all resources available in Java to your applet. This is a dirty fix solution that will only work on your local machine, but it's cheap and will allow testing of your applet until it gets signed and released to your customers. To implement this, add the following lines of code into your java.policy file (here I assume that the file is stored in "C:\Program Files\Java\jdk1.6.0\jre\lib\security" and that your applet is accessed through the URL "http://localhost/applettest". Please modify the URL below to meet your specific environment): 

grant codeBase "http://localhost/applettest/-" {

 permission java.security.AllPermission;

};


Btw, hope JCAPI will meet your needs, and have a nice weekend.

Regards,
Tommy
 
Forum Index » General Issues
Go to:   
Mobile view
Powered by JForum 2.8.3 © 2023 JForum Team • Maintained by Andowson Chang and Ulf Dittmer