816027 wrote:Not really. If you get your certificate signed by one of the standard Certificate Authorities then it's certificate chain will already be in the the Java trust store so the jar signing will be valid.
or I could used a signed jar file, but then everyone would need to install the corresponding certificate.
I just want an applet that anyone can access: "write once run anywhere".Create a public/private key pair and a CSR and submit the CSR to a standard Certificate Authorities and install the certificate they send you in your key store. Then sign the applet.
The interesting thing is that this works fine on some other machines. Has the default policy changed?I know that on an earlier JRE there was a security bug that allowed an Applet to (arbitrarily?) access URLs other than the one that the Applet was loaded from. I can't remember the detail but I'm sure Google will find it.
Also, I don't serialize anything AWT-related; the state represents a diagram, but it's a bunch of ArrayLists mostly, with only a transient reference to the panel where the diagram will be rendered. Presumably "transient" is actually honored when serializing?Of course you could have found a bug but without seeing the code that tried to write the state I can't judge.
Can anyone suggest any other way around this problem, or a way to find out exactly why readObject thinks it needs permission for sun.awt.windows?
I just want an applet that anyone can access: "write once run anywhere".
Create a public/private key pair and a CSR and submit the CSR to a standard CertificateThanks, but I don't suppose they'll do this for free (nor even cheaply, I suspect), and will need renewing at regular intervals.
Authorities and install the certificate they send you in your key store. Then sign the applet.