Security in Rich Internet Applications

The security model behind rich Internet applications (RIAs) ensures that the user is protected from malicious internet applications. This topic discusses security aspects that are common to applets and Java Web Start applications. See the following topics for more information:

• What Applets Can and Cannot Do
• Java Web Start and Security

Unsigned RIAs run in a restricted environment known as a security sandbox. Apply the following guidelines to enable RIAs to run outside the security sandbox.

• Sign the JAR file of a RIA if code in the JAR file needs additional permissions to perform operations outside the sandbox, such as, accessing the local file system or network resources. Specify the all-permissions element in the JNLP file for the RIA.

  For more information, see the Signing and Verifying JAR Files topic.

  The following code snippet shows the all-permissions element in the RIA's JNLP file.

  <security>
     <all-permissions/>
  </security>
  

  If the certificate used to sign the RIA has not been previously approved, the Java Runtime Environment (JRE) software opens a dialog box displaying the RIA's origin based on the signer's certificate. The user can then make an informed decision about running the application.

• A JNLP file can only include JAR files signed by the same certificate. If you have JAR files that are signed using different certificates, specify them in separate JNLP files. Create a separate JNLP file for unsigned JAR files. In the RIA's main JNLP file, specify the component-desc element to include the other JNLP files as component extensions. See Structure of the JNLP File for information.
• The security model for RIAs does not allow code from an unsigned JAR file or JavaScript code from a web page to invoke security-sensitive code in a signed JAR file unless you explicitly enable this. In the signed JAR file, wrap the section of code that you want unsigned code to be able to invoke in a AccessController.doPrivileged block. This allows the unsigned code to run with elevated permissions when executing the code in the doPrivileged code block.
• Avoid mixing signed and unsigned JARs in a RIA, if possible, as they can raise security warnings about mixed code. See Mixing Signed and Unsigned Code for more information.