Signed Marvin Applets

Signed applets are trusted, they are allowed to access local system resources, e.g. to open or save files on local machine or to access the system's clipboard.

Signing

"Signed applet" means that the jar file that contains the applet is signed. A signed jar file can be downloaded from a standard HTTP server, just like any other jar file. However, for the signed applet to be trusted, the local system must trust the key that was used to sign the jar file. When a user encounters a signed applet, a security dialog pops up, which tells the user who signed the applet and provides four options:
  1. Grant always: If selected, the applet will be granted "AllPermission". Any signed applet that is signed using the same certificate will be trusted automatically in the future, and no security dialog will pop up again. This decision can be changed from the Java Plug-in Control Panel.
  2. Grant this session: If selected, the applet will be granted "AllPermission". Any signed applet that is signed using the same certificate will be trusted automatically within the same browser session.
  3. Deny: If selected, the applet will be granted the applicable permissions from the security policy of the Java runtime. By default, the permissions granted would be those for untrusted applets.
  4. More Info: If selected, users can examine the attributes of each certificate in the certificate chain in the jar file.

Once the user selects an option from the security dialog, the applet will be run in the corresponding security context. Note that all these decisions are determined on the fly, and no preconfiguration is required.

Our applets are signed by Thawte's Java Code Signing Certificate which uses JDK 1.3 codesigning tool.

Howto unsign applets

All applets in the Marvin Applets package are signed. If you need unsigned Marvin applets, unsign signed jar files (jmarvin.jar and all jar files in the sjars direcory).
Warning: If you unsign applets, some functionality will not be accessible in Marvin. The MarvinSpace applet requires trusted jars in all cases.