Java Rich Internet Applications Guide > Security > Deploying RSA-Signed Applets in Java Plug-in
The following topics are covered:
To deploy RSA signed applets:
archive, cache_archive, or
cache_archive_ex format.When users of Java Plug-in encounter an RSA signed applet, the Plug-in will verify whether:
If the applet is correctly signed and the RSA certificate chain and root CA are valid, the Plug-in will pop-up a security dialog telling the user and providing four options:
AllPermission permission. Any applet signed with
the same certificate will be trusted automatically in the future,
and no security dialog will pop up when the certificate is
encountered again. This option selection can be changed from the
Java Control Panel.AllPermission permission. Any applet
signed with the same certificate will be trusted automatically
within the same browser session.Once the user selects the options from the security dialog, the applet will be run in the corresponding security context. Note that all options are selected on the fly; no preconfiguration is required.
The Certificates dialog from the Java Control Panel manages RSA signed applets. (Access this dialog from the Security panel.) The Certificates dialog contains a list of certificates that received "Grant always" permission when the Java Plug-in security dialog (pop-up) ran. Users can remove any certificate from the list, and if an applet signed by a removed certificates is encountered again, a security dialog pop-up will appear asking for permission. Users can also export and view certificates through the Java Control Panel.
RSA signed applets can be entirely disabled in Java Plug-in by
specifying the usePolicy permission in the policy
file. If the usePolicy permission is among the
permissions granted to the given codesource (by the configured
security policy), user prompting will not take place, and only
permissions specified in the security policy will be granted to the
codesource. By default, RSA signed applets are enabled in the Java
Plug-in.
