This section includes the following topics:
Q. Why do I get a javax.net.ssl.SSLException
(or hang or disconnect)
when accessing an applet from an HTTPS site.
A. In some SSL/TLS servers you will encounter this problem if a client message
is received in a format it doesn't understand or with a protocol version number
that it doesn't support. The problem is on the server side. There may be several
aspects of the SSL/TLS protocol that are not implemented correctly. If the server
only speaks SSLv3, when a client sends a TLSv1 (aka SSLv3.1) hello the server
is supposed to respond with a SSLv3 server hello (aka SSLv3.0). But the server
is not doing so; hence, you get the exception (SSLException
).
In Java Plug-in 1.3.x the browser's implementation of SSL was used. Netscape 4.x and Internet Explorer provide only an SSLv3.0 implementation. The problem will not be seen because in this version of Plug-in only SSLv3.0 is used.
In Java Plug-in 1.4.0 the JSSE implementation of TLS/SSL was used. By default, JSSE enables the TLSv1, SSLv3, and SSLv2Hello protocols. In this version of Plug-in TLSv1 will be used, and this problem may be seen on servers with incorrect protocol implementations.
Below are some ways to work around this problem. Turn off the TLSv1 protocol and use only SSLv3.
1. In the Java Plug-in Control Panel (Advanced tab) specify:
-Dhttps.protocols="SSLv3,SSLv2Hello"
2. Set the system property:
System.setProperty("https.protocols", "SSLv3");
3. If you have access to the socket, you can do this:
socket.setEnabledProtocols("SSLv3");
In Java Plug-in 1.4.1 the SSLv3 and SSLv2Hello protocols are used by default.
Because most browsers use SSLv3 by default and most web servers support itand
to avoid seeing the above problemthe change was made to this version of
the Plug-in. Users that need to use TLSv1 should set the https.protocols
settings.
Q: Is there a way, other than restarting the browser, to force the JVM to check the server for modified JAR files for a page with an applet?
A: Modified jar files will be downloaded from the server when a page
with an applet is refreshed or revisited if you first do this: type "x"
in the Java Console to clear the Classloader cache.
Q: When trying to play a game on http://games.yahoo.com
I get
a ControlAccessException
. What is the problem and is there a workaround?
A: The problem is that the game applet needs permission to connect to one or
more servers, and it is being denied permission for security reasons. The workaround
is this: Add the following to your java.policy
file:
grant codeBase "http://download.yahoo.com/games/clients/" {
permission java.net.SocketPermission "*","connect";};
java.policy
is located in <JRE installation directory>/Java/j2re1.4.0/lib/security/
.
Q: How do I get Nescape to find my plugin when I've downloaded and installed the Java SE, which includes Java Plug-in?
A: Set the NPX_PLUGIN_PATH envirronement variable to the location of the Java Plug-in (the directory in which the javaplugin.so file is located):
NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc
/ns4
for Netscape 4
NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc/ns6
for Netscape 6
Q: I can't get Java Plug-in software to install in an intranet environment when I place it on our Netscape Enterprise 3.0 SuiteSpot web server. Why not?
A: We have reports that the Netscape Enterprise 3.0 SuiteSpot Webserver is unable, at least in some circumstances, to serve up .exe files. One apparent workaround has been to configure the HTML so that the Java Plug-in product is installed by a Visigenic Orb Gatekeeper, which also functions as a web server.
Q: I'm having trouble debugging with Java Plug-in Software. Do you have any tips?
A: In some circumstances, Java Plug-in Software will use a different
debug connection address than expected. This occurs when Java Plug-in Software
is loaded into the Explorer.exe
process running in one of the following
configurations:
Java Plug-in Software is loaded into the Explorer.exe
process
when an HTML page containing the OBJECT tag is viewed in the following
ways:
This can cause problems when debugging Java applets, since no two processes
should use the same debug connection address. (See How
to Debug Applets in Java Plug-in in Debugging
Support regarding setting of the connection address.). If the Explorer.exe
process has already claimed the debug connection address, and the Netscape.exe
or Iexplorer.exe
tries to use it, debugging problems may result.
Java Plug-in Software avoids this complication when loaded into the Explorer.exe
process by prepending the debug connection address specified in the Control
Panel with the string Explorer
.
For example, if the default connection address set at the time of Java Plug-in
Software installation is 2502
, when running under Explorer.exe
it is actually set to Explorer:2502
.
When running JDB from the Java SDK you should specify
jdb -attach Explorer:2502
to attach to the JVM loaded into the Explorer.exe
process.
Q: My applet is no longer scriptable in Internet Explorer with Java Plug-in. Why?
A: With Java Plug-in Software 1.3 a scriptable tag must be
included and given a value of "true" in order for an applet to be scriptable.
See the Using OBJECT
, EMBED
and APPLET
Tags in Java Plug-in for more information.
Q: Why am I having problems using some standard extensions/optional packages?
A: Only extensions installed in the <jre>\lib\ext
directory will be added to the classpath. Extensions installed in directories
pointed to by the java.ext.dirs
system property will not be added.
Q: Java Plug-in used to work with my Navigator 4.0.x browser. But when I upgraded to Navigator 4.5 and re-installed Java Plug-in, it does not work with Navigator 4.5. Why?
A: It has been reported that Navigator 4.5 may not install the user profile properly during installation. As a result, Java Plug-in Software may not read the correct user profile setting. To make sure the user profile setting is correct, check the following:
HKEY_LOCAL_MACHINE\Software\Netscape\Netscape Navigator\Users\CurrentUser
HKEY_LOCAL_MACHINE\Software\Netscape\Netscape Navigator\Users\<UserName>\DirRoot
<DirRoot>
points to an existing user profile. If any of the registry keys are missing or
incomplete, use the User Profile Manager tool to recreate your profile.
Q: We are trying to use Java 3D with Java Plug-in but it doesn't work at all. Why?
A: Java 3D comes with various packages. Installing it incorrectly may inadvertently disable Java Plug-in or cause it to fail. Follow these general instructions for using Java 3D and Java Plug-in Software:
Q: Some web/proxy servers require users to login for authentication. When I used the browser to access this server with Java Plug-in, two login dialog boxes appeared. Why?
A: Normally Java Plug-in will download the applets using its own connection. If the web/proxy server requires login, the browser will first encounter the request and bring up a login dialog box. After the HTML page is downloaded, Java Plug-in will try to download the class or jar files for the applet. However, since Java Plug-in has no access to the login information that the browser previously obtained, it will bring up its own login dialog box.
Q: When I tried to deploy Java Plug-in in the intranet and put the binaries on the internal web server, IE doesn't download and install Java Plug-in Software when it encounters the converted page. What's going on?
A: You may want to check that the CODEBASE in the OBJECT tag actually has the correct URL for Java Plug-in. Also, turning off execute privileges on the directory in which you put the Java Plug-in Software executable may help.
Q: I am experiencing problems getting an applet to render using Java Plug-in Software. What is the cause of this?
A: While this may be due to a variety of circumstances unique to your operating environment, a frequent cause of this problem is a security exception.
Problem: Your network does not support DNS (Domain Name Service).
In order to perform certain security checks, the applet SecurityManager
needs to be able to find the IP address from which your applet was downloaded.
If DNS is not available, these security checks may fail.
Workaround: When visiting the target web page, specify an IP address rather than a hostname in the URL. For example, use "http://123.45.35.128/fred.html".
Q: I changed my browser setting while Java Plug-in Software was running, but it still uses the old settings after the change. Why?
A: The browser settings are read in by Java Plug-in when it is started. These settings are valid throughout the lifetime of the browser session. To make Java Plug-in read in the new settings, restart your browser. If you are running Active Desktop with Java Plug-in, you need to restart the computer.
Q: When I loaded my applet, it said "noninit" or "applet not initialized" in the browser's status bar. How can I identify the cause of the problem?
A: Follow these steps:
Q: When I try to use the AppletClassLoader
with Java Plug-in
Software, it crashes with a null pointer exception in IE4 but works fine in
Netscape. Why does this happen? Is there a way to make it work correctly in
IE4?
A: Java Plug-in Software in IE4 tries to load <YourAppletName>BeanInfo.class
even if your applet is not a bean. There is a bug in Java SDK, Standard Edition
v 1.3 in the AppletClassLoader
that occurs when trying to load
nonexistent classes. To prevent this problem, create an empty <YourAppletName>BeanInfo.class.
Q: Why does Java Plug-in Software sometimes crash Internet Explorer but not Netscape Navigator?
A: In certain circumstances, bad HTML will cause the browser to crash. One example is the absence of an </XMP> tag. Please make sure your HTML is correct.
Another possibility is that the plug-in was disabled using the Control Panel before you accessed a Plug-in-enabled page. Please check your settings to make sure the Plug-in is enabled.
Q: My applet used to create a top-level frame that would remain visible through page switches. When I upgraded to Java Plug-in this no longer occurs. Why?
A: In Java Plug-in Software, applets are stopped and destroyed during page switches. All the visible components should be destroyed as well. There has been an enhancement in Java SDK that makes sure that all of the resources of the applet are properly released, including the top-level frame.
Q: I am trying to install the Java Plug-in on a network drive. However, it doesn't install. Why?
A: If your network drive is protected or read-only, you will not be able to install the Java Plug-in. Contact your system administrator for more details.
Q: I am trying to install Java Plug-in. However, whenever the install program tries to install the Java Plug-in for Netscape Navigator, it displays an error. My Navigator is on a network drive. Is there a way to fix this?
A: If your Navigator is installed on a network drive, you may not have permission to install the plugin DLL on the Navigator Plugins directory. Contact your system administrator for more details.
Q: I'm having trouble installing the Java Plug-in on my Microsoft Windows machine. I see the error: "An application error has occurred and an application error log is being generated. Exception: access violation ..." What might be the problem?
A: The Microsoft Window installation (using Installshield's installer) may not work if you have Quarterdeck's Cleansweep product running in the background.
Q: When I reboot after I uninstalling Java Plug-in software, I get a dialog
box warning that a .cpl
file has been removed. What
is this?
A: If the Java Plug-in Control Panel is open while you are uninstalling the plug-in, plugincpl.cpl will not be removed as it is locked when the Control Panel folder is open.
Q: When I uninstall Java Plug-in, the Microsoft Window Plugin for Netscape seems to stay on the machine. How can I remove that?
A: Delete the NPJPI<modified version number>.dll
from the Netscape Plugins
directory. For example, for Java Plug-in
1.4.0, delete NPJPI140.dll
from the Plugins
directory.
Q: I have some security-related issues in my applet. How do I debug it?
A: You can enable the java.security.debug
property to enable
trace messages from the security system. Please see java.security.debug
Property in the chapter called Debugging Support for more information.
Q: When downloading applets from the Internet, an AccessControlExcpetion
is thrown. However, when the applet is located on the intranet, it works. Why?
A: To prevent DNS spoofing, a security check in Java Plug-in requires the host name to be resolved into an IP address before any connection is made from the applet. However, the side-effect of this security check is to require the intranet DNS server to be able to resolve any external host name from the Internet. For some customers, this is not the way their DNS servers are setup within the enterprise, and it causes Java Plug-in to fail. To resolve this issue, there are several options:
-DtrustProxy=true
in
the Java Plug-in Control Panel.
Note that this property should be set by administrator, as setting this
property improperly with an untrusted proxy server may expose the client
machines to DNS spoofing. This property is similar to the security.lower_java_network_security_by_trusting_proxies
property supported by Netscape Navigator's JVM.
Q: I keep getting a ClassFormatError
exception when my webpage
is loaded with HTTPS in Netscape Navigator. Why?
A: This is caused by an applet specifying a nonexistent .jar
or .class
file in the EMBED tag. Due to limitation of
what information can be returned via HTTPS in Navigator, the web server's "File
Not Found" HTML page is returned instead of the appropriate status. This HTML
page is treated as a .class
file and that causes the exception.
Q: I tried to run an RSA signed applet with Java Plug-in, but it is being treated as an untrusted applet. What is the problem?
A: There are several possibilities:
signtool
or Sun's jarsigner
to verify it.
Q: Why do I get a yellow banner across my applet frame when using Java Plug-in?
A: When an applet creates a free-standing Frame, Java Plug-in adds a yellow warning banner so users will know they are dealing with an untrusted applet window.
Q: Can I disable the yellow warning banner on frames?
A: The yellow warning banner is an important security feature. It cannot be disabled by untrusted applets.
If you use a signed applet, where the signing key is trusted by the end user, then the warning banner will not be shown.
Q: How do I prevent the warning banner from covering my GUI state?
A: See the same question in the Developer FAQ.
Q: Why does InetAddress.getLocalHost().getHostName() return "localhost"?
A: See the same question in the Developer FAQ.