AWTPermission Denied Error on Signed/Trusted Java Applet

I've been developing an applet which is used to grab image data from a user's clipboard and upload it to a server. This is for an in-house support ticketing system (currently, users can only upload pictures via a file upload page). The code itself seems pretty straight-forward (see below). Here is my development process from beginning to end:

1. Develop the applet in Eclipse
2. Compile it with javac v1.6.0_25: javac UploadClipboardImage.java
3. Create a jar: jar cf UploadClipboardImage.jar UploadClipboardImage.class
4. Sign the jar with a non-expired certificate from our company's CA: jarsigner -storetype pkcs12 -keystore CodeSigningCertificate.pfx -storepass xxxx UploadClipboardImage.jar SigningCertificate
5. As a sanity check, verify the jar: jarsigner -verify -verbose -certs UploadClipboardImage.jar

Finally, I upload the jar and class to the server and link it to the page with:

Code:

---

<APPLET
    ARCHIVE = "UploadClipboardImage.jar"
    CODEBASE = "https://(devsystem)/sandbox/java/"
    CODE = "UploadClipboardImage.class"
    NAME = "UploadClipboardImageApplet"
    WIDTH = 800
    HEIGHT = 500
    HSPACE = 0
    VSPACE = 0
    ALIGN = middle
    MAYSCRIPT>
Your browser does not support Java...
</APPLET>

---

Now, when I load the page, I receive a prompt from Java asking me to provide my own digital certificate, which is signed by the same CA as the applet. I receive another prompt that asks if I want to run code that is both signed and unsigned which I allow. Finally, the applet loads, but returns an error message "errorjava.security.AccessControlException: access denied (java.awt.AWTPermission accessClipboard)"

I read an article here regarding how to run the code in "privileged" mode, but that made no difference.

Thinking this may be a bug in the most recent Java build, I downgraded to JRE/JDK v1.6.0_17, however it yielded the same results.

I'm having trouble understanding two or three things:

1. Why won't the applet run if it has been signed and trusted by the user?
2. Why won't blocking the code as privileged work as a fail-safe?
3. Is this functionality even possible with the added assurance of certificate signing? I've read a lot of contradictory articles, but haven't discovered a straight answer.

Finally, here is the Java as it currently stands:

Code:

---

import java.awt.*;
import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.ClipboardOwner;
import java.awt.datatransfer.DataFlavor;
import java.awt.datatransfer.Transferable;
import java.awt.datatransfer.UnsupportedFlavorException;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.swing.Icon;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JComponent;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.TransferHandler;

import java.applet.*;

public class UploadClipboardImage extends Applet{

    public String str;
    public void init(){
        try{
        str="";
        Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
        Transferable clipData = clipboard.getContents(clipboard);
                       
            if (clipData != null) {
          str=(String)clipData.getTransferData(DataFlavor.stringFlavor);
        }
        }
        catch(Exception e){
        str="error"+e;
        }
    }

    public void start(){}
    public void paint(Graphics g){g.drawString(str,50,50);}
}

---

Go through this discussion.

db