This section covers the following topics:
To deploy RSA signed applets:
archive
, cache_archive
, or
cache_archive_ex
format. See Applet Caching.When users of Java Plug-in encounter an RSA signed applet, the Plug-in will verify whether:
If the applet is correctly signed and the RSA certificate chain and root CA are valid, the Plug-in will pop-up a security dialog telling the user and providing four options:
AllPermission
permission. Any applet signed with
the same certificate will be trusted automatically in the future,
and no security dialog will pop up when the certificate is
encountered again. This option selection can be changed from the
Java Control Panel.AllPermission
permission. Any applet
signed with the same certificate will be trusted automatically
within the same browser session.Once the user selects the options from the security dialog, the applet will be run in the corresponding security context. Note that all options are selected on the fly; no preconfiguration is required.
The Java Control Panel provides a Certificates Panel for managing RSA signed applets. This panel contains a list of certificates that received "Grant always" permission when the Java Plug-in security dialog (pop-up) ran. Users can remove any certificate from the list, and if an applet signed by a removed certificates is encountered again, a security dialog pop-up will appear asking for permission. Users can also export and view certificates through the Java Control Panel.
RSA signed applets can be entirely disabled in Java Plug-in by
specifying the usePolicy
permission in the policy
file. If the usePolicy
permission is among the
permissions granted to the given codesource (by the configured
security policy), user prompting will not take place, and only
permissions specified in the security policy will be granted to the
codesource. By default, RSA signed applets are enabled in the Java
Plug-in.