Setting security for applets

About this task

To protect the security of the file system, Java™ security generally does not allow applets to access Notes® classes. However, you can set up the applet so that it can access Notes classes, thereby allowing it to open a database and change data in it.

To set security for applets in Notes

About this task

To set up secure access for applets that will access the file system or Notes Java classes through Notes, you must first set up an access control list (ACL), then set up an execution control list (ECL) for each user or group. The ECL controls access to the file systems and to the Notes classes on the workstation.

Procedure

  1. In the database storing the Java applet, choose File - Application - Access Control and set up the ACLs.
  2. Choose File - Security - User Security.
  3. Enter password.
  4. Select "What Others Do."
  5. Select "Using Applets."
  6. Under "When applet is signed by," enter the users and/or groups that will have access to the file system or Notes classes.
  7. In the Allow list, select the options the users can use while running the Java applet.
  8. Click OK.

Results

When a user runs the applet, Domino® checks for execution rights of the person or group that signed the applet. If an applet is signed by a person or group without the correct authorization, Domino alerts the user of the illegal operation. The user can stop the operation and not run the applet, trust the signer of the applet one time, or automatically add the signer to the execution control list.

To set security for applets in Web applications

About this task

Complete these steps to set up secure access for applets that will access the file system or Notes Java classes through a browser.

Procedure

  1. Use CORBA to write a Notes/IIOP applet that accesses the Notes classes.
  2. Import the Notes/IIOP applet in a page, form, or document, using the same procedure as for any other applet.
  3. When you click Locate to Include the related applet files, make sure to include the NCSO.JAR file.
  4. Import or link the Java applet that users will run.
  5. Select the Java applet and choose Java Applet - Java Applet Properties.
  6. In the Java Applet Info tab select "Applet uses Notes CORBA classes."

Results

Assuming your browser and server are set up correctly, you should be able to use a supported browser to view these embedded CORBA applets on a Domino server. You do not need to set alternate HTML for the CORBA applet to run. When you check the setting that specifies the applet as a CORBA applet, Domino automatically provides the HTML source code that the applet needs to make an IIOP connection back to the server.

To extend the AppletBase class

About this task

An applet intended for run-time access of lotus.notes.noi extends AppletBase and puts its functional code in the methods notesAppletInit() and notesAppletStart(), as shown in the sample code, and in notesAppletStop(). You do not have to distinguish between local and remote access. AppletBase will make local calls if the applet is running through the Notes client and remote calls if it is running through a browser.

Here is an example of an applet that makes NOI calls:

import lotus.notes.noi.*;

public class platform4 extends AppletBase
{
 java.awt.TextArea ta;

 public void notesAppletInit()
  {
    setLayout(null);
    setSize(100,100);
    ta = new java.awt.TextArea();
    ta.setBounds(0,0,98,98);
    add(ta);
    ta.setEditable(false);
    setVisible(true);
  }

  public void notesAppletStart()
  {
    try
    {
      // Can also do getSession(user, pwd)
      Session s = this.getSession();
      if (s == null) { //we were not able to make the connection, warn user
        ta.append("Unable to create a session with the server");
        return;
      }
      String p = s.getPlatform();
      ta.append("Platform = " + p);
    }
    catch(Exception e)
    {
      e.printStackTrace();
    }
  }
}