Skip to main content

Can't get rid of 'Java Applet Window' tag !

4 replies [Last post]
rasto1968
Offline
Joined: 2004-08-25

I have several signed web start apps that work perfectly well, the user can open dialogs/new windows etc. and none of them have the dreaded 'Java Applet Window' tag added to them.

My latest app isn't really any different (it uses the same libraries) but whenever a dialog is displayed it contains the 'Java Applet Window' tag ! The main frame of the app is fine, it doesn't have the tag. The tag is only added to dialogs that I open later on.

All of the applications are signed with the same certificate.

Can anyone think of a reason why this is happening ?

Cheers
Rob

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
tackline
Offline
Joined: 2003-06-19

My guess is that you are picking up code that is not signed.

At the point you create the dialogs, you can tell if they should have a warning string with:

[code] System.err.println(System.getSecurityManager().checkTopLevelWindow(dialog));[/code]

If that is true, the next thing is to check where the code is being called from:

[code] Thread.dumpStack();[/code]

If those classes all seem reasonable, then you should be able to list the source for each class with the following magic incantation:

[code] java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction() {
public Void run() {
new SecurityManager() {{
for (Class clazz : getClassContext()) {
System.err.println(
clazz
.getProtectionDomain()
.getCodeSource()
);
}
}};
return null;
}
}
);[/code]

If you fail to create the security manager, that means that the class that code is in does not have an accepted signature.

rasto1968
Offline
Joined: 2004-08-25

Thanks for that tip,I think I have figured out the problem. My code uses Rhino to allow the application to be scripted. In this case the problem dialogs are being shown by some JavaScript code - and since this is being compiled at run time it won't be signed ! I may have to rethink my use of scripting.
Thanks once again, your hint got me thinking about it from a different direction.

Cheers
Rob

linuxhippy
Offline
Joined: 2004-01-07

as far as I know you can tell rhino wether it should compile the javascript-code or just interpret it, which is of course a bit slower.

I've developed a class-loader some time ago, which was signed itself, but allowed unsigned code to run with full privilges. I know this violates security - but it was company private so I don't think anybody tries man-in-the-middle attackes ^^

good luck, lg Clemens

rasto1968
Offline
Joined: 2004-08-25

I solved the problem by disabling the security manager in the end, all of the scripting is internal anyway so there are no security issues.

Thanks for the help guys.

Rob