Signed applets are trusted, they are allowed to access local system resources, e.g. to open or save files on local machine or to access the system's clipboard.
"Signed applet" means that the
jarfile that contains the applet is signed. A signed
jarfile can be downloaded from a standard HTTP server, just like any other
jarfile. However, for the signed applet to be trusted, the local system must trust the key that was used to sign the
jarfile. When a user encounters a signed applet, a security dialog pops up, which tells the user who signed the applet and provides four options:
- Grant always: If selected, the applet will be granted "AllPermission". Any signed applet that is signed using the same certificate will be trusted automatically in the future, and no security dialog will pop up again. This decision can be changed from the Java Plug-in Control Panel.
- Grant this session: If selected, the applet will be granted "AllPermission". Any signed applet that is signed using the same certificate will be trusted automatically within the same browser session.
- Deny: If selected, the applet will be granted the applicable permissions from the security policy of the Java runtime. By default, the permissions granted would be those for untrusted applets.
- More Info: If selected, users can examine the attributes of each certificate in the certificate chain in the
Once the user selects an option from the security dialog, the applet will be run in the corresponding security context. Note that all these decisions are determined on the fly, and no preconfiguration is required.
Our applets are signed by Thawte's Java Code Signing Certificate which uses JDK 1.3 codesigning tool.
All applets in the Marvin Applets package are signed. If you need unsigned
Marvin applets, unsign signed jar files
jmarvin.jar and all jar files in the
Warning: If you unsign applets, some functionality will not be accessible in Marvin. The MarvinSpace applet requires trusted jars in all cases.