Signed Java Applet for IE and Netscape

M. Gallant 05/09/2002

This page demonstrates how to deploy a privileged Java applet which will run in either Internet Explorer or Netscape Communciator using the browser's own internal Java Virtual Machine. Privileged Java code is any code which executes beyond the JVM "security sandbox", for example accessing the client's local file system, executing native applications, making arbitrary network connections to servers other than the host sourcing the original applet. For basic demonstration purposes here, this signed Java applet will attempt to launch the standard Win32 notepad.exe application (if present at the default install paths). If the application is not found, an exception is caught and status is displayed to the Java console System.out PrintStream:
                C:\windows\notepad.exe  (Win95)
                C:\winnt\notepad.exe    (WinNT, Win2000, WinXP)
Java Applet Source Code

The code can be easily extended to launch any Win32 native application providing a very powerful web-programming paradigm, with desktop continuity. The applet is signed using an enterprise code-signing certificate and, for the applet to start properly with the appropriate security dialog, the associated WebConnector root CA certificate must be imported into the Netscape Communicator or IE4+ browser CA certificate store.

The html code for this page enables either browser (IE or Netscape) to use its corresponding archive, as described in Microsoft Java Documentation:

<applet archive="runappNN.jar" code="RunApp.class" width=120 height=35> <PARAM NAME=cabbase> </applet> This is the simplest form of tag supporting both browsers. For IE, versioning control and client-installation is also possible using Distribution Units and the Java Package Manager technology.
[Another approach which enables running fully privileged code uniformly in both browsers with Java 2 functionality uses the JavaPlugin approach with RSA-signing.]

Details of Compiling and Code-Signing:
There is one Java class file, with multiple try/catch blocks to handle the security classes relevant to either Netscape or Microsoft browser JVMs; the Microsoft Visual J++ compiler jvc.exe Version 6.00.8424 was used with the Microsoft SDK for Java V4. The classpath must include the Netscape security classes (either Java40.jar from Netscape install directory, or the Netscape Capabilities classes ( archive). There are security statements in the init() method, which force the Netscape security dialog to display on first loading the page. The security statements for IE are included, but are only required if some privileged code runs in the init() method ("call-stack tracing"), as described in detail in the interesting KB article SecurityExceptionEx Exception Running a Java Applet