This discussion is archived
8 Replies Latest reply: Sep 12, 2011 6:16 AM by 801394 RSS

How To Detect When A User Denies A Signed Applet?

801394 Newbie
Currently Being Moderated
Hello Community,

Straight and to the point, how can I detect if a user denies a signed applet from running?

Let me explain further. I have a web page with an applet embedded in the html code. When the applet is launched by the JVM, a security dialog pops up, asking the user to confirm whether or not they want the signed applet to run. There's two options given to the user; Run and Cancel. If the user selects "Cancel", the applet fails to run and throws this exception:
exception: exit(-1).
ExitException[ 4]java.lang.RuntimeException: exit(-1)
    at com.sun.javaws.Main.systemExit(Unknown Source)
    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
    at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
    at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Exception: ExitException[ 4]java.lang.RuntimeException: exit(-1)
I have read that if the user denies access to the signed applet, then the applet will still run but will run in the sandbox. Unfortunately, I don't think this is the case for me. Within the applet's "init, start, stop, destroy" methods, I call "System.out.println("Made it here.");", which is not output to the Java Console. BTW - I always have the Java Console being shown; you can set it to do this in the Java Control Panel. The reason I need to determine this, is I would like to redirect the user to a new web page if the applet fails to load.

FYI - I am using JRE 1.6_21 and Firefox 3.6.10 on Windows 7.

So, if anyone has any ideas about how to figure out if a signed applet is denied by the user, please reply to this thread.
  • 1. Re: How To Detect When A User Denies A Signed Applet?
    DrClap Expert
    Currently Being Moderated
    RhinoGuy wrote:
    I have read that if the user denies access to the signed applet, then the applet will still run but will run in the sandbox.
    But as you found out for yourself, that's incorrect.
    So, if anyone has any ideas about how to figure out if a signed applet is denied by the user, please reply to this thread.
    You look in the user's Java console and you see that error message. But presumably you meant to ask how the applet could tell. Well, since the applet doesn't start, there isn't any way for it to do anything at all.

    I don't know if there's anything in HTML or Javascript which could identify a failed applet load.
  • 2. Re: How To Detect When A User Denies A Signed Applet?
    801394 Newbie
    Currently Being Moderated
    I've figured out why my particular applet doesn't run in the sandbox when the user denies the security certificate. Well, in my test applet, I was using a jnlp reference in the html code to launch the applet. As soon as I removed that piece, and launched the applet the old way (with just a bunch of parameters inside the <embed>/<object> tag), it worked. Which is to say, once the user denied the certificate, the applet did run as a sandboxed version.

    Now the production applet had a different problem. The production applet uses a base-class jar library that is signed with the same certificate as the main-class jar. The main-class jar's applet class is derived from the base-class jar's applet class which is derived from JApplet.
    Example layout:
    Base.jar -> BaseApplet extends JApplet -> Base.jar is marked as "Trusted-Only" in it's manifest
    Main.jar -> MainApplet extends BaseApplet -> Main.jar uses Base.jar
    
    Base.jar and Main.jar are both signed with the same certificate.
    Maybe it's easy to see the problem here. In this case, the reason the applet won't load when the user denies the certificate is because the MainApplet.class is derived from a "Trusted-Only" BaseApplet.class. Well, I suspect the ClassLoader won't load BaseApplet.class b/c the user denied the certificate, and we get my exception that is shown above.

    Therefore, after all this poking and prodding, I finally thought of a solution to this problem. I ended up creating a new JAR file (Check.jar) with one class that is derived from JApplet. I sign this JAR with the same certificate as Base.jar and Main.jar. Then I load Check.jar in the HTML page first, and inside the start method, I make a call to the file system to see if I have access. If it throws an exception, then I know I'm running with the SecurityManager under the sandbox and I can use LiveConnect to call a javascript function on the web page so the page knows if the certificate was accepted or not. If it was accepted, I insert the HTML that launches Main.jar. Everything seems to work as planned b/c the user already accepted the certificate from Check.jar that is also used to sign Main.jar.

    If someone is interested in the source code to this, please reply to this thread and I can probably put it up here.
  • 3. Re: How To Detect When A User Denies A Signed Applet?
    812809 Newbie
    Currently Being Moderated
    Yes..I would like to see the implementation.. could you post? Thanks
  • 4. Re: How To Detect When A User Denies A Signed Applet?
    886652 Newbie
    Currently Being Moderated
    Sorry for the bump, but can anyone help out with this?

    I'm having the same problem but i've never messed with liveconnect so I have no idea where to start


    Thanks
  • 5. Re: How To Detect When A User Denies A Signed Applet?
    793415 Pro
    Currently Being Moderated
    RhinoGuy wrote:
    ..I have read that if the user denies access to the signed applet, then the applet will still run but will run in the sandbox. ..
    That is merely the (current) default behavior of the Oracle JRE, as I discovered on Does this applet work in an Iced Tea JRE?.
  • 6. Re: How To Detect When A User Denies A Signed Applet?
    886652 Newbie
    Currently Being Moderated
    well yea, i understand that, but I'm talking about the actual code.
  • 7. Re: How To Detect When A User Denies A Signed Applet?
    793415 Pro
    Currently Being Moderated
    883649 wrote:
    well yea, i understand that, but I'm talking about the actual code.
    Since I just realized that you:

    <ol>
    <li>Are hi-jacking someone else's thread.
    <li>Seem determined to waste my time with vague nonsense statements
    </ol>

    I have decided not to pursue it further. Good luck with it.
  • 8. Re: How To Detect When A User Denies A Signed Applet?
    801394 Newbie
    Currently Being Moderated
    An example with source code can be found here:

    [http://dale.dns4me.com:8003/Bug_Reports/3_Browser_Cancel_Cert_MultiJar/index.htm|http://dale.dns4me.com:8003/Bug_Reports/3_Browser_Cancel_Cert_MultiJar/index.htm]

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points