can applet load jar dynamically?

Question

I would like to load the jar when specific button on applet is clicked.

I want to avoid user to be prompted with security warning against the jar when the applet is loaded, but warning should be appeared when the button is clicked.

I am using WebStart.

The code and errors are as follows.

    Policy.setPolicy(new Policy() {
        public PermissionCollection getPermissions(CodeSource codesource) {
            Permissions perms = new Permissions();
            perms.add(new AllPermission());
            return (perms);
        }

        public void refresh() {
        }
    });

    System.setSecurityManager(null);

    ClassLoader wcl = MainApplet.class.getClassLoader();

    URL[] urls = new URL[1];
    String protocol="http";
    String host="localhost";
    int port = 8080;
    String file = "MB/download/ubikey-1.0.2.5.jar";
    //      String url = URLEncoder("http://localhost:11090/MultiToolkitDemo/download/ubikey-1.0.2.5.jar");
    urls[0] = new URL(protocol, host, port, file);


    try {
        ds = (DownloadService) ServiceManager
                .lookup("javax.jnlp.DownloadService");

        // determine if a particular resource is cached
        URL url = new URL(
                "http://localhost:8080/MB/download/ubikey-1.0.2.5.jar");
        boolean cached = ds.isResourceCached(url, "1.0");
        // remove the resource from the cache
        if (cached) {
            ds.removeResource(url, "1.0");
        }
        // reload the resource into the cache
        DownloadServiceListener dsl = ds.getDefaultProgressWindow();
        ds.loadResource(url, "1.0", dsl);
    } catch (Exception e) {
        e.printStackTrace();
    }
    URLClassLoader cl = new URLClassLoader(urls, wcl);
    try {
        cl.loadClass("kr.co.JUBIKey.JUBIKeyManager");
    } catch (ClassNotFoundException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }

Error is as follows.

cache: MemoryCache replacing http://localhost:8080/MB/download/ubikey-1.0.2.5.jar (refcnt=2). Was: URL: http://localhost:8080/MB/download/ubikey-1.0.2.5.jar | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/14/2e04ea0e-6e999798-1.0-.idx Now: URL: http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/32/5c664da0-4e2b1d6e.idx
cache: Reading Signers from 3607 http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz | /Users/rnd/Library/Application Support/Oracle/Java/Deployment/cache/6.0/32/5c664da0-4e2b1d6e.idx
cache: Done readSigners(http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz)
cache:  Read manifest for http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz: read=130 full=7460
basic: Plugin2ClassLoader.isTrustedByPolicy called 
basic: Plugin2ClassLoader.isTrustedByPolicy returns false 
security: resource name "kr/co/JUBIKey/JUBIKeyManager.class" in http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz : java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz as a Trusted-Library
Exception in thread "AWT-EventQueue-2" java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/MB/download/ubikey-1.0.2.5.jar.pack.gz as a Trusted-Library
    at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at com.ktnet.pki.multibrowser.util.JnlpUtil.loadJar(JnlpUtil.java:69)
    at com.ktnet.pki.multibrowser.dialog.SelectCertificateDlg$10.run(SelectCertificateDlg.java:1945)
    at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:251)
    at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:733)
    at java.awt.EventQueue.access$200(EventQueue.java:103)
    at java.awt.EventQueue$3.run(EventQueue.java:694)
    at java.awt.EventQueue$3.run(EventQueue.java:692)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:703)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
    at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)

Answer 1

I want to avoid user to be prompted with security warning against the jar when the applet is loaded, but warning should be appeared when the button is clicked.

Nope. That is not an option. Security checks are performed before an app. makes it on screen.