After signing a jar can I host that applet on any HTTP domain without security risk popups?

Question

I have a Java applet , which I want my end-users to run without any security popups . The applet requires file system access . I have two questions:-

1. Is there any way (through JNLP, or whatever) to use self-signed certificates to access filesystem without having ugly security popups every-time one want to use my application / restart the browser? Is there a way to persist user's decision? (I tried to download .cer file, through my applet, and install it in JRE_HOME\\lib\\security\\cacerts , but, it requires admin privilege, at least on windows, so not an option for me.)
2. Lets say, I can purchase a code signing certificate for one domain ( http://www.domain1.com ) and I want to use my signed applet on different domains ( http://www.domain2.com , HTTP, not HTTPS), will it be good enough to stop security warnings altogether? Or, there will still be security warnings regarding wrong domain or site not being HTTPS?

Can anybody please guide me how it works?

Answer 1

Code Signing Certificates to exactly that - they sign the code.

So yes, you can publish and run that applet on multiple domains and all users - no matter which site they loaded that applet from - will be prompted with the same Certificate stating who wrote that app and be asked if they trust that and so on.

But you will not (never?) get around the security popups. Because File-System access is a severe security risk (at least for they guy in front of the browser hitting a site with your applet...)

Oh - ignored your first answer: Self-Signing is dead from a Java perspective.

From Java Applet & Web Start

Users will be better protected by maintaining up-to-date versions of the JRE on their systems, combined with requiring code that is signed by a Trusted Certificate Authority (rather than self-signed or unsigned code).