Page 1 of 2 12 LastLast
Results 1 to 20 of 31
Like Tree2Likes

Thread: How to let browser accept the Applet legally

  1. #1
    neo_sharath is offline Member
    Join Date
    Dec 2014
    Posts
    5
    Rep Power
    0

    Default How to let browser accept the Applet legally

    Hi,
    Good morning.

    You guys must already be aware of the common security error we all get on IE/Chrome when we launch applet.
    The common method used by most is to "accept this website as a trusted one" in the Control Panel.

    Error message = Your security settings have blocked this self signed application (attached screenshot)

    I would like to know that what is the legal way of accepting the applet so that all my intranet users will be able to launch the applet without adding it in Control Panel.

    Can we make a certificate ourselves (or) has to go through the Oracle company?
    Can we solve this at the code level by updating the manifest, JAR file? Kindly suggest.

  2. #2
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    You need a code signing certificate. Oracle has nothing to do with your certificates. It's not free though, but the 200 euros per year is worth it if it's a decent application.

    https://duckduckgo.com/?q=code+signing+certificate
    gimbal2 likes this.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  3. #3
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    5,114
    Rep Power
    12

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by neo_sharath View Post
    Can we solve this at the code level by updating the manifest, JAR file? Kindly suggest.
    That's an excellent question. I'll rephrase it: "Can we bypass security measures by just changing some file around?" The answer is no. And this is a very good question because if the answer would have been yes, you should stop using Java immediately.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  4. #4
    neo_sharath is offline Member
    Join Date
    Dec 2014
    Posts
    5
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Thanks SurfMan and GImbal for letting me know about your valuable comments.
    I understand now.

    My web application is used only in the "intranet". In this case; I am looking for a free license option.
    Is this possible?
    Any suggestions if I can make a local license which is valid only within the intranet?

  5. #5
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    It's not about licensing. It's about the browser know who he deals with. As long as you don't have an applet/codebase signed with an official certificate, the browser does not know who wrote the code and will not trust it. And that's a good thing.

    And "only" in the intranet? If people use it, then apparently it's more than just a tic-tac-toe game. It does add value. Go out and find a cheap signing certificate. The GoDaddy one I use is only 160 euros per year. That's cheap for software that is actually used by your company. You pay triple that for a Microsoft Office license and you probably have 40 of those...
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  6. #6
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    5,114
    Rep Power
    12

    Default Re: How to let browser accept the Applet legally

    Yes you can keep it free - by changing the settings of each and every client.

    Repeatedly asking the same question isn't going to change the answers. Applets are locked down with massive security restrictions no matter how you deploy them - the world demanded that Oracle went to those lengths by constantly putting Java in the news as "full of leaks and insecure" and browser developers forced them by automatically blocking Java plugins which were a month old. Now its you who has to pay the price.

    (edit: and Surfbabe makes a good point - its a good thing that they're so secured)
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  7. #7
    pbrockway2 is offline Moderator
    Join Date
    Feb 2009
    Location
    New Zealand
    Posts
    4,717
    Rep Power
    17

    Default Re: How to let browser accept the Applet legally

    I work at a highschool and it's a pita every time the physics teacher comes to me because his favorite app doesn't work...

    I don't blame him, or the (unsigned) applet writer, or Oracle. It's a tragedy of the commons that using a wonderful resource has been made difficult.

  8. #8
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by gimbal2 View Post
    (edit: and Surfbabe makes a good point - its a good thing that they're so secured)
    When I see this I get a mental image of Beaker in a bikini...which can't be right.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  9. #9
    neo_sharath is offline Member
    Join Date
    Dec 2014
    Posts
    5
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Thanks SurfMan and all friends in this thread.

  10. #10
    neo_sharath is offline Member
    Join Date
    Dec 2014
    Posts
    5
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Before going for code signing certificate; I wanted your advice if applet is the only way to achieve my requirement. It is as follows.
    I would like to launch an application hosted on shared drive using my website. e.g.: I have "notepad.exe" on "C:\Windows\notepad.exe".
    Then to launch it; currently, I am using an applet which checks for this software in "C:\Windows" and launches the notepad from my website when the logged user clicks on the button.

    For this is there any other way to achieve it without using a code signing certificate?
    If no, then I will go as suggested in the above.

  11. #11
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: How to let browser accept the Applet legally

    Well, my first question would be why your website needs to be launching applications on the client.
    gimbal2 likes this.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  12. #12
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    I have always loved applets. I recently updated my whole website and had to revisit some of the applets I have there. To my dismay, I couldn't get any of them to work with Java 8 due to unsigned certs. There wasn't any kind of security box pop ups or anything. I downgraded to Java 7 and got the security pop ups back and got them working as they used to. Sad thing is any user with Java 8 wont be able to run the applets.

    Of course, I will look into the certificate, but $200 a year? Eeeck!

    Thanks for the info though!!

  13. #13
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    5,114
    Rep Power
    12

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by Xyle View Post
    Of course, I will look into the certificate, but $200 a year? Eeeck!
    Its around a third of the price of a Smartphone.

    I like the Scrum mentality: judge the weight of things by putting them into perspective rather than just with cold hard lying numbers.
    Last edited by gimbal2; 12-30-2014 at 11:50 AM. Reason: typo
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  14. #14
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    Let it sink in for a few minutes: you just downgraded to Java 7, to avoid the hassle of signing the applet, but it is acceptable to click away lots of security messages? How will your users know which applet is safe? They will instead just develop a habit of clicking "I trust this" on EVERY SINGLE JAVA SECURITY prompt. Users fucking up their systems and IT fixing it will cost a magnitude of the measly fucking $200. I am feeling my bloodpressure rise as I type this. Any manager not understanding this it an ass and should be working at MacDonalds.

    Tell your boss that for $0.55 per day you can have a secure applet running fine in all browsers without the IT department going crazy over security exceptions they have to make and downgrading to old Java versions.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  15. #15
    jim829 is offline Senior Member
    Join Date
    Jan 2013
    Location
    Northern Virginia, United States
    Posts
    6,226
    Rep Power
    13

    Default Re: How to let browser accept the Applet legally

    So some weenies on the internet decide they have to impose this on everyone. Typical nanny state mentality. People can't take care of themselves so someone has to do it for them. The solution is for IT to make the defaults unchangeable by the user and only allow certified applets. But for the rest of us who manage our own devices, let us take the risk if we want too. Of course, it is simple to add an exception to the list so just explain to the users how to do it and leave it at that. However, if your site gets hacked and the apps get changed to do something bad, the users may get very upset. Then the courts will need to determine who is at fault.

    Regards,
    Jim
    The JavaTM Tutorials | SSCCE | Java Naming Conventions
    Poor planning on your part does not constitute an emergency on my part

  16. #16
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    5,114
    Rep Power
    12

    Default Re: How to let browser accept the Applet legally

    Can't we all just... get along!?
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  17. #17
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    Apparently, some people don't have a clue and some don't have an interest about their PC's security. Unfortunately, both categories are responsible for 99% of users on teh interwebs. These people need to be protected from themselves. Browser and plugin makers also know this. So, unsigned Java applets were yanked, browsers and plugins are made to auto-update by default, blocking outdated plugins, for all the same reasons: internet sanity. As we all know, Java is not very quick with releasing updates. And if they do, you probably also get a new version of the Ask toolbar for free!

    Jim, I agree with you on the "don't decide for everyone". But, at this point, somebody needs to tighten security, and it sure ain't the ignorant users doing it!

    As a result, I don't mind buying a certificate every year. My customers don't mind either. Their IT departments love me. My software runs like a charm everywhere a JRE 6 to 8 is installed.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  18. #18
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    That same user that clicked 2 security boxes to allow a game to run in his browser, just let a Pharmaceutical ad from some other website set 50 cookies.

    That makes alot of sense

  19. #19
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,991
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    Hi Neo_Sarath,

    Thanks for the PM. I have posted the PM (and my answer) here since it might help others too.

    Hi SUrfman,
    thanks for your replies to my thread "How to let browser accept the Applet legally".
    I am going to get a certificate from the legal CA. Can you please give me the commands to import this certificate it to my java code? i.e., what all things I need to do once I get the certificate.

    I couldnt get the exact commands or attribute changes that needs to be made from google. My code is in java (applets) used to launch applications via weblink.
    Here's Oracle's story: Signing JAR Files (The Java™ Tutorials > Deployment > Packaging Programs in JAR Files)
    Here's GoDaddy's story: https://support.godaddy.com/help/art...countrysite=nl

    Most vendors have support pages with the full procedure explained.

    What it boils down to is that you create a keystore containing the codesigning certificate, and you use that keystore with the jarsigner tool found in the jdk/bin dir.

    So in steps:
    1 - Create CSR (Certificate Signing Request). This creates a private key. You need this CSR in the buying process.
    2 - Get your certificate
    3 - Create a keystore
    4 - Sign your jars using jarsigner
    5 - ...
    6 - Profit!

    Once you have successfully signed your first jar, you can use the signing in your build process. You would only need to repeat steps 4-6.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  20. #20
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by Xyle View Post
    That same user that clicked 2 security boxes to allow a game to run in his browser, just let a Pharmaceutical ad from some other website set 50 cookies.

    That makes alot of sense
    The difference is, those cookies won't do diddly squat to your machine, whereas that Applet you just gave full write privileges to has just snuck a virus on to it.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

Page 1 of 2 12 LastLast

Similar Threads

  1. Applet for web browser
    By Jet in forum Java Applets
    Replies: 27
    Last Post: 02-01-2014, 11:32 PM
  2. Can't get this to run in browser as applet - Help
    By confusedgirl in forum New To Java
    Replies: 1
    Last Post: 02-02-2013, 03:53 AM
  3. How to run applet in a web Browser?
    By elururajesh3 in forum Java Applets
    Replies: 4
    Last Post: 11-06-2011, 09:34 AM
  4. applet working in applet viewer, not browser
    By plasticfood in forum Java Applets
    Replies: 4
    Last Post: 06-24-2011, 06:47 PM
  5. applet won't run in browser...
    By shwein in forum Java Applets
    Replies: 6
    Last Post: 10-17-2008, 06:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •