Security

Security

Java security features, such as cryptography, authentication, authorization, and public keys, are supported. The ICEbrowser SDK supports security for Java 1.1 and Java 2. Security APIs between these versions vary greatly. You must enable the security features according to the version of Java used.

With Java 1.1

Include code similar to the following in the main application that embeds the ICEbrowser application:
ice.util.net.URLStreamHandlerFactory f = new 

    ice.util.net.URLStreamHandlerFactory();

f.addStreamHandler("jar","ice.util.jdk11.JarHandler_jdk11");

URL.setURLStreamHandlerFactory(f);

ice.util.security.SecurityKit.installDefaultSecurityManager();
 
The first three lines install a special URLStreamHandlerFactory, and add support for jar: protocol under Java 1.1. The fourth line installs a special implementation of SecurityManager that provides the sandbox security model and treats all Java applets and script code as untrusted.

To set up a Java 1.1 security manager, see the example in Main.java in the src/ICEbrowserRef/src/ice/browser directory.

Note that signed applets are not supported under JDK 1.1.

With Java 2

With Java 2, your application relies on the built-in Java 2 security features, such as signing and policy files, which offer greater functionality than the sandbox model implemented by URLStreamHandlerFactory.

Your application can use the Java 2 java.net.URLClassLoader( ) to load applet classes. This ensures seamless integration with Java 2 security.

The main application is responsible for installing the default Java 2 SecurityManager and providing the correct policy file. For more information, see http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html

You can type the following on the command line to set the security manager and policy file:
java -Djava.security.manager -Djava.security.policy=mypolicyfile

  ice.browser.Main
 
Avoiding Security Problems With LiveConnect

The ICEbrowser implementation of JavaScript uses Rhino, which supports access to arbitrary Java classes via LiveConnect. For this reason, all scripts are treated in the same way as untrusted Java applets. You must install a SecurityManager implementation in your application if you are going to access untrusted sites with JavaScript enabled. For more information, see JavaScript.