BIJ Applet
Part of BIJ and the Bio-medical Imaging in Java site.By running this applet, you indicate your agreement to the copyright and disclaimer text.
Now works with
Java PlugIn 1.4
No more downloading by hand. Always
the latest, proven, VolumeJ and FlowJ versions!
The ImageJ applet should open automatically in a separate window. With a slow connection, this may take a minute or two. Quit ImageJ by clicking on the "ImageJ" window's close button. VolumeJ and FlowJ are available under the Plugins menu.
Note that the Open..., Import... and Save As... commands cannot be used when running as an applet unless:- you have installed the Java Plugin version 1.4 or higher from the Java PlugIn dowload site (for Linux, Windows, Mac and many other platforms). In this case, you do not need to change any settings. This is the preferred way.
- on Windows, you use Internet Explorer 4 or higher with this site set up as a "Trusted sites zone", as below.
- on Mac OS X, it should reportedly run without installing or setting anything.
- Netscape doesnt allow plugins signed with a certificate (nor unsigned ones), except in its own peculiar way.
How I did this
I needed an applet that worked for a Java telediagnosis client-server system. I assume some familiarity with Sun's JDK. Since I work on Windows, you will see '\' instead of '/' everywhere, but changing everything risks introducing errors.
The documentation available, even on Sun's java website, is very confusing.
The .jar file containing the applet needs to be signed with an (RSA) certificate. You can either purchase such a certificate from Verisign (www.verisign.com) or another certificate authority, or create your own certificate for free. The last is known everywhere on the web as a 'self-signed' certificate.
It turns out that only Java PlugIn 1.4 is able to work with self-signed certificates. This is actually documented nowhere! All previous versions need you to buy a Verisign certificate. After loading the applet on a page, it pops up a dialog box warning the user about the permissions (such as file I/O) the applet is asking for, and asking whether or not the applet can be trusted. The user can then either 'install' the certificate so that the applet is always trusted and the dialog box will not pop anymore, or give a one-time permission to run the applet.
The steps are:
1. Make the .jar file containing the applet.
2. Create a self-signed certificate.
3. Sign the .jar file with the certificate
4. Change the webpage referring to the applet.
In detail:
1. Make the .jar file containing the applet.
For this example I will simply use ij.jar. You also need to need the class name of the applet class later on, which in this case is ij.ImageJApplet.class.
(Of course, since I included VolumeJ and ImageJ for the applet on this page, I had to change the .jar file.)
2. Create a self-signed certificate
Actually you will create a 'keystore' which is simply a file containing one or more certificates. You wll have to decide where the keystore will be created. Let's just say in root ('/' or '\'), but you can give other paths at will.
Now give the command:
<path to SDK bin>\keytool -genkey -validity 600 -alias tomcat -keyalg RSA -keystore c:\.keystore
After executing this command, you will be prompted
- keystore password: changeit
Fill in a default password such as "changeit" You will also need to specify this password in the jarsigner tool, as described later.
- Designated Name (DN) questions:
- What is your first and last name? (CN): fill in the name of your server without the http://, e.g. www.isi.uu.nl, www.abramoff.net, or 213.196.5.154. This is used by the Java PlugIn to check the correspondence of the applet to that of its URL.
- What is the name of your organizational unit (OU): Dr. Michael D. Abramoff
- What is the name of your organization (O): Image Sciences Institute
- What is the name of your City: Utrecht
- What is the name of your State: leave empty if non-US.
- What is the two-letter country code?: NL, or US for the United States etc.
And enter the changeit password again at the prompt.
You have now created a keystore file called .keystore in c:\. .keystore contains a single certificate with the data you just typed in. The name .keystore, the password and alias reflect the fact that I write everything for the Tomcat server environment. The actual password and alias are not important as long as you remember them. I never changed the name of the .keystore.You need to create the certificate only once (for each website).
3. Sign the .jar file with the certificate
Assuming you are working in the directory where the ij.jar is located:
<path to SDK bin>\jarsigner -keystore c:\.keystore -storepass changeit -signedjar signedij.jar ij.jar tomcat
This will create a new .jar file signedij.jar which has been signed with the certificate. Note again that I use tomcat and changeit, reflecting my heavy involvement with tomcat.
You need to sign the .jar file everytime you change anything in it (i.e. after compiling etc.)
4. Change the webpage referring to the applet.
Now put the correct HTML comnmands on your web-page. The page you are reading contains the following:
<APPLET code=ij.ImageJApplet.class width=0 height=0 archive="ImageJ/signedij.jar">
<PARAM NAME="code" VALUE="ij.ImageJApplet.class">
<PARAM NAME="width" VALUE="1">
<PARAM NAME="height" VALUE="1">
<PARAM NAME="archive" VALUE="ImageJ/signedij.jar">
<hr><b>You must have a Java-enabled browser to run ImageJ.</b><hr>
</APPLET>
Note that the jar file is in the ImageJ directory, you can change this reflecting the location of your .jar file ofcourse. Some browsers need the archive= and code= in the <APPLET tag, others need it is as <PARAM.
Check it out by pointing your browser at the site.
In case of problems, please refer to the docs.
Setting up a "Trusted Site" in IE 5 on Windows (does not work on IE on Macs)
This is not necessary if you have Java Plugin 1.4 installed and on Macs running OS X.
Go to the Tools/Internet Options... dialog
Select the "Security" tab
Select the "Trusted sites" icon
Click "Sites..."
Uncheck "Requires server verificaton..."
Add "http://rsb.info.nih.gov" to "Web Sites:"
Click "OK"
Click "Custom Level:"
Under Microsoft VM/Java permissions, check "Custom"
Click "Java Custom Settings"
Select "Edit Permissions" tab
Under "Unsigned Content"/"Run Unsigned Content", make sure
"Run in sandbox" is checked and then check all the "Enable"
buttons under "Additional Unsigned Permissions"
Click "OK"
Click "OK"
Click "OK"
After doing the above, return to this page, and the ImageJ applet should now be able to read and write
local files, print, and copy text to the system clipboard.
in IE 4
Go to the View/Internet Options... dialog
Select the "Security" tab
Set "Zone:" to "Trusted sites zone"
Click "Add Sites..."
Add "http://rsb.info.nih.gov"
Uncheck "Requires server verificaton..."
Click "OK"
Check "Custom (for expert users)"
Click "Settings..."
Under Java/Java permissions, check "Custom"
Click "Java Custom Settings"
Select "Edit Permissions" tab
Under "Unsigned Content"/"Run Unsigned Content", make sure
"Run in sandbox" is checked and then check all the "Enable"
buttons under "Additional Unsigned Permissions"
Click "OK"
Click "OK"
Click "OK"
(c) 1999-2004, Michael Abràmoff. Last updated 1-4-2004