All content and software implementations are not Ericsson-supported products. Note that Ericsson does not represent nor hold responsibility for the content from this area.

In the Java Security Model, applets are considered mobile code, and as a side effect they are not trusted and executed in a sandbox in which they have limited functionality:

• Applets can’t load libraries or define native methods.     
• Applets can’t read or write files in the executing host.     
• Applets can’t open a network connection except to the originating host.     
• Applets can’t create sockets to listen to incoming connections.     
• Applets can’t run programs in the executing host.     
• Applets can’t read certain sensitive system properties.     
• Applet windows have a visual warning.     
• Applets can’t access certain local devices such as audio capture, printers or video capture for reading or writing.

You can sign an applet to easily overcome this limitation without rewriting code or requiring the user to install a policy file. The first thing you have to create is a public key, which is done in a few steps:

# Create key and keystore
keytool -genkey -alias myKeyAlias -keypass myKeypassword -keystore mykeystoreFileName.bin -storepass publicKeykeystorePassword
What is your first and last name?
  [Unknown]:  Avelino Benavides
What is the name of your organizational unit?
  [Unknown]:  DSV
What is the name of your organization?
  [Unknown]:  KTH/SU
What is the name of your City or Locality?
  [Unknown]:  Kista
What is the name of your State or Province?
  [Unknown]:  Stockholm
What is the two-letter country code for this unit?
  [Unknown]:  SE
Is correct
?
  [no]:  Yes

You should type what is written above in italics. The keytool is an interactive program that lets you create a keystore that will contain a cryptographic key pair. The program keytool is provided with any J2SE SDK, just make sure it is in your execution path.  An alias is the name given to a particular key pair inside the keystore.  A keystore can hold many keys; therefore an alias is required for each one.

Next you have to pack your applet and related resources in a JAR file. To learn how to pack applets refer to http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/jar.html.
With the applet packed in a JAR file the next step is to sign it.

# Sign applet with the keystore
jarsigner -keystore mykeystoreFileName.bin -signedjar MyAppletSigned.jar MyAppletUnsigned.jar myKeyAlias
Enter Passphrase for keystore: publicKeykeystorePassword
Enter key password: myKeypassword
# Veryfy signed applet
jarsigner -verify MyAppletSigned.jar
jar verified.

With the JAR file signed the next step is to change your HTML code to use the signed JAR file.
…

…
Finally, upload your signed JAR file along with your HTML document to a web server. Note that you can do a similar thing with the OBJECT tag as well. If everything goes fine you should see a message similar to this when the page that contains the applet is requested:

Click on “Yes” and your applet should work without restrictions.  To avoid warning signs appearing when loading the certificate, you must send your certificate to a Certificate Authority (CA), which is trusted in a default JVM setup, import the certificate into your keystore and sign the JAR file with the new certificate.  For more information on how to import a certificate refer to: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

Avelino Benavides

Reference:
Java Applet Security http://java.sun.com/docs/books/tutorial/applet/practical/security.html