Breaking the Sandbox Barrier, Part 1
In this article, we will explain the Java "Sandbox" model and tell you when it is necessary to cross the restrictions imposed by the model. We will then provide a step-by-step procedure to create an applet, package the applet into a .cab file, create digital certificates (for testing), sign the .cab with digital certificates so that the applet can use features beyond the sandbox model, such as writing to a file on the client machine.
We'll first offer information on signing applets with digital certificates for Internet Explorer and then enumerate the steps for Netscape Communicator.
The Sandbox Model
On the Internet, there are big risks associated with virus attacks against which the virus scanner is helpless. Instead of trying to spot hostile code, Java's security mechanisms prevent attacks by stopping hostile actions. Java's Sandbox model defines actions an applet can safely perform and which it cannot. All commercial browsers conform to this basic policy. Applets are not allowed to:
- Read from a file system on the client machine
- Write to a file or delete it
- Delete a file on the file system
- Connect to a network port on any machine other than the HTTP server it came from
- Execute another program, load a library or DLL, and so on.
Digitally Signing an Applet for Microsoft Internet Explorer
But the Sandbox model imposes a physical restriction on where certain components can reside while deploying a three-tier application. Since an applet is allowed to talk to the middle-tier components just residing on its own Web server, it can put a lot of load on the Web server. Moreover, at times it might be required for the applet to log error messages on the client machine by writing to a file. In these cases, the applet cannot reasonably operate within the periphery of the Sandbox model. Java provides a mechanism by which applet code can be signed using digital certificates, which gives the applet additional privileges. Signed .jar/.cab files allow us to trust the applet, because they allow us to verify the applet has come from a trustworthy source and assure us that it has not been tampered during the download process.
In this section, we will demonstrate the signing of an applet employing Microsoft Authenticode technology. This signed applet would be embedded in a Web page and run in Internet Explorer to create a disk file. Creating disk files is not permitted by the Sandbox model; but after signing and authenticating the applet code, the applet can go beyond the limitations imposed by the Sandbox model and create a file on the disk. The article below covers the following topics:
- Create a Java applet that creates a file on the client machine
- Create a test digital certificate using Microsoft Authenticode technology
- Package the Applet in a .cab file and sign the .cab file with test digital certificate using Microsoft Authenticode and MS SDK Java tools
- Load the applet through HTML page from signed .cab file in Internet Explorer to demonstrate the creation of file on the client machine.
Creating a Java Applet
Let us create a sample applet
SampleSignedApplet.java that adds a button 'Create File' in the
init method and associates an event handler method
actionPerformed for the applet.
public class SampleSignedApplet extends Applet implements ActionListener
public void init()
btnCreateFile_ = new Button("Create File");
public void actionPerformed(ActionEvent ae)
String str = ae.getActionCommand();
public void createFile()
//Create a SampleDigitalCertificate file
FileOutputStream fileStream =
BufferedWriter out =
String fileMsg = "Hello World from a signed
out.write(fileMsg, 0, fileMsg.length());
msg_ = "Disk file has been created
msg_ = "Exception!! Disk file couldn't be
public void paint(Graphics g)
g.drawString(msg_, 50, 100);
When a user clicks on the 'Create File' button, the method
createFile method. The
createFile method creates a text file 'SampleDigitalCertificate.txt' on the c: drive of the user's machine and prints a message in this file. The applet then displays the message for successful creation of the file. If any failure occurs, then a failure message is also displayed.
javac command to compile the
SampleSignedApplet.java applet. This produces a
Packaging in a .cab File
The class file
SampleSignedApplet.class is packaged into the cab file
SampleSignedApplet.cab. Run the
dubuild utility in the same directory that contains
SampleSignedApplet.class to produce the
SampleSignedApplet.cab file. The
dubuild utility comes with MS SDK for Java. The
dubuild command is used as following:
dubuild SampleSignedApplet.cab . /I *.class /D "Sample Signed Certificate"
Use the makecab.bat file provided with the source code to generate the .cab file.
Creating a Sample Digital Certificate
The sample digital certificate is produced employing Microsoft Authenticode technology utilities
makecert command produces
SampleCertificate.cer certificate request file with a
SampleCertificate.pvk private key file. We have given the signer's information in X.500 standard while creating this certificate request. The parameters to the
makecert command are the following:
- CommonName (CN) -- common name of a person, e.g., "ABCSystems"
- organizationUnit (OU) -- department or unit, e.g., "Web Services Unit"
- organizationName (O) -- large organization name, e.g., "ABCSystems Inc."
- localityName (L) -- locality (city) name, e.g., "Palo Alto"
- stateName (S) -- state or province name, e.g., "California"
- country ( C ) -- two-letter country code, e.g., "CH"
makecert -sv SampleCertificate.pvk -n "CN=ABCSystems, OU= Web Services Unit,
O= ABCSystems Inc., L= Palo Alto, S= California, C=CH" SampleCertificate.cer
We need to enter the private key password in the dialog box invoked by
makecert command. This password is required while signing the code.
We then create a Software Publisher Certificate (SPC) with the Authenticode cert2spc utility from
SampleCertificate.spc is a X.509 sample certificate signed by the test root authority.
cert2spc SampleCertificate.cer SampleCertificate.spc
The file createcert.bat creates the sample digital certificate.
Signing the .cab File
Now, we sign the
SampleCertificate.spc. The Authenticode utility
signcode is employed to perform this task.
signcode -j javasign.dll -jp LOW -spc SampleCertificate.spc -v SampleCertificate.pvk -
n "Sample Certificate" SampleSignedApplet.cab
We have used the
SampleCertificate.pvk private key. We need to enter the same private key password in the dialog box invoked by
Running the Signed Applet
Finally, we run
SampleSignedApplet applet in Microsoft Internet Explorer from a Web page
SampleSignedApplet.htm using the following HTML code:
<applet code="SampleSignedApplet.class" align="baseline" width="250"
height="150" name="Sample Signed Applet"> <param name="cabbase" value="SampleSignedApplet.cab"> </applet>
The machine on which SampleSignedApplet.htm is run should have enabled the Trust the Test Root option by running the
SetReg command first:
SetReg 1 TRUE
The SampleSignedApplet source code is downloaded form the
SampleSignedApplet.cab. Internet Explorer displays the following dialog box when running the
This dialog box informs the user that he is about to run 'Sample Certificate' program signed by a test certificate and distributed by Sample Certificate. Click yes in the security dialog that comes up. Security dialog comes up only if the intranet/internet security level is set to medium-low or higher in the client browser. Clicking yes in this dialog box runs the SampleSignedApplet producing following output:
Clicking on 'Create File' produces a text file
SampleSignedApplet.txt on the c: drive.
About the Authors
Nitin Nanda is the associate project manager in the R&D Centre of Quark, Inc., based in Chandigarh, India. He is the manager responsible for the front office suite of components for a CRM product. He has co-authored: Professional Java Data and Beginning Java Databases, both from Wrox Press.
Sunil Kumar is the associate team lead in the R&D Centre of Quark, Inc. He is responsible for design and development of a call center component for a CRM product being engineered in Java/ASP/DCOM-MTS/SQL Server. He worked with RAMCO Systems, developing generic ERP software prior to joining Quark.