Signed jar files

Signed jar files

The policy file technique does not apply to Web browsers. Before you can execute FileIO in a Web browser, you first store that applet's classfiles in a jar file and digitally sign that jar file.

Signing a jar file

requires a certificate. Although you can purchase a certificate when

you want to distribute an applet commercially, I will show you how to

create a free self-signed certificate (which you only use for testing).

Complete the following steps to create a jar file, to create a

self-signed certificate, and to sign that jar file with the certificate:

Create the jar file: Execute jar cvf FileIO.jar *.class . You end up with a FileIO.jar jar file.

Create a new key in a new keystore: Execute keytool -genkey -keystore myKeyStore -alias me .

Alias "me" is arbitrary. It reminds you that the certificate based on

the keystore is self-signed so you don't accidentally put it into

production.

The keytool

prompts you for information about the new key: It asks you for a

password to protect the keystore. Then it asks you for your name,

department, organization, city, region, and country. This information

will go into the new keystore file— myKeyStore , in this example.

Create a self-signed test certificate based on the keystore: Execute keytool -selfcert -alias me -keystore myKeyStore . Enter the keystore password when prompted.

Sign the jar file with the testing certificate: Execute jarsigner -keystore myKeyStore FileIO.jar me . Enter the keystore password when prompted.

The jarsigner program updates the jar file's META-INF

directory to contain certificate information and digital signatures for

each entry in the archive. If all goes well, you end up with a signed FileIO.jar file.

Note I recommend studying the tools documentation section of the J2SE documentation to learn more about jar , keytool , and jarsigner .

Before executing the applet in a Web browser via the signed jar file, create an appropriate HTML file whose <applet> tag includes an archive attribute identifying the jar file. Listing 4's FileIO2.html should do nicely.

Listing 4. FileIO2.html

<applet archive=FileIO.jar code=FileIO.class width=250 height=250>

</applet>

It's time to execute the applet. Assuming FileIO.jar and FileIO2.html

are located in the c:\temp directory on a Windows machine, start the

Web browser and enter c:\temp\FileIO2.html into that browser's address

bar. After a few moments, a dialog box should appear. That dialog box,

as shown in Figure 2, presents a security warning and asks you to grant

permission to run the applet.

Figure 2. The Java Security Warning dialog box identifies a signed applet. Click on thumbnail to view full-sized image.

Click either the Grant

This Session button or the Grant Always button to proceed. If you're

curious, click the View Certificate button to view the details of the

self-signed certificate that you previously created. Figure 3 shows the

applet embedded in the Firefox browser.

Figure 3. The Web browser alternative to running FileIO in appletviewer

Review

Get ready for a journey into my world of Java-based entertainment. Each installment of Java Fun and Games

focuses on a specific topic that I've found to be entertaining, and

presents one or more Java programs I created while exploring that

topic. Those programs take the form of applets. Some of the applets

will need to access the filesystem (to read/save game stats, for

example). Because filesystem access is forbidden by the JVM's security

manager, policy files and signed jar files are required to circumvent

security concerns. Use policy files to run file-access applets with

appletviewer. But to run them in a Web browser, used signed jar files.