Signing Javascript

electBlake electblake at gmail.com
Fri Nov 28 21:06:38 UTC 2008


I went and tested it. My FireBug says that all of the functions are  
not found.

http://img142.imageshack.us/img142/1380/picture5jq9.png

*shrugs*

On 28-Nov-08, at 3:21 PM, David Makalsky wrote:

> Actually, this is not the way to communicate with an applet.  It's a
> means to communicate to a POJO structure.
>
> I got around the security issue by having my called method simply set
> a field (jsSignal). I then have a separate thread monitor the field
> and act appropriately.  It seems to work now.
>
> Please try it out at http://rascal.xymbo.com and view source to see
> the JS and html.
>
> Regards,
>
> David Makalsky
>
> On Fri, Nov 28, 2008 at 2:22 PM, Peter Rowley <prowley at yorku.ca>  
> wrote:
>>
>> I think you may need to look at material in
>>
>> https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/LiveConnect_Overview/JavaScript_to_Java_Communication 
>> #Package_and_Class_Reference
>>
>> particularly the section concerning the Packages Object
>>
>> Peter
>>
>>
>>
>>
>> "David Makalsky" <dmakalsky at gmail.com>
>>
>> 11/28/08 02:04 PM
>>
>> To
>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>> cc
>> "Peter Rowley" <prowley at yorku.ca>
>> Subject
>> Re: Signing Javascript
>>
>>
>>
>>
>> Hi Peter,
>>
>> Yes, the applet is signed properly.  When the same functions are
>> called from the applet GUI they work fine.
>>
>> I would like to point out the following line in the stacktrace when
>> calling the method from js
>>
>> sun.plugin.javascript.JSClassLoader.invoke(Unknown
>> Source)                 at
>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>>
>> I have seen the link you provided, but I was wondering if there was
>> any fluid standards to signing JS.  For example, do we use a common
>> certificate, etc.
>>
>> Regards,
>>
>> David
>>
>>
>>
>> On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca>  
>> wrote:
>>>
>>> Hi David,
>>>
>>> This is pretty informative
>>>
>>> http://www.mozilla.org/projects/security/components/signed-scripts.html
>>>
>>> Are you sure the applet is signed properly?
>>>
>>> Peter
>>>
>>>
>>>
>>> "David Makalsky" <dmakalsky at gmail.com>
>>> Sent by: fluid-work-bounces at fluidproject.org
>>>
>>> 11/28/08 12:51 PM
>>>
>>> To
>>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>>> cc
>>> Subject
>>> Signing Javascript
>>>
>>>
>>>
>>>
>>> Hi,
>>>
>>> I am running into some issues when I am calling my Java Applet
>>> functions from within a JS function.
>>>
>>> (All Source available at http://rascal.xymbo.com and view source)
>>>
>>> For example, when I call the following function:
>>> function startRecordingApplet(){
>>>                document.rascal.startRecording();
>>> }
>>>
>>> it is supposed to call the startRecording() method from within the
>>> ScreencastApplet class.
>>>
>>> I am getting the following stack trace:
>>>
>>> java.security.PrivilegedActionException:
>>> java.lang.reflect.InvocationTargetException
>>>                at java.security.AccessController.doPrivileged(Native
>>> Method)
>>>                at sun.plugin.liveconnect.SecureInvocation 
>>> $2.run(Unknown
>>> Source)
>>>                at java.security.AccessController.doPrivileged(Native
>>> Method)
>>>                at
>>> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
>>> Caused by: java.lang.reflect.InvocationTargetException
>>>                at  
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>>                at  
>>> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
>>> Source)
>>>                at  
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>> Source)
>>>                at java.lang.reflect.Method.invoke(Unknown Source)
>>>                at sun.plugin.javascript.JSInvoke.invoke(Unknown  
>>> Source)
>>>                at  
>>> sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
>>> Source)
>>>                at  
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>> Source)
>>>                at java.lang.reflect.Method.invoke(Unknown Source)
>>>                at sun.plugin.javascript.JSClassLoader.invoke(Unknown
>>> Source)
>>>                at
>>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown  
>>> Source)
>>>                ... 4 more
>>> Caused by: java.security.AccessControlException: access denied
>>> (java.util.PropertyPermission user.dir read)
>>>                at
>>> java.security.AccessControlContext.checkPermission(Unknown Source)
>>>                at  
>>> java.security.AccessController.checkPermission(Unknown
>>> Source)
>>>
>>>
>>> After doing some research online, I have come to the conclusion that
>>> the Javascript which calls Applet functionality which needs the  
>>> applet
>>> to be signed, itself needs to be signed as well.
>>>
>>> Do we have a fluid standard for signing javascript?  Does anyone  
>>> have
>>> any experience signing javascript?
>>>
>>> Any assistance would be appreciated.
>>> --
>>> David Makalsky
>>> _______________________________________________________
>>> fluid-work mailing list - fluid-work at fluidproject.org
>>> To unsubscribe, change settings or access archives,
>>> see http://fluidproject.org/mailman/listinfo/fluid-work
>>>
>>>
>>
>>
>>
>> --
>> David Makalsky
>>
>>
>
>
>
> -- 
> David Makalsky
> _______________________________________________________
> fluid-work mailing list - fluid-work at fluidproject.org
> To unsubscribe, change settings or access archives,
> see http://fluidproject.org/mailman/listinfo/fluid-work




More information about the fluid-work mailing list