After
completing this HowTo you should be able to:
•
Understand what a Signed Applet is and how it talks to Session beans.
• Learn how to sign jar files using ant.
• Deploy and run the Session bean and applet.
An applet is a Java program which runs from a sandbox.
It can be included in an HTML page, much in the same way an image is included.
Java's applet differ from full-fledged Java applications in the following
ways:
They can not read or write files on the computer that it's
executing on.
They can not make network connections except to the originating
host.
Also, Applets loaded over the net are also not allowed to
load libraries, or to define native method calls.
What are Signed Applet?
A better way to escape the sandbox is to sign the applet.
Signed Applets are a technique of adding a digital signature to an Applet
to prove that it came untampered from a particular trusted author. This
can be done by a technique of adding a digital signature to an Applet using
a trusted source. This is done so that the client can be sure that the applet
they are accessing does not contain any malicious data. The signature on
the applet can also be used to track back to the author of the signature.
Which tool must be used to sign an Applet?
The Java Development Kit comes with a jar signing tool
called JAR Signing and Verification Tool ( referred as
Jarsigner) . This is used to sign the applets. All the class files
accessed by the Applet should be bundled in a JAR (Java ARchive) and signed
using the jarsigner tool.
This Howto explains how to access a Stateless Session
bean running on JDeveloper (in its embedded Oracle Containers For J2EE, OC4J)
from an Applet running in a Java enabled browser. As the client applet can
be present on a machine other than the server, it must be signed.
Prerequisites
To work your way through this HowTO, you will need to have
an understanding of the following terms: Jarsigner, keytool. In this prerequisites
section, we have endeavored to provide you with a conceptual understanding
of these topic areas:
Jarsigner
Jarsigner generates signatures for Java ARchive (JAR)
files, and verifies the signatures of signed JAR files. It reads the information
stored in keystore to create digital signatures for the jar files. We will
be using jarsigner to sign all the jar files accessed by the Applet.
Keytool
Keytool is a Key and Certificate Management Tool.
It creates keys and certificates which helps to track the integrity of a
person. These keys and certificates are stored in a keystore. By
default, the keystore is stored in a file named .keystore
in the user's home directory, as determined by the user.home system
property. If the users name is uName then user.home,
by default, points to
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
Java Plug-in, which comes automatically when you install
the J2SE
JRE or SDK.
We strongly recommend that you install the latest version. You can find
more information in the Java
Plug-in home page.
Note: There are issues with earlier versions of Netscape. Hence,
for smooth running of the application please use Netscape 4.7 or above.
HowTo talk to a Session bean from an
Applet
To demonstrate this application let us look at the following
scenario:
We have an Applet, AppletToEJB.java, which takes
a string as an input and displays a message on clicking the Call EJB
button. On clicking the button, the Applet calls the Stateless Session bean,
AppletSessionEJB. This Session bean returns
a message which is displayed on the Applet.
Extract the downloaded file AppletToEJB.zip
using Winzip utility. This will create a directory
called AppletToEJB (henceforth referred as <SAMPLE_HOME>)
which contains all the documentation and source code for this how-to.
The important files in this application are:
Session Bean's bean class
The bean class, AppletSessionEJBBean.java,
contains a method which returns a string to the Applet. This method looks
as below:
public String retrieveString(String name) {
// The message displayed on the browser.
String message = new StringBuffer().append("Congratulations
").append(name)
.append(". You can now
access the Session Bean.").toString();
return message;
}
Applet Files
The Applet class file, EJBCaller.java,
contains code to call the Session bean remotely. The main section of the code
is shown below:
// Create the Home object of Session bean AppletSessionEJBHome ejbHome = (AppletSessionEJBHome)PortableRemoteObject.narrow(context.lookup("AppletSessionEJB"), AppletSessionEJBHome.class);
// Use the create() method to create a new instance AppletSessionEJB ejbObj = ejbHome.create();
// Call the Remote method to access the EJB String str = ejbObj.retrieveString(txtName.getText() );
lblMessage.setText( str ) ; } catch ( SecurityException se ) { lblMessage.setText (se.toString ()); } catch( Exception ex ) { lblMessage.setText (ex.toString ()); } }
The HTML file, AppletToEJB.html,
calls the Applet class file using <APPLET>
tag. The contents of the <APPLET> tag looks
as below:
<APPLET CODE="oracle.otnsamples.EJBCaller" ARCHIVE="jars/source.jar,jars/oc4jclient.jar,jars/jta.jar, jars/jmxri.jar,jars/jms.jar,jars/jndi.jar,jars/ejb.jar,jars/servlet.jar,jars/xmlparserv2.jar, jars/jaas.jar" HEIGHT="200" WIDTH="475" ALIGN="bottom"> This browser does not appear to support Applets. </APPLET>
The application can be run in either of the following ways:
Open AppletToEJB.jws file present
inside <SAMPLE_HOME> using JDeveloper.
Open System Navigator View in JDeveloper (In JDeveloper's
menu select View --> System Navigator).
Click the project AppletToEJB.jpr
. In JDeveloper's menu select Project --> Show Categories option
Open Connection.properties file
present under HTML sources. It looks as shown below:
# Your OC4J/JDeveloper details InitialContextFactory=com.evermind.server.rmi.RMIInitialContextFactory SecurityPrincipal=admin SecurityCredentials=welcome ProviderURL=ormi://<myserver>:<port>/<workspacename>
where
value of SECURITY_PRINCIPAL
is the user name of the administrator of OC4J embedded with JDeveloper.
By default it will be admin.
value of SECURITY_CREDENTIALS is the password
for the user mentioned above <myserver> is the IP address of the
system on which the JDeveloper is running. <port> Admin Port on which the OC4J
embedded within JDeveloper server listens. By default it is 23891. <workspacename> is the name of the
workspace. For this project it is current-workspace-app
Step 2. Compile the class files and create
source.jar
Right click AppletToEJB.jpr
and rebuild the project file to compile all the java files.
Now right click the deployment profile Source.deploy
present under Deployment in JDeveloper's System Navigator View.
Select Deploy to JAR file option.
This will create source.jar file in <SAMPLE_HOME>\public_html\html\jars
folder.
Step 3. Create key
We will now look at the steps required to create the
key. If there is a key already created, you can use that and ignore this
step and proceed to Step 4. To use
an already existing key for signing jar files open the ant build script,
common.xml located at <SAMPLE_HOME>
and replace the values of the keys alias, keypass and storepass. Now you
can proceed to Step 4.
Ensure Ant 1.4.x or better is installed on your machine
and configured correctly.
Create the key for the digital signature using the certificate
management utility keytool. This is done either from command prompt
or using Ant tool. Here we will see how to create the key using Ant tool.
First we need to make few changes in the ant build script, common.xml
and build-jdev.xml located at <SAMPLE_HOME>.
The main part of ant build script and the changes that should be made
in it are given below.
In common.xml the changes to be made are:
<!-- Set key store variables --> <target name="init">
<property name="alias" value="<alias>"/> <property name="keypass" value="<key password>"/> <property name="storepass" value="<keystore password>"/> </target>
where
<alias> is the alias identifying
the private key that's to be used to sign the JAR file, and the key's
associated certificate <key password> is the key alias password <keystore password> is the key store
password which is used to protect the integrity of the keystore
In build-jdev.xml the changes to be made
are:
<!-- Creates the key entry in keytool --> <target name="genkey"> <genkey alias="${alias}" keypass="${keypass}" storepass="${storepass}" dname="CN=XXX, OU=OTN, O=Oracle, C=IN" /> </target>
where
dname contains the trusted author
details. The notations used in dname and their meanings are
CN - Common Name of the author OU - Organizational Unit O - Organization Name C - Country
These details provided by the trusted author are used in the digital
signature displayed to the client when he accesses any applet signed
with this key alias.
Now replace the text in bold in both the scripts with the values specified.
Open command prompt at the location <SAMPLE_HOME>
and type the following command:
> ant -f build-jdev.xml
This will create keystore entry with the alias provided.
Step 4. Copy and sign all the jar files
An ant build script is provided which helps to copy all
the jar files required by the Applet class and sign them using jarsigner
tool. Open command prompt at the location <SAMPLE_HOME>
and type the following command:
> ant -f build-jdev.xml signjars
This will copy all the jar files from the specified JDeveloper
directory to <SAMPLE_HOME>\public_html\html\jars
and signs them.We should run this step whenever we recreate the source.jar
file using the procedure given in Step 2.
Step 5. Run the application
Open System Navigator View in JDeveloper. Go to Enterprise
Java Beans --> ejb-jar.xml. Right click AppletSessionEJB
and run the Session bean.
Run AppletToEJB.html present
under HTML Sources.
This will open the application in the default browser of
JDeveloper. Else access the application in your favorite browser at the
URL :
<myserver> is the IP address
of the machine where JDeveloper is running <port> is the port on which the OC4J
embedded in JDeveloper listens. This value by default is 8988 unless explicitly
changed by the user
For example : http://myoc4jserver:8988/AppletToEJB/AppletToEJB.html
The signed applet first displays the signature of the trusted
author who signed the Applet. After you grant the requested permission it
displays a text box to enter your name.
Enter your name and click the Call EJB button. Now
the Applet class calls the method in the Session bean and displays the message.
If the name entered is Robert then it displays "Congratulations
Robert. You can now access the Session Bean.".
Open Connection.properties
file present at <SAMPLE_HOME>\public_html\html.
It looks as shown below:
# Your OC4J/JDeveloper details InitialContextFactory=com.evermind.server.rmi.RMIInitialContextFactory SecurityPrincipal=admin SecurityCredentials=welcome ProviderURL=ormi://<myserver>:<port>/<workspacename>
where
value of SECURITY_PRINCIPAL
is the user name of the administrator of standalone OC4J. By default it
will be admin.
value of SECURITY_CREDENTIALS is the password
for the user mentioned above <myserver> is the IP address of the
system on which the OC4J is running. <port> Admin Port on which OC4J server
listens. By default it is 23791. <workspacename> is the name of the
workspace. For this project it is applettoejb
Step 2. Create key
Please refer to Step
3 in Using JDeveloper to know how to create a key. If there is
a key already created, you can use that and ignore this step and proceed
to the next step. To use an already existing key for signing jar files open
the ant build script, common.xml located at
<SAMPLE_HOME> and replace the values
of the keys alias, keypass and storepass. Now you can proceed to the next
step i.e. Step 3.
Step 3. Sign jar files and create ear
file.
An ant build script is provided which helps to compile
all the class files, create source.jar, copy all the jar files required
by the Applet class from the specified OC4J directory, sign all the jar
files using jarsigner tool and create the ear file. Open command prompt
at the location <SAMPLE_HOME> and type
the following command:
> ant
This will do all the tasks mentioned above and finally
creates an applettoejb.ear file at <SAMPLE_HOME>\build.
<myserver> is the IP address
of the system on which the JDeveloper is running <admin_port> Admin Port on which the
OC4J server listens. This value by default is 23791 unless explicitly
changed by the user <admin_pwd> Adminstrator password to
access OC4J. By default it is not set. Please set it to a specific value
and copy the same here.
This will deploy the application onto OC4J by creating entries in server.xml
and http-web-site.xml present at <OC4J_HOME>\j2ee\home\config
<myserver> is the IP address
of the machine where OC4J instance is running <port> is the port on which the OC4J
server listens. This value by default is 8888 unless explicitly changed
by the user
For example : http://myoc4jserver:8888/AppletToEJB/AppletToEJB.html
The signed applet first displays the signature of the trusted
author who signed the Applet. After you grant the requested permission it
displays a text box to enter your name.
Enter your name and click the Call EJB button. Now
the Applet class calls the method in the Session bean and displays the message.
If the name entered is Robert then it displays "Congratulations
Robert. You can now access the Session Bean.".
Bookmark
