I got a situation. I need to sign all the RIA (Applets and webstart).
As per my knowledge I need to sign all the jars that contains the classes which extends Applet or JApplet. i have following question.
Suppose there are classes structure as below:
XClass extends JApplet/Applet
YClass extends XClass.So should I have to sign all the jars that contains XClass or YClass or should I sign only the jars that contains XClass only?
Do I have to sign all the jars?
Yes. A security bug might be exploited by any of them, and that is what Oracle is trying to prevent.