Signing Javascript

David Makalsky dmakalsky at gmail.com
Fri Nov 28 19:04:49 UTC 2008


Hi Peter,

Yes, the applet is signed properly.  When the same functions are
called from the applet GUI they work fine.

I would like to point out the following line in the stacktrace when
calling the method from js

sun.plugin.javascript.JSClassLoader.invoke(Unknown
 Source)                 at
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)

I have seen the link you provided, but I was wondering if there was
any fluid standards to signing JS.  For example, do we use a common
certificate, etc.

Regards,

David



On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca> wrote:
>
> Hi David,
>
> This is pretty informative
>
> http://www.mozilla.org/projects/security/components/signed-scripts.html
>
> Are you sure the applet is signed properly?
>
> Peter
>
>
>
> "David Makalsky" <dmakalsky at gmail.com>
> Sent by: fluid-work-bounces at fluidproject.org
>
> 11/28/08 12:51 PM
>
> To
> "Fluid Mailing List" <fluid-work at fluidproject.org>
> cc
> Subject
> Signing Javascript
>
>
>
>
> Hi,
>
> I am running into some issues when I am calling my Java Applet
> functions from within a JS function.
>
> (All Source available at http://rascal.xymbo.com and view source)
>
> For example, when I call the following function:
> function startRecordingApplet(){
>                 document.rascal.startRecording();
> }
>
> it is supposed to call the startRecording() method from within the
> ScreencastApplet class.
>
> I am getting the following stack trace:
>
> java.security.PrivilegedActionException:
> java.lang.reflect.InvocationTargetException
>                 at java.security.AccessController.doPrivileged(Native
> Method)
>                 at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown
> Source)
>                 at java.security.AccessController.doPrivileged(Native
> Method)
>                 at
> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
> Caused by: java.lang.reflect.InvocationTargetException
>                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> Source)
>                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
>                 at java.lang.reflect.Method.invoke(Unknown Source)
>                 at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
>                 at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
> Source)
>                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
>                 at java.lang.reflect.Method.invoke(Unknown Source)
>                 at sun.plugin.javascript.JSClassLoader.invoke(Unknown
> Source)
>                 at
> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>                 ... 4 more
> Caused by: java.security.AccessControlException: access denied
> (java.util.PropertyPermission user.dir read)
>                 at
> java.security.AccessControlContext.checkPermission(Unknown Source)
>                 at java.security.AccessController.checkPermission(Unknown
> Source)
>
>
> After doing some research online, I have come to the conclusion that
> the Javascript which calls Applet functionality which needs the applet
> to be signed, itself needs to be signed as well.
>
> Do we have a fluid standard for signing javascript?  Does anyone have
> any experience signing javascript?
>
> Any assistance would be appreciated.
> --
> David Makalsky
> _______________________________________________________
> fluid-work mailing list - fluid-work at fluidproject.org
> To unsubscribe, change settings or access archives,
> see http://fluidproject.org/mailman/listinfo/fluid-work
>
>



-- 
David Makalsky



More information about the fluid-work mailing list