Signing Javascript

Peter Rowley prowley at yorku.ca
Fri Nov 28 19:22:44 UTC 2008


I think you may need to look at material in 

https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/LiveConnect_Overview/JavaScript_to_Java_Communication#Package_and_Class_Reference

particularly the section concerning the Packages Object

Peter





"David Makalsky" <dmakalsky at gmail.com> 
11/28/08 02:04 PM

To
"Fluid Mailing List" <fluid-work at fluidproject.org>
cc
"Peter Rowley" <prowley at yorku.ca>
Subject
Re: Signing Javascript






Hi Peter,

Yes, the applet is signed properly.  When the same functions are
called from the applet GUI they work fine.

I would like to point out the following line in the stacktrace when
calling the method from js

sun.plugin.javascript.JSClassLoader.invoke(Unknown
 Source)                 at
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)

I have seen the link you provided, but I was wondering if there was
any fluid standards to signing JS.  For example, do we use a common
certificate, etc.

Regards,

David



On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca> wrote:
>
> Hi David,
>
> This is pretty informative
>
> http://www.mozilla.org/projects/security/components/signed-scripts.html
>
> Are you sure the applet is signed properly?
>
> Peter
>
>
>
> "David Makalsky" <dmakalsky at gmail.com>
> Sent by: fluid-work-bounces at fluidproject.org
>
> 11/28/08 12:51 PM
>
> To
> "Fluid Mailing List" <fluid-work at fluidproject.org>
> cc
> Subject
> Signing Javascript
>
>
>
>
> Hi,
>
> I am running into some issues when I am calling my Java Applet
> functions from within a JS function.
>
> (All Source available at http://rascal.xymbo.com and view source)
>
> For example, when I call the following function:
> function startRecordingApplet(){
>                 document.rascal.startRecording();
> }
>
> it is supposed to call the startRecording() method from within the
> ScreencastApplet class.
>
> I am getting the following stack trace:
>
> java.security.PrivilegedActionException:
> java.lang.reflect.InvocationTargetException
>                 at java.security.AccessController.doPrivileged(Native
> Method)
>                 at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown
> Source)
>                 at java.security.AccessController.doPrivileged(Native
> Method)
>                 at
> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
> Caused by: java.lang.reflect.InvocationTargetException
>                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> Source)
>                 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
>                 at java.lang.reflect.Method.invoke(Unknown Source)
>                 at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
>                 at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
> Source)
>                 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
>                 at java.lang.reflect.Method.invoke(Unknown Source)
>                 at sun.plugin.javascript.JSClassLoader.invoke(Unknown
> Source)
>                 at
> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>                 ... 4 more
> Caused by: java.security.AccessControlException: access denied
> (java.util.PropertyPermission user.dir read)
>                 at
> java.security.AccessControlContext.checkPermission(Unknown Source)
>                 at 
java.security.AccessController.checkPermission(Unknown
> Source)
>
>
> After doing some research online, I have come to the conclusion that
> the Javascript which calls Applet functionality which needs the applet
> to be signed, itself needs to be signed as well.
>
> Do we have a fluid standard for signing javascript?  Does anyone have
> any experience signing javascript?
>
> Any assistance would be appreciated.
> --
> David Makalsky
> _______________________________________________________
> fluid-work mailing list - fluid-work at fluidproject.org
> To unsubscribe, change settings or access archives,
> see http://fluidproject.org/mailman/listinfo/fluid-work
>
>



-- 
David Makalsky

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://fluidproject.org/pipermail/fluid-work/attachments/20081128/6262b285/attachment.html>


More information about the fluid-work mailing list