Hi,
We have been successfully using JCAPI in an applet, to sign files in user's local disk. Our applet has no GUI, so interaction with user is via JavaScript.
Since Java 6 update 19, if an application uses signed and unsigned code, signed jars that are allowed to be used from unsigned code, should have a Trusted-Library attribute set to true in their manifest. Else, the JVM will pop a warning that recommends the user to not execute the app.
Trusted library classes are loaded through a separate classloader. The rest of the app can "see" that trusted code, but trusted code cannot "see" code not marked as "trusted library".
http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html
Since Java 7 update 21/Java 6 update 45, if signed code is invoked from JavaScript, it is considered as mixed code. So our application is now considered mixed code.
If we add the Trusted-Library to our jars and sign them, there are no warnings, but as JCAPI is not a "trusted library", our code cannot "see" any of JCAPI classes (a ClassNotFoundException is thrown).
There is a workaround, but it involves messing with classloaders. It would be much more easy that JCAPI manifest includes Trusted-Library attribute set to true. I think it is coherent with JCAPI purpouse, and lot of users will benefit from it.
Do you have plans to include a Trusted-Library attribute in the manifest, in both 1.x and 2.x versions?
Thanks in advance.
![[Search]](/templates/pheox/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/pheox/images/icon_mini_recentTopics.gif){kind=icon}
![[Groups]](/templates/pheox/images/icon_mini_groups.gif){kind=icon}
![[Register]](/templates/pheox/images/icon_mini_register.gif){kind=icon}
![[Login]](/templates/pheox/images/icon_mini_login.gif){kind=icon}
![[Post New]](/templates/pheox/images/icon_minipost_new.gif){kind=icon}
![[Up]](/templates/pheox/images/icon_up.gif){kind=icon}
