SecureClassLoader subclass to show Certificate dialogs ?
Its good to see that Applets are finally revised since in some cases we really need signed code to do things in a browser without any need of extra software installation.
There is something missing in the JRE for many years. I found a workaround in JRE 5 and 6, but with the latest update 10 this no longer works. It was a hack so I can not put the blame on SUN... but there is a void that needs to be filled in.
Our applet is signed but it needs to download additional jarfiles from somewhere else. Now once an applet is accepted by the user, it has AllPermissions. So downloading other code, from somewhere else is allowed.
The problem is that we need to make sure that the jar downloaded from somewhere else is also trusted by the user.
The problem is that we don't have a public API that allows us to popup the certificate dialog or to check the certificate of the applet downloaded from another location.
Until now I used a little hack in URLClassLoader, that would delegate the getPermissions call from our custom ClassLoader to the classloader that loaded the original applet. The side effect was that if the certificate on the jar was not trusted, then the dialog would popup.
Is there new functionality available that allows me to let the user check the codebase (and add the certificate to the trusted store if accepted) ???