This section includes the following topics:
Q. Why do I get a javax.net.ssl.SSLException
(or
hang or disconnect) when accessing an applet from an HTTPS
site.
A. In some SSL/TLS servers you will encounter this problem if a
client message is received in a format it doesn't understand or
with a protocol version number that it doesn't support. The problem
is on the server side. There may be several aspects of the SSL/TLS
protocol that are not implemented correctly. If the server only
speaks SSLv3, when a client sends a TLSv1 (aka SSLv3.1) hello the
server is supposed to respond with a SSLv3 server hello (aka
SSLv3.0). But the server is not doing so; hence, you get the
exception (SSLException
).
In Java Plug-in 1.3.x the browser's implementation of SSL was used. Netscape 4.x and Internet Explorer provide only an SSLv3.0 implementation. The problem will not be seen because in this version of Plug-in only SSLv3.0 is used.
In Java Plug-in 1.4.0 the JSSE implementation of TLS/SSL was used. By default, JSSE enables the TLSv1, SSLv3, and SSLv2Hello protocols. In this version of Plug-in TLSv1 will be used, and this problem may be seen on servers with incorrect protocol implementations.
Below are some ways to work around this problem. Turn off the TLSv1 protocol and use only SSLv3.
1. In the Java Plug-in Control Panel (Advanced tab) specify:
-Dhttps.protocols="SSLv3,SSLv2Hello"
2. Set the system property:
System.setProperty("https.protocols", "SSLv3");
3. If you have access to the socket, you can do this:
socket.setEnabledProtocols("SSLv3");
In Java Plug-in 1.4.1 the SSLv3 and SSLv2Hello protocols are
used by default. Because most browsers use SSLv3 by default and
most web servers support it—and to avoid seeing the above
problem—the change was made to this version of the Plug-in. Users
that need to use TLSv1 should set the https.protocols
settings.
Q: Is there a way, other than restarting the browser, to force the JVM to check the server for modified JAR files for a page with an applet?
A: Modified jar files will be downloaded from the server
when a page with an applet is refreshed or revisited if you first
do this: type "x" in the Java Console to clear the
Classloader cache.
Q: When trying to play a game on
http://games.yahoo.com
I get a
ControlAccessException
. What is the problem and is
there a workaround?
A: The problem is that the game applet needs permission to
connect to one or more servers, and it is being denied permission
for security reasons. The workaround is this: Add the following to
your java.policy
file:
grant codeBase "http://download.yahoo.com/games/clients/" { permission java.net.SocketPermission "*","connect";};
java.policy
is located in <JRE
installation directory>/Java/j2re1.4.0/lib/security/
.
Q: How do I get Nescape to find my plugin when I've downloaded and installed the Java SE, which includes Java Plug-in?
A: Set the NPX_PLUGIN_PATH envirronement variable to the location of the Java Plug-in (the directory in which the javaplugin.so file is located):
NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc/ns4
for Netscape 4
NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc/ns6
for Netscape 6
Q: I can't get Java Plug-in software to install in an intranet environment when I place it on our Netscape Enterprise 3.0 SuiteSpot web server. Why not?
A: We have reports that the Netscape Enterprise 3.0 SuiteSpot Webserver is unable, at least in some circumstances, to serve up .exe files. One apparent workaround has been to configure the HTML so that the Java Plug-in product is installed by a Visigenic Orb Gatekeeper, which also functions as a web server.
Q: I'm having trouble debugging with Java Plug-in Software. Do you have any tips?
A: In some circumstances, Java Plug-in Software will use
a different debug connection address than expected. This occurs
when Java Plug-in Software is loaded into the
Explorer.exe
process running in one of the following
configurations:
Java Plug-in Software is loaded into the
Explorer.exe
process when an HTML page containing the
OBJECT tag is viewed in the following ways:
This can cause problems when debugging Java applets, since no
two processes should use the same debug connection address. (See
How to Debug Applets in Java
Plug-in in Debugging Support
regarding setting of the connection address.). If the
Explorer.exe
process has already claimed the debug
connection address, and the Netscape.exe
or
Iexplorer.exe
tries to use it, debugging problems may
result.
Java Plug-in Software avoids this complication when loaded into
the Explorer.exe
process by prepending the debug
connection address specified in the Control Panel with the string
Explorer
.
For example, if the default connection address set at the time
of Java Plug-in Software installation is 2502
, when
running under Explorer.exe
it is actually set to
Explorer:2502
.
When running JDB from the Java SDK you should specify
jdb -attach Explorer:2502
to attach to the JVM loaded into the Explorer.exe
process.
Q: My applet is no longer scriptable in Internet Explorer with Java Plug-in. Why?
A: With Java Plug-in Software 1.3 a scriptable
tag must be included and given a value of "true" in order for an
applet to be scriptable. See the Using
OBJECT
, EMBED
and APPLET
Tags in Java Plug-in for more information.
Q: Why am I having problems using some standard extensions/optional packages?
A: Only extensions installed in the
<jre>\lib\ext
directory will be added to the
classpath. Extensions installed in directories pointed to by the
java.ext.dirs
system property will not be added.
Q: Java Plug-in used to work with my Navigator 4.0.x browser. But when I upgraded to Navigator 4.5 and re-installed Java Plug-in, it does not work with Navigator 4.5. Why?
A: It has been reported that Navigator 4.5 may not install the user profile properly during installation. As a result, Java Plug-in Software may not read the correct user profile setting. To make sure the user profile setting is correct, check the following:
HKEY_LOCAL_MACHINE\Software\Netscape\Netscape
Navigator\Users\CurrentUser
HKEY_LOCAL_MACHINE\Software\Netscape\Netscape
Navigator\Users\<UserName>\DirRoot
<DirRoot>
points to an existing user profile. If
any of the registry keys are missing or incomplete, use the User
Profile Manager tool to recreate your profile.
Q: We are trying to use Java 3D with Java Plug-in but it doesn't work at all. Why?
A: Java 3D comes with various packages. Installing it incorrectly may inadvertently disable Java Plug-in or cause it to fail. Follow these general instructions for using Java 3D and Java Plug-in Software:
Q: Some web/proxy servers require users to login for authentication. When I used the browser to access this server with Java Plug-in, two login dialog boxes appeared. Why?
A: Normally Java Plug-in will download the applets using its own connection. If the web/proxy server requires login, the browser will first encounter the request and bring up a login dialog box. After the HTML page is downloaded, Java Plug-in will try to download the class or jar files for the applet. However, since Java Plug-in has no access to the login information that the browser previously obtained, it will bring up its own login dialog box.
Q: When I tried to deploy Java Plug-in in the intranet and put the binaries on the internal web server, IE doesn't download and install Java Plug-in Software when it encounters the converted page. What's going on?
A: You may want to check that the CODEBASE in the OBJECT tag actually has the correct URL for Java Plug-in. Also, turning off execute privileges on the directory in which you put the Java Plug-in Software executable may help.
Q: I am experiencing problems getting an applet to render using Java Plug-in Software. What is the cause of this?
A: While this may be due to a variety of circumstances unique to your operating environment, a frequent cause of this problem is a security exception.
Problem: Your network does not support DNS (Domain Name
Service). In order to perform certain security checks, the applet
SecurityManager
needs to be able to find the IP
address from which your applet was downloaded. If DNS is not
available, these security checks may fail.
Workaround: When visiting the target web page, specify an IP address rather than a hostname in the URL. For example, use "http://192.0.2.254/example.html".
Q: I changed my browser setting while Java Plug-in Software was running, but it still uses the old settings after the change. Why?
A: The browser settings are read in by Java Plug-in when it is started. These settings are valid throughout the lifetime of the browser session. To make Java Plug-in read in the new settings, restart your browser. If you are running Active Desktop with Java Plug-in, you need to restart the computer.
Q: When I loaded my applet, it said "noninit" or "applet not initialized" in the browser's status bar. How can I identify the cause of the problem?
A: Follow these steps:
Q: When I try to use the AppletClassLoader
with
Java Plug-in Software, it crashes with a null pointer exception in
IE4 but works fine in Netscape. Why does this happen? Is there a
way to make it work correctly in IE4?
A: Java Plug-in Software in IE4 tries to load
<YourAppletName>BeanInfo.class
even if
your applet is not a bean. There is a bug in Java SDK, Standard
Edition v 1.3 in the AppletClassLoader
that occurs
when trying to load nonexistent classes. To prevent this problem,
create an empty <YourAppletName>BeanInfo.class.
Q: Why does Java Plug-in Software sometimes crash Internet Explorer but not Netscape Navigator?
A: In certain circumstances, bad HTML will cause the browser to crash. One example is the absence of an </XMP> tag. Please make sure your HTML is correct.
Another possibility is that the plug-in was disabled using the Control Panel before you accessed a Plug-in-enabled page. Please check your settings to make sure the Plug-in is enabled.
Q: My applet used to create a top-level frame that would remain visible through page switches. When I upgraded to Java Plug-in this no longer occurs. Why?
A: In Java Plug-in Software, applets are stopped and destroyed during page switches. All the visible components should be destroyed as well. There has been an enhancement in Java SDK that makes sure that all of the resources of the applet are properly released, including the top-level frame.
Q: I am trying to install the Java Plug-in on a network drive. However, it doesn't install. Why?
A: If your network drive is protected or read-only, you will not be able to install the Java Plug-in. Contact your system administrator for more details.
Q: I am trying to install Java Plug-in. However, whenever the install program tries to install the Java Plug-in for Netscape Navigator, it displays an error. My Navigator is on a network drive. Is there a way to fix this?
A: If your Navigator is installed on a network drive, you may not have permission to install the plugin DLL on the Navigator Plugins directory. Contact your system administrator for more details.
Q: I'm having trouble installing the Java Plug-in on my Microsoft Windows machine. I see the error: "An application error has occurred and an application error log is being generated. Exception: access violation ..." What might be the problem?
A: The Microsoft Window installation (using Installshield's installer) may not work if you have Quarterdeck's Cleansweep product running in the background.
Q: When I reboot after I uninstalling Java Plug-in software,
I get a dialog box warning that a .cpl
file has been removed. What is this?
A: If the Java Plug-in Control Panel is open while you are uninstalling the plug-in, plugincpl.cpl will not be removed as it is locked when the Control Panel folder is open.
Q: When I uninstall Java Plug-in, the Microsoft Window Plugin for Netscape seems to stay on the machine. How can I remove that?
A: Delete the NPJPI<modified version
number>.dll from the Netscape Plugins
directory. For example, for Java Plug-in 1.4.0, delete
NPJPI140.dll
from the Plugins
directory.
Q: I have some security-related issues in my applet. How do I debug it?
A: You can enable the java.security.debug
property to enable trace messages from the security system. Please
see java.security.debug
Property in the chapter called Debugging Support for more
information.
Q: When downloading applets from the Internet, an
AccessControlExcpetion
is thrown. However, when the
applet is located on the intranet, it works. Why?
A: To prevent DNS spoofing, a security check in Java Plug-in requires the host name to be resolved into an IP address before any connection is made from the applet. However, the side-effect of this security check is to require the intranet DNS server to be able to resolve any external host name from the Internet. For some customers, this is not the way their DNS servers are setup within the enterprise, and it causes Java Plug-in to fail. To resolve this issue, there are several options:
-DtrustProxy=true
in the
Java Plug-in Control Panel.
Note that this property should be set by administrator, as
setting this property improperly with an untrusted proxy server may
expose the client machines to DNS spoofing. This property is
similar to the
security.lower_java_network_security_by_trusting_proxies
property supported by Netscape Navigator's JVM.
Q: I keep getting a ClassFormatError
exception
when my webpage is loaded with HTTPS in Netscape Navigator.
Why?
A: This is caused by an applet specifying a nonexistent
.jar
or .class
file in the EMBED
tag. Due to limitation of what information can be returned via
HTTPS in Navigator, the web server's "File Not Found" HTML page is
returned instead of the appropriate status. This HTML page is
treated as a .class
file and that causes the
exception.
Q: I tried to run an RSA signed applet with Java Plug-in, but it is being treated as an untrusted applet. What is the problem?
A: There are several possibilities:
signtool
or Sun's jarsigner
to verify
it.Q: Why do I get a yellow banner across my applet frame when using Java Plug-in?
A: When an applet creates a free-standing Frame, Java Plug-in adds a yellow warning banner so users will know they are dealing with an untrusted applet window.
Q: Can I disable the yellow warning banner on frames?
A: The yellow warning banner is an important security feature. It cannot be disabled by untrusted applets.
If you use a signed applet, where the signing key is trusted by the end user, then the warning banner will not be shown.
Q: How do I prevent the warning banner from covering my GUI state?
A: See the same question in the Developer FAQ.
Q: Why does InetAddress.getLocalHost().getHostName() return "localhost"?
A: See the same question in the Developer FAQ.