Pheox - Forums

Navigation
Forum Index Search Recent Topics Hottest Topics Top Downloads

Register / Login  |  Desktop view  |  Jump to bottom of page

General Issues » How to use JCAPI in applet?

Author: Anonymous, Visitor
22/03/2006 13:54:30
hello,
i'm tried to use JCAPI in applet but it doesn't work. How can i solve this problem, or JCAPI does not work in web applications?

thkx

Author: tommy, Visitor
23/03/2006 19:09:02
Hello Anonymous,

Of course you can use JCAPI within an applet.
Perhaps you can extend your problem description with more detailed information?

I have made a test applet for you to try out, see applettest.zip. If it doesn't work for you, then please inform us about the problem, and please include the stack trace from your Java console.

Cheers,
Tommy

Filename applettest.zip
Description JCAPI test applet.
Filesize 214 Kbytes
Downloaded 20 time(s)
[Disk] Download


Author: Anonymous, Visitor
26/01/2007 14:45:04
Hello, Tommy.

I'm new to JCAPI. I need it to access MS keystore from an applet.

I'm getting this exception in this piece of code:

System.out.println("+++ Before getting keystore");
ks = KeyStore.getInstance("msks", "JCAPI");
System.out.println("+++ instance: " + ks.getType());
ks.load(null, null);
System.out.println("+++ ks loaded" + ks.size());

Java output:

+++ instance: msks
java.security.AccessControlException: access denied (java.util.PropertyPermission jcapi.includeNonAccessibleCertStores read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.lang.Boolean.getBoolean(Unknown Source)
at com.pheox.jcapi.n.b(Unknown Source)
at com.pheox.jcapi.j.a(Unknown Source)
at com.pheox.jcapi.j.c(Unknown Source)
at com.pheox.jcapi.JCAPIKeyStore.engineSize(Unknown Source)
at java.security.KeyStore.size(Unknown Source)
at pruebas.jcapi.AppletFirmaPruebas.getClientCertificates(AppletFirmaPruebas.java:192)
at pruebas.jcapi.AppletFirmaPruebas.try3Times(AppletFirmaPruebas.java:166)
at pruebas.jcapi.AppletFirmaPruebas.signStructure(AppletFirmaPruebas.java:75)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

The JARs I use, are all signed. JCAPI with the sign provided, the others with mine.

I see no great difference between my code and your own examples.

Thanks a lot,
MN

Author: tommy, Visitor
26/01/2007 21:41:45
Hi MN,

It looks like you've used JCAPI together with an unsigned applet.
Our test applet (just like JCAPI) is signed with a qualified Java code signing certificate (our is issued by Thawte) that is trusted by Java. The Java security model will only allow a "trusted applet" to access vital OS/Java functions. All other applets are considered untrusted and can thus only access a limited set of resources. A quick and small introduction of this subject can be viewed in section 8 Access Control at http://java.sun.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html

In your current situation, there are a couple of possible solutions to overcome your problem:
- Buy yourself a qualified Java code signing certificate and use its associated private key to sign your applet.
or
- Modify your java.policy file to allow certain or all resources available in Java to your applet. This is a dirty fix solution that will only work on your local machine, but it's cheap and will allow testing of your applet until it gets signed and released to your customers. To implement this, add the following lines of code into your java.policy file (here I assume that the file is stored in "C:\Program Files\Java\jdk1.6.0\jre\lib\security" and that your applet is accessed through the URL "http://localhost/applettest". Please modify the URL below to meet your specific environment): 

grant codeBase "http://localhost/applettest/-" {

 permission java.security.AllPermission;

};


Btw, hope JCAPI will meet your needs, and have a nice weekend.

Regards,
Tommy




Register / Login  |  Desktop view  |  Jump to top of page