Signing Javascript

David Makalsky dmakalsky at gmail.com
Fri Nov 28 20:21:12 UTC 2008


Actually, this is not the way to communicate with an applet.  It's a
means to communicate to a POJO structure.

I got around the security issue by having my called method simply set
a field (jsSignal). I then have a separate thread monitor the field
and act appropriately.  It seems to work now.

Please try it out at http://rascal.xymbo.com and view source to see
the JS and html.

Regards,

David Makalsky

On Fri, Nov 28, 2008 at 2:22 PM, Peter Rowley <prowley at yorku.ca> wrote:
>
> I think you may need to look at material in
>
> https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/LiveConnect_Overview/JavaScript_to_Java_Communication#Package_and_Class_Reference
>
> particularly the section concerning the Packages Object
>
> Peter
>
>
>
>
> "David Makalsky" <dmakalsky at gmail.com>
>
> 11/28/08 02:04 PM
>
> To
> "Fluid Mailing List" <fluid-work at fluidproject.org>
> cc
> "Peter Rowley" <prowley at yorku.ca>
> Subject
> Re: Signing Javascript
>
>
>
>
> Hi Peter,
>
> Yes, the applet is signed properly.  When the same functions are
> called from the applet GUI they work fine.
>
> I would like to point out the following line in the stacktrace when
> calling the method from js
>
> sun.plugin.javascript.JSClassLoader.invoke(Unknown
> Source)                 at
> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>
> I have seen the link you provided, but I was wondering if there was
> any fluid standards to signing JS.  For example, do we use a common
> certificate, etc.
>
> Regards,
>
> David
>
>
>
> On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca> wrote:
>>
>> Hi David,
>>
>> This is pretty informative
>>
>> http://www.mozilla.org/projects/security/components/signed-scripts.html
>>
>> Are you sure the applet is signed properly?
>>
>> Peter
>>
>>
>>
>> "David Makalsky" <dmakalsky at gmail.com>
>> Sent by: fluid-work-bounces at fluidproject.org
>>
>> 11/28/08 12:51 PM
>>
>> To
>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>> cc
>> Subject
>> Signing Javascript
>>
>>
>>
>>
>> Hi,
>>
>> I am running into some issues when I am calling my Java Applet
>> functions from within a JS function.
>>
>> (All Source available at http://rascal.xymbo.com and view source)
>>
>> For example, when I call the following function:
>> function startRecordingApplet(){
>>                 document.rascal.startRecording();
>> }
>>
>> it is supposed to call the startRecording() method from within the
>> ScreencastApplet class.
>>
>> I am getting the following stack trace:
>>
>> java.security.PrivilegedActionException:
>> java.lang.reflect.InvocationTargetException
>>                 at java.security.AccessController.doPrivileged(Native
>> Method)
>>                 at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown
>> Source)
>>                 at java.security.AccessController.doPrivileged(Native
>> Method)
>>                 at
>> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
>> Caused by: java.lang.reflect.InvocationTargetException
>>                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>>                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
>> Source)
>>                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>> Source)
>>                 at java.lang.reflect.Method.invoke(Unknown Source)
>>                 at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
>>                 at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
>> Source)
>>                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>> Source)
>>                 at java.lang.reflect.Method.invoke(Unknown Source)
>>                 at sun.plugin.javascript.JSClassLoader.invoke(Unknown
>> Source)
>>                 at
>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>>                 ... 4 more
>> Caused by: java.security.AccessControlException: access denied
>> (java.util.PropertyPermission user.dir read)
>>                 at
>> java.security.AccessControlContext.checkPermission(Unknown Source)
>>                 at java.security.AccessController.checkPermission(Unknown
>> Source)
>>
>>
>> After doing some research online, I have come to the conclusion that
>> the Javascript which calls Applet functionality which needs the applet
>> to be signed, itself needs to be signed as well.
>>
>> Do we have a fluid standard for signing javascript?  Does anyone have
>> any experience signing javascript?
>>
>> Any assistance would be appreciated.
>> --
>> David Makalsky
>> _______________________________________________________
>> fluid-work mailing list - fluid-work at fluidproject.org
>> To unsubscribe, change settings or access archives,
>> see http://fluidproject.org/mailman/listinfo/fluid-work
>>
>>
>
>
>
> --
> David Makalsky
>
>



-- 
David Makalsky



More information about the fluid-work mailing list