To avoid socket connection security errors, we self-sign the applet. By default, java does not allow applets to make socket connections to outside hosts or ports. By signing the applet, we allow the user to grant the applet rights normally prohibited, including accessing the ASL server through a different port.
The following commands were used to create a self-signed key.
cd ~/ASLdatabaseSearch/server/ keytool -genkey -keystore rvlkeystore -alias rvlalias (enter information requested such as name, address, etc.) keytool -selfcert -keystore rvlkeystore -alias rvlalias
Once the key is created, it does not need to be re-created each time the applet is compiled. However, the applet does need to be placed into a jar file in order to be signed.
When using the signed version, the HTML code to points to the jar file instead of the class. The HTML code with the jar file is:
<APPLET CODE = "asldbsearch" ARCHIVE = "asldbsearch.jar" WIDTH = 1200 HEIGHT = 800 > </APPLET>
To not use the signed appplet, change the code to refer directly to the class:
<APPLET CODE = "asldbsearch.class" WIDTH = 1200 HEIGHT = 800 > </APPLET>
For general instructions on applet signing, visit these links
If the signed applet is not used, it is still possible for users to
allow the connection. In this case, users must edit their java
security settings in the java.policy
file to include this
line:
grant{ permission java.net.SocketPermission "rvl2.ecn.purdue.edu:1024-", "accept, connect, listen, resolve"; };
It is necessary to re-start the browser for this change to take effect. This change is not required when the signed applet is used.