Signed jar files
The policy file technique does not apply to Web browsers. Before you can execute FileIO in a Web browser, you first store that applet's classfiles in a jar file and digitally sign that jar file.
Signing a jar file
requires a certificate. Although you can purchase a certificate when
you want to distribute an applet commercially, I will show you how to
create a free self-signed certificate (which you only use for testing).
Complete the following steps to create a jar file, to create a
self-signed certificate, and to sign that jar file with the certificate:
Create the jar file: Execute jar cvf FileIO.jar *.class . You end up with a FileIO.jar jar file.
Create a new key in a new keystore: Execute keytool -genkey -keystore myKeyStore -alias me .
Alias "me" is arbitrary. It reminds you that the certificate based on
the keystore is self-signed so you don't accidentally put it into
production.
The keytool
prompts you for information about the new key: It asks you for a
password to protect the keystore. Then it asks you for your name,
department, organization, city, region, and country. This information
will go into the new keystore file— myKeyStore , in this example.
Create a self-signed test certificate based on the keystore: Execute keytool -selfcert -alias me -keystore myKeyStore . Enter the keystore password when prompted.
Sign the jar file with the testing certificate: Execute jarsigner -keystore myKeyStore FileIO.jar me . Enter the keystore password when prompted.
The jarsigner program updates the jar file's META-INF
directory to contain certificate information and digital signatures for
each entry in the archive. If all goes well, you end up with a signed FileIO.jar file.
Note I recommend studying the tools documentation section of the J2SE documentation to learn more about jar , keytool , and jarsigner .
Before executing the applet in a Web browser via the signed jar file, create an appropriate HTML file whose <applet> tag includes an archive attribute identifying the jar file. Listing 4's FileIO2.html should do nicely.
Listing 4. FileIO2.html
<applet archive=FileIO.jar code=FileIO.class width=250 height=250>
</applet>
It's time to execute the applet. Assuming FileIO.jar and FileIO2.html
are located in the c:\temp directory on a Windows machine, start the
Web browser and enter c:\temp\FileIO2.html into that browser's address
bar. After a few moments, a dialog box should appear. That dialog box,
as shown in Figure 2, presents a security warning and asks you to grant
permission to run the applet.
Figure 2. The Java Security Warning dialog box identifies a signed applet. Click on thumbnail to view full-sized image.
Click either the Grant
This Session button or the Grant Always button to proceed. If you're
curious, click the View Certificate button to view the details of the
self-signed certificate that you previously created. Figure 3 shows the
applet embedded in the Firefox browser.
Figure 3. The Web browser alternative to running FileIO in appletviewer
Review
Get ready for a journey into my world of Java-based entertainment. Each installment of Java Fun and Games
focuses on a specific topic that I've found to be entertaining, and
presents one or more Java programs I created while exploring that
topic. Those programs take the form of applets. Some of the applets
will need to access the filesystem (to read/save game stats, for
example). Because filesystem access is forbidden by the JVM's security
manager, policy files and signed jar files are required to circumvent
security concerns. Use policy files to run file-access applets with
appletviewer. But to run them in a Web browser, used signed jar files.