Signing Javascript

David Makalsky dmakalsky at gmail.com
Sun Nov 30 03:36:47 UTC 2008


My firebug shows no such issues.  It works solidly across IE7, Firefox
and Safari from my machine.

Has anyone else tested it out?

Regards,

David

On Fri, Nov 28, 2008 at 4:06 PM, electBlake <electblake at gmail.com> wrote:
> I went and tested it. My FireBug says that all of the functions are not
> found.
>
> http://img142.imageshack.us/img142/1380/picture5jq9.png
>
> *shrugs*
>
> On 28-Nov-08, at 3:21 PM, David Makalsky wrote:
>
>> Actually, this is not the way to communicate with an applet.  It's a
>> means to communicate to a POJO structure.
>>
>> I got around the security issue by having my called method simply set
>> a field (jsSignal). I then have a separate thread monitor the field
>> and act appropriately.  It seems to work now.
>>
>> Please try it out at http://rascal.xymbo.com and view source to see
>> the JS and html.
>>
>> Regards,
>>
>> David Makalsky
>>
>> On Fri, Nov 28, 2008 at 2:22 PM, Peter Rowley <prowley at yorku.ca> wrote:
>>>
>>> I think you may need to look at material in
>>>
>>>
>>> https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/LiveConnect_Overview/JavaScript_to_Java_Communication#Package_and_Class_Reference
>>>
>>> particularly the section concerning the Packages Object
>>>
>>> Peter
>>>
>>>
>>>
>>>
>>> "David Makalsky" <dmakalsky at gmail.com>
>>>
>>> 11/28/08 02:04 PM
>>>
>>> To
>>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>>> cc
>>> "Peter Rowley" <prowley at yorku.ca>
>>> Subject
>>> Re: Signing Javascript
>>>
>>>
>>>
>>>
>>> Hi Peter,
>>>
>>> Yes, the applet is signed properly.  When the same functions are
>>> called from the applet GUI they work fine.
>>>
>>> I would like to point out the following line in the stacktrace when
>>> calling the method from js
>>>
>>> sun.plugin.javascript.JSClassLoader.invoke(Unknown
>>> Source)                 at
>>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>>>
>>> I have seen the link you provided, but I was wondering if there was
>>> any fluid standards to signing JS.  For example, do we use a common
>>> certificate, etc.
>>>
>>> Regards,
>>>
>>> David
>>>
>>>
>>>
>>> On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca> wrote:
>>>>
>>>> Hi David,
>>>>
>>>> This is pretty informative
>>>>
>>>> http://www.mozilla.org/projects/security/components/signed-scripts.html
>>>>
>>>> Are you sure the applet is signed properly?
>>>>
>>>> Peter
>>>>
>>>>
>>>>
>>>> "David Makalsky" <dmakalsky at gmail.com>
>>>> Sent by: fluid-work-bounces at fluidproject.org
>>>>
>>>> 11/28/08 12:51 PM
>>>>
>>>> To
>>>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>>>> cc
>>>> Subject
>>>> Signing Javascript
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I am running into some issues when I am calling my Java Applet
>>>> functions from within a JS function.
>>>>
>>>> (All Source available at http://rascal.xymbo.com and view source)
>>>>
>>>> For example, when I call the following function:
>>>> function startRecordingApplet(){
>>>>               document.rascal.startRecording();
>>>> }
>>>>
>>>> it is supposed to call the startRecording() method from within the
>>>> ScreencastApplet class.
>>>>
>>>> I am getting the following stack trace:
>>>>
>>>> java.security.PrivilegedActionException:
>>>> java.lang.reflect.InvocationTargetException
>>>>               at java.security.AccessController.doPrivileged(Native
>>>> Method)
>>>>               at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown
>>>> Source)
>>>>               at java.security.AccessController.doPrivileged(Native
>>>> Method)
>>>>               at
>>>> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
>>>> Caused by: java.lang.reflect.InvocationTargetException
>>>>               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>>               at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
>>>> Source)
>>>>               at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>>> Source)
>>>>               at java.lang.reflect.Method.invoke(Unknown Source)
>>>>               at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
>>>>               at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
>>>> Source)
>>>>               at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>>> Source)
>>>>               at java.lang.reflect.Method.invoke(Unknown Source)
>>>>               at sun.plugin.javascript.JSClassLoader.invoke(Unknown
>>>> Source)
>>>>               at
>>>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
>>>>               ... 4 more
>>>> Caused by: java.security.AccessControlException: access denied
>>>> (java.util.PropertyPermission user.dir read)
>>>>               at
>>>> java.security.AccessControlContext.checkPermission(Unknown Source)
>>>>               at java.security.AccessController.checkPermission(Unknown
>>>> Source)
>>>>
>>>>
>>>> After doing some research online, I have come to the conclusion that
>>>> the Javascript which calls Applet functionality which needs the applet
>>>> to be signed, itself needs to be signed as well.
>>>>
>>>> Do we have a fluid standard for signing javascript?  Does anyone have
>>>> any experience signing javascript?
>>>>
>>>> Any assistance would be appreciated.
>>>> --
>>>> David Makalsky
>>>> _______________________________________________________
>>>> fluid-work mailing list - fluid-work at fluidproject.org
>>>> To unsubscribe, change settings or access archives,
>>>> see http://fluidproject.org/mailman/listinfo/fluid-work
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> David Makalsky
>>>
>>>
>>
>>
>>
>> --
>> David Makalsky
>> _______________________________________________________
>> fluid-work mailing list - fluid-work at fluidproject.org
>> To unsubscribe, change settings or access archives,
>> see http://fluidproject.org/mailman/listinfo/fluid-work
>
>



-- 
David Makalsky



More information about the fluid-work mailing list