Security in Rich Internet Applications

The security model behind rich Internet applications (RIAs) works to protect the user from malicious Internet applications. This topic discusses security aspects that are common to applets and Java Web Start applications. See the following topics for more information:

• What Applets Can and Cannot Do
• Java Web Start and Security

RIAs can be restricted to the Java security sandbox or request permission to access resources outside the sandbox. The first time an RIA is launched, the user is prompted for permission to run. The dialog shown provides information about the signer's certificate and indicates if the RIA requests permission to run outside the sandbox. The user can then make an informed decision about running the application.

Apply the following guidelines to help secure your RIAs.

• Sign the JAR file of the RIA with a certificate from a recognized certificate authority. For more information, see the Signing and Verifying JAR Files topic.
• If the RIA requires access outside of the security sandbox, specify the all-permissions element in the JNLP file for the RIA. Otherwise, let the RIA default to running in the security sandbox. The following code snippet shows the all-permissions element in the RIA's JNLP file.

  <security>
     <all-permissions/>
  </security>
  

  If the applet tag is used, see Deploying With the Applet Tag for information on setting the permissions level.
• A JNLP file can only include JAR files signed by the same certificate. If you have JAR files that are signed using different certificates, specify them in separate JNLP files. In the RIA's main JNLP file, specify the component-desc element to include the other JNLP files as component extensions. See Structure of the JNLP File for information.
• The security model for RIAs does not allow JavaScript code from a web page to invoke security-sensitive code in a signed JAR file unless you explicitly enable this. In the signed JAR file, wrap the section of code that you want JavaScript code to be able to invoke in a AccessController.doPrivileged block. This allows the JavaScript code to run with elevated permissions when executing the code in the doPrivileged code block.
• Avoid mixing privileged and sandbox components in a RIA, if possible, as they can raise security warnings about mixed code. See Mixing Privileged Code and Sandbox Code for more information.
• Include the Permissions and Codebase attributes in the JAR file manifest to ensure that your RIA requests only the permissions you specify, and that the RIA is accessed from the correct location. See JAR File Manifest Attributes for Security for information.
• JAR file manifest attributes enable you to restrict access to your RIA and help to ensure that your code is not tampered with. See Enhancing Security with Manifest Attributes for information on all of the JAR file manifest attributes that are available.