Signed applet - Any way to check if user will get the security popup?

[john.burton]

I don't want to bypass the security at all even if I could, I
understand why it's there.

But I have a little applet on a webpage used by a closed group of users
which works if not signed but provides some additional features if it
is signed.

What I don't want though is for users to get the dialog box you get
with a signed applet saying do you want to accept it... If the user has
chosen "Always trust this publisher" then it doesn't ask and that's
great but if not I'd rather it say nothing and run without additional
privileges than ask the user.

Is there any way I can supress the dialog and simply not run with
priveleges in this case? Or any way I can detect from javascript or an
unsigned applet if the user is likely to be asked?

I can't think of a way to achieve this but thought I'd ask !

 

[Andrew Thompson]

I don't want to bypass the security at all even if I could, I
understand why it's there.

But I have a little applet on a webpage used by a closed group of users
which works if not signed but provides some additional features if it
is signed.

What I don't want though is for users to get the dialog box you get
with a signed applet saying do you want to accept it... If the user has
chosen "Always trust this publisher" then it doesn't ask and that's
great but if not I'd rather it say nothing and run without additional
privileges than ask the user.

Is there any way I can supress the dialog and simply not run with
priveleges in this case?

Not as far as I understand. If an applet is signed,
the user is asked if they will accept the signed code.

...Or any way I can detect from javascript or an
unsigned applet if the user is likely to be asked?

They *will* be asked, unless they happen to have ticked
an 'always trust this publisher' checkbox for an earlier
applet signed with the same certificate.

I can't think of a way to achieve this but thought I'd ask !

Using web-start, you can offer the choice to your
end users (where it should be). Offer the applet as
both no permissions and j2ee-application-client
permissions, explaining the difference on the
web-page, and everything should be sweet..

Andrew T.

 

[john.burton]

Not as far as I understand. If an applet is signed,
the user is asked if they will accept the signed code.


They *will* be asked, unless they happen to have ticked
an 'always trust this publisher' checkbox for an earlier
applet signed with the same certificate.


Using web-start, you can offer the choice to your
end users (where it should be). Offer the applet as
both no permissions and j2ee-application-client
permissions, explaining the difference on the
web-page, and everything should be sweet..

Pretty much as I thought but thanks for the reply.

Webstart isn't really an option for this, the purpose of the applet is
to provide a feature on a webpage that needs a bit of interactivity in
addition to other web based information, it's just that for maximum
utility it needs to check what's installed on the users machine
already. I simply wanted to make that feature unavailable as having the
permissions dialog pop up on a web page is very intrusive, and I'd
rather have the users agree elsewhere to always accept the certificate
- and just "gray out" the feature if they haven't already granted
permission.

 

[Andrew Thompson]

Andrew Thompson wrote: .... .....
Webstart isn't really an option for this, the purpose of the applet is
to provide a feature on a webpage that needs a bit of interactivity in
addition to other web based information,

You're right there - many applets do not interact with
the page itself, so that is not a problem, but JWS
cannot handle the scenario you describe.

Andrew T.

 

[john.burton]

You're right there - many applets do not interact with
the page itself, so that is not a problem, but JWS
cannot handle the scenario you describe.

I suppose I *could* rewrite the whole thing as a webstart application
though, not just the applet part. Hmm.

 

[Andrew Thompson]

What sort of things are happening on the
other parts of the page? I got the impression
it might include other things which are hard
to support in pure Java (such as Flash or
modern video formats/codecs).

( Of course the web-start app. should have no more
trouble accessing the web based info. than an applet. )

Andrew T.

 

[john.burton]

What sort of things are happening on the
other parts of the page? I got the impression
it might include other things which are hard
to support in pure Java (such as Flash or
modern video formats/codecs).

Ah it's nothing like that complicated and nothing very important!

I have a website for my world of warcraft guild with forums, and
several other database driven applications which are all somewhat
independent. I've made a web page which integrates the information from
each of those applications into a single summary for each resistered
user. I'm working on an applet which does some graphical displays of
screenshots and information in a nicer, more interactive format than is
possible with straight html... I might well have used flash for it
except that it costs quite a lot of money to get a flash development
kit as far as I can tell and I program java for a living so it's an
obvious choice for me.

One of the other things I have is a list of links to downloadable
addons to the game. It would be nice if the user's personal web page
could inspect their computer and find out if they already have various
addons installed and if so if they have the latest version. Obviously
to do this I would need a signed applet to be able to access their
disk. But it really needs to be an applet to integrate visually with
the rest of the information on the page. Because it's a fairly closed
user group I have no problem with using a self-signed certificate for
this application and asking people to choose to always accept applets
signed my myself. However if people don't do this, or if they choose
not to they'll get a popup from the applet every time the page loads
when it would be far better to simply not offer that facility.

I suppose I could rethink the whole thing and have a link to a webstart
application to check their addons, but it starts to get complicated
then for what are in some cases relatively unsophisticated users. It
would be much better to have a single page with an applet on from a
usability point of view.