Signing' Your Applets
In order to perform restricted actions restricted by the Java security model, e.g., reading and writing to local files or accessing foreign domains, an applet must be signed.
Signing an applet with a self-signed certificate is relatively simple, but the downside is that the user will get a dialog prompt about 'unsigned code'. Signing an applet with a trusted certificate avoids this but requires the purchase ($$$) of a certificate from a certification authority.
Follow these steps to self-sign your applet:
- First we need to generate a key:
At the command line (use 'terminal' [mac] or 'cmd' [win]), enter the following line, then follow the instructions as presented ('myKeyName' can be replaced with whatever name you like):
keytool -genkey -alias myKeyName
Note: 'keytool' is one of the standard java tools (in the same location as 'javac', but you may have to do a search on your computer to find it.
- Next we need to sign ALL the jars in the applet:
For each jar in the exported 'applet' directory, enter the following cmd, replacing myApplet.jar with the name of the jar (if you changed 'myKeyName' above, change it here too):
jarsigner myApplet.jar myKeyName
- Upload and test your applet as usual. You should get a prompt the first time you test, asking if its OK to run it...
- Note: if you have many jars, it is sometimes easier to combine them all into one jar and then sign that one (unzip them all, then create a new zip/jar with all their the contents).
- Some examples: a movie as background and a remote website