<jsp:plugin type="applet" codebase="/appletclasslocation/"
code="org.identity.protection.DataDownloader.class"
      jreversion="1.4"
name="safeguard" align="top" width="550" height="350">
<jsp:params>
    <jsp:param name="scriptable" value="true" />
    <jsp:param name="MAYSCRIPT" value="true" />
    <jsp:param name="archive" value="<%=str%>" />
    <jsp:param name="Java_archive" value="<%=str%>" />
  </jsp:params>
  <jsp:fallback>Unable to start Java plug-in for applet.
 </jsp:fallback>
</jsp:plugin>

By setting the MAYSCRIPT attribute to true, the applet can access the JavaScript functions on the page, which gives your applet more flexibility.

Stepping Out of the Sandbox: What, Why, and How
The security manager acts as a guard in the JVM. Its job is to prevent access to resources that aren't authorized by the system to the JVM. The security manager would allow the process to access the resources provided it is given the proper privileges.

Listing 3 is an example applet and it fails do the job it's intended do because it can't step out of the sandbox.

You're coding an applet to be used as part of a Web application. In your code you're saving data to the file system. Do you know if this works? You deploy the application and try to test your applet and it fails. It didn't work because you violated Java security by trying to access the client file system. This is when you need a way to step out of the sandbox to perform this operation.

Listing 4 shows the stack trace of the exception that caused the applet to fail to save a file on the client system.

Stepping out of the sandbox involves making your applet code-trustworthy. What does this really means? It means packaging the applet code in a .jar file and signing the JAR using a code-signing certificate from a trusted authority before putting it on the wire for the client.

When the user gets to the page where the applet is coded to run, he will be prompted to give the applet access to step out of the sandbox. Since the code is signed, the user will see the certificate and the origin information of the applet.

Signing the Java Code: Why and How
One reason to sign the Java code is to ensure the origin of the applet for the user. It also means the binary code isn't tampered with in transition or in other ways.

A signed applet can access the client system resources if the user accepts the signer's certificate.

The signing process involves requesting a certificate from a trusted third-party source like VeriSign and using it to sign the code.

Signing Java code involves these steps:

1. Obtaining a code-signing certificate
2. Importing the certificate into the key store
3. Signing the Java code and archive it using a sign tool

Code-Signing Certificate: What and Why
A code-signing certificate is a file issued by an authorized third-party company, such as VeriSign and Thawte, certifying the company to which they issued the certificate.

Companies issuing code-signing certificates take steps to ensure the authenticity of the company to which they issue the certificate.

Some of the things that certificate companies do to validate a company or entity are:

1. They ask for the DUNS number in the certificate request. Dun and Bradstreet (D&B) is a company that provides business information for credit, marketing, and purchasing decisions. Its "data universal numbering system," known as a DUNS, issues unique nine-digit numbers used by businesses and the federal government to keep track of more than 70 million businesses worldwide.
2. They ask for the organizational contact other than the person requesting the certificate. Phone verification is done through that contact.

Figure 2 shows a VeriSign Class 3 code-signing certificate. As you can see it's valid for 10 years from the date of issue. VeriSign offers you the option of buying code-signing certificates with longer validity.

Why do you need to buy a certificate. Why can't I use one I generate myself?

It's because VeriSign and other well-known companies are trusted entities that most people know and can trust. You can't trust a self-generated certificate.

As you can see from the certificate in Figure 2, it makes sure the entity or company to which it is issued is legal and authentic.

Process of Getting a Code-Signing Certificate: How
These are the steps involved in creating a certificate:

1. Using the keytool, a utility that comes with the JDK from Sun Microsystems, generate a CSR file. CSR stands for certificate-signing request.
2. Then submit the CSR file to your preferred certificate vendor.
3. Get the signed certificate from the vendor.
4. Import the certificate into your keystore. Now you're ready to use your certificate to sign Java code.

Automating Code-Signing Process Using Ant: Why and How
The Java code that runs an applet will change. That means every time you have to compile or make a JAR you have to sign it and then deploy it with your Web application.

It makes perfect sense to automate the process of compiling the applet code, making the JAR, and then signing the JAR. This way any code changes in the applet are automatically incorporated in the application.

See Listing 3 for an Ant build target that makes and signs the JAR. This target uses JDK 1.4 jarsigner. As you can see this target also verifies the JAR after signing.

Summary
This article took you on a journey where I hope you have learned how you can make an applet step out of the sandbox. It also discussed code-signing certificates and how to automate the process of signing the code using an Ant build.

Stepping out of the sandbox methodology is useful in advanced web applications. It allows access to client resources so users have a better experience with web application.

References

• Lesson: API and Tools Use for Secure Code and File Exchanges
• Code Signing for Digital IDs - VeriSign