Spec-Zone .ru
спецификации, руководства, описания, API
|
This section covers the following topics:
To deploy RSA signed applets:
archive
, cache_archive
,
or cache_archive_ex
format. See Applet
Caching.
When users of Java Plug-in encounter an RSA signed applet, the Plug-in will verify whether:
If the applet is correctly signed and the RSA certificate chain and root CA are valid, the Plug-in will pop-up a security dialog telling the user and providing four options:
AllPermission
permission. Any applet signed with the same certificate will be trusted automatically
in the future, and no security dialog will pop up when the certificate is
encountered again. This option selection can be changed from the Java
Control Panel.AllPermission
permission. Any applet signed with the same certificate
will be trusted automatically within the same browser session.Once the user selects the options from the security dialog, the applet will be run in the corresponding security context. Note that all options are selected on the fly; no preconfiguration is required.
The Java Control Panel provides a Certificates Panel for managing RSA signed applets. This panel contains a list of certificates that received "Grant always" permission when the Java Plug-in security dialog (pop-up) ran. Users can remove any certificate from the list, and if an applet signed by a removed certificates is encountered again, a security dialog pop-up will appear asking for permission. Users can also export and view certificates through the Java Control Panel.
RSA signed applets can be entirely disabled in Java Plug-in by specifying the
usePolicy
permission in the policy file. If the usePolicy
permission is among the permissions granted to the given codesource (by the
configured security policy), user prompting will not take place, and only permissions
specified in the security policy will be granted to the codesource. By default,
RSA signed applets are enabled in the Java Plug-in.