Java virtual machines run applets under a different security regime than applications. By default, applications are implicitly trusted. The designers of the JVM specification assumed that users start applications at their own initiative and can therefore take responsibility for the application's behavior on their machine. Such code is considered to be trusted. Applets, on the other hand, are started automatically by the browser after it downloads and displays a page. Users cannot be expected to know what applets a page might contain before they download it, and therefore cannot take responsibility for the applet's behavior on their machine. Applets, therefore, are considered by default to be untrusted. Among other restrictions, an applet cannot, by default, open a socket referred to by a URL who's domain different from the domain of the page that contains the applet. This is part of the security architecture that browsers employ to protect users' computing resources from malicious or faulty applets.
- Use Jabaco to compile your application/applet to a Jar-file
- Use the KeyTool in your JRE/JDK-Path to create your own public/private key pair.
- Sample: keytool -genkey -alias myNewKey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
- Use the KeyTool to create a certificate for the key.
- Sample: keytool -selfcert -alias myNewKey -validity 3650
- Run JarSigner associate this certificate with the JAR file that contains your applet.
- Sample: jarsigner myJar.jar myNewKey
- Verify your signed Jar-File
- Sample: jarsigner -verify -verbose -certs myJar.jar