Mercurial > hg > release > icedtea-web-1.4

--- a/ChangeLog	Fri Apr 12 13:31:49 2013 +0200
+++ b/ChangeLog	Fri Apr 12 15:32:24 2013 +0200
@@ -1,3 +1,17 @@
+2013-04-12  Jiri Vanek <jvanek@redhat.com>
+
+	Added help for extended applets security and settings
+	* netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel:
+	(helpButtonActionPerformed) added code to open dialogue with help
+	* netx/net/sourceforge/jnlp/resources/Messages.propertie:
+	Included html help message
+	* netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java:
+	added help button and logic to open help dialogue
+	* netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExtendedAppletSecurityHelp.java:
+	Simple dialogue with JEditorPane  with html help from properties and few
+	navigation buttons
+	* NEWS: mentioned extended appelts security
+
 2013-04-12  Jiri Vanek <jvanek@redhat.com>

 	Added dialogue to allow setting of custom JRE
--- a/NEWS	Fri Apr 12 13:31:49 2013 +0200
+++ b/NEWS	Fri Apr 12 15:32:24 2013 +0200
@@ -16,6 +16,7 @@
 * All IcedTea-Web dialogues are centered to middle of active screen
 * Download indicator made compact for more then one jar
 * User can select its own JVM via itw-settings and deploy.properties.
+* Added extended applets security settings and dialogue
 * Security updates
   - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
   - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
--- a/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java	Fri Apr 12 13:31:49 2013 +0200
+++ b/netx/net/sourceforge/jnlp/controlpanel/UnsignedAppletsTrustingListPanel.java	Fri Apr 12 15:32:24 2013 +0200
@@ -54,6 +54,7 @@
 import java.util.regex.Pattern;
 import javax.swing.DefaultCellEditor;
 import javax.swing.JComboBox;
+import javax.swing.JDialog;
 import javax.swing.JFrame;
 import javax.swing.JOptionPane;
 import javax.swing.JPanel;
@@ -76,9 +77,11 @@
 import net.sourceforge.jnlp.runtime.Translator;
 import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
 import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExtendedAppletSecurityHelp;
 import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletActionEntry;
 import net.sourceforge.jnlp.security.appletextendedsecurity.UrlRegEx;
 import net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageExtendedImpl;
+import net.sourceforge.jnlp.util.ScreenFinder;

 public class UnsignedAppletsTrustingListPanel extends javax.swing.JPanel {

@@ -681,6 +684,9 @@
     }

     private void helpButtonActionPerformed(java.awt.event.ActionEvent evt) {
+        JDialog d = new ExtendedAppletSecurityHelp(null, false);
+        ScreenFinder.centerWindowsToCurrentScreen(d);
+        d.setVisible(true);
     }

     private void setButtons(boolean b) {
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Fri Apr 12 13:31:49 2013 +0200
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Fri Apr 12 15:32:24 2013 +0200
@@ -570,3 +570,147 @@
 APPEXTSECguiPanelShowOnlyPermanentN=Show only forbidden permanent records
 APPEXTSECguiPanelShowOnlyTemporalY=Show previously allowed applets records
 APPEXTSECguiPanelShowOnlyTemporalN=Show previously denied applets records
+APPEXTSEChelpHomeDialogue=Dialogue
+APPEXTSEChelp=<body> \
+<h1>Help for Extended applet security - itw-settings, files and structures, dialogue</h1> \
+<p> \
+Extended Applet Security refers to security features for unsigned applets. Traditionally, only signed applets required user confirmation and unsigned applets ran automatically. This is represented by the 'low security' setting. Unsigned applets must be allowed or disallowed individually on 'high security' (the default), and additionally do not run at all on 'very high security'. In theory, unsigned applets can safely run automatically. In practice, however, any vulnerability in the Java security sandbox will prevent this from being true. \
+</p> \
+<p> \
+To do so it uses  the <b>Security Level</b> main settings switch rules in the tables of <b>Custom definitions</b> and <b>Global definitions</b><br/> \
+You can read much more about development of (and help us to improve!) this feature at <a href="http://icedtea.classpath.org/wiki/Extended_Applets_Security">dedicated IcedTea-Web page</a> \
+</p> \
+<A name="level"><h2>Security Level</h2></A> \
+<p> \
+Its a main switch for "extended applet security". Its value is commonly stored in usrs_home/.icedtea/deployment.properties, but can be enforced via global settings in /etc/.java/deployment/deployment.properties or JAVA_HOME/lib/deployment.properties under the key <b>deployment.security.level</b><br/> \
+<li/><b>Disable running of all Java applets</b> - stored as <i>DENY_ALL</i> - No applet will be run<br/> \
+<blockquote cite="" > \
+No applet will be allowed to run. However the Java virtual machine will always be executed (and an error screen with reason appear instead of applets). To disable Java completely you can uninstall IcedTea-Web or disable it in your browser (if supported). The tables with records are of course ignored. \
+</blockquote> \
+<li/><b>Very High Security</b> - stored as <i>DENY_UNSIGNED</i> - No unsigned applets will be run<br/> \
+<blockquote cite="" > \
+No applet <b>unsigned</b> will be allowed to run (and an error screen with reason will appear instead of such applets). The tables with records are of course again ignored. \
+</blockquote> \
+<li/><b>High Security</b> - stored as <i>ASK_UNSIGNED</i> - User will be prompted for each unsigned applet<br/> \
+<blockquote cite="" > \
+All <b>unsigned</b> applets will be tested against the tables below if they should be allowed or forbidden to run. If they are not matched in the table then the user is prompted and the decision is stored in <a href="#table">tables</a> below. If the user denies the applet, an error screen with reason appears and the applet does not run. If the user allows applets to run, the user can choose to save this decision and whether to allow just one applet or a whole group of applets (see <a href="#dialogue"><b>Dialogue</b> paragraph </a>below). \
+<br/>This is default behavior. \
+</blockquote> \
+<li/><b>Low Security</b> - stored as <i>ALLOW_UNSIGNED</i> - All, even unsigned, applets will be run<br/> \
+<blockquote cite="" > \
+All applets <b>even unsigned</b> will be allowed to run. User will not be warned and the tables with records are of course again ignored. \
+</blockquote> \
+You need to press <b>ok</b> or <b>apply</b> button to make the changes take effect. \
+</p> \
+ \
+ \
+<h2><A name="table">Table with recorded actions</A></h2> \
+<p> \
+<h4>Custom x Global table</h4> \
+After each action in <b>High Security</b> dialogue the record is added to, or updated in, the table or configuration file. Commonly in users file - home/.icedtea/.appletTrustSettings - "Custom definition" panel.<br/> \
+But superuser can specify default behavior in /etc/.java/deployment/ .appletTrustSettings - "Global definition" panel.<br/> \
+<h4>"Syntax"</h4> \
+<li/><b>Action</b> - Desired behavior when applet is matched<br/> \
+<blockquote cite="" > \
+<li/><b>Always trust this applet</b> - This unsigned applet will always be run in High Security Security Level. It is stored as <i>A</i> in .appletTrustSettings<br/> \
+<li/><b>Never trust this applet</b> - This unsigned applet will never be run in High Security Security Level. It is stored as <i>N</i> in .appletTrustSettings<br/> \
+<li/><b>Visited and allowed</b> - When the user is asked about this applet again, a note that this applet was already trusted in past will be displayed. It is stored as <i>y</i> in .appletTrustSettings<br/> \
+<li/><b>Visited and denied</b> - When user will be asked about this applet again, he will see information that this applet was already denied in past. It is stored as <i>n</i> in .appletTrustSettings<br/> \
+</blockquote> \
+<li/><b>Date</b> - date of last action on this item (read only item)<br/> \
+<li/><b>Document base</b> - is the page from which the applet was requested. It is actually a regular expression to match a specific URL. See about regular expressions and their usage <a href="#regexes">lower</a><br/> \
+<li/><b>Code base</b> - is the URL where an applets code came from. It is actually a regular expression to match a specific URL. See about regular expressions and their usage <a href="#regexes">lower</a><br/> \
+<li/><b>Archives</b> - coma separated list of archives with applet's code. Can be empty if source code are just classes or group of applets is allowed<br/> \
+<br/> \
+When you change a value in the table, its effect is immediate. \
+<h4>Controls of tables</h4> \
+<p> \
+<li/><b>Delete</b> - deletes items as specified in combo box on side<br/> \
+<blockquote cite="" > \
+<li/><b>selected</b> - removes all selected items. Key <b>Del</b> does the same. Default behavior. <b>Multiple selections</b> allowed. Selection can be inverted by button even more on side<br/> \
+<li/><b>all allowed (A)</b> - removes all permanently trusted records<br/> \
+<li/><b>all forbidden (N)</b> - removes all permanently forbidden records<br/> \
+<li/><b>all approved (y)</b> - removes all previously (temporarily) trusted records<br/> \
+<li/><b>all rejected (n)</b> - removes all previously (temporarily) denied records<br/> \
+<li/><b>all</b> - will clear the table<br/> \
+<br/> \
+<b>Ask me before action</b> - switch to ask before each deletion (in bulk) or not to ask. Asking dialogue can be pretty long, so if you do not see the buttons, just press <b>Esc</b> \
+</blockquote> \
+<li/><b>Show full regular expressions</b> - Disable or Enable filtering of quotation marks \Q\E in code/document base columns. About regular expressions see more <a href="#regexes">lower</a><br/> \
+<br/> \
+<li/>Filtering in table(s)<br/> \
+<blockquote cite="" > \
+<li/><b>Show only permanent records</b> - Shows only permanently allowed <b>(A)</b> or denied <b>(N)</b> records. Default behavior<br/> \
+<li/><b>Show only temporarily decided records</b> - Shows only once allowed <b>(y)</b> or denied <b>(n)</b> informative records.<br/> \
+<li/><b>Show only permanently allowed records</b> - Shows only permanently allowed <b>(A)</b> records<br/> \
+<li/><b>Show only permanently denied records</b> - Shows only permanently denied <b>(N)</b> records<br/> \
+<li/><b>Show only temporarily allowed records</b> - Shows only once allowed <b>(y)</b> informative records.<br/> \
+<li/><b>Show only temporarily denied records</b> - Shows only once denied <b>(n)</b> informative records.<br/> \
+</blockquote> \
+</p> \
+<li/><b>Add new row</b> - will add new, exemplary filled, row with current date and empty archives  <br/> \
+<li/><b>Validate table</b> - will test if table can save, load, and if each value is valid:<br/> \
+<blockquote cite="" > \
+<li/><b>Action</b> - is one of A,N,y,n<br/> \
+<li/><b>Date</b> - is valid date<br/> \
+<li/><b>Code base and document base</b> - are valid <a href="#regexes">regular expressions</a> or empty<br/> \
+<li/><b>Archives</b> - coma separated list of archives or empty<br/> \
+</blockquote> \
+<li/><b>Test url</b> - In two dialogues (in two steps) will let you enter document base and codebase, and then try to match them against all records. All matching items are returned! Last values are remembered> \
+<li/><b>Move row down/up</b><br/> \
+<blockquote cite="" > \
+Order of rows is important. First matched result is returned (permanent have priority). So you can prioritize your matches using these buttons. <br/> \
+For example, if you \Qhttp://blogs.com/\E.* regular expression to allow all applets on http://blogs.com, then it must be AFTER your \Qhttp://blogs.com/evilJohn\E.* regular expression forbidding all applets from blog of hacker evilJohn. \
+</blockquote> \
+</p> \
+<p> \
+<h2><A name="dialogue">Dialogue</A></h2> \
+If <a href="#level"><b>High Security</b></a> is set, and a new unsigned applet is hit then the dialogue is shown asking you to allow it or deny it. You can also <b>choose</b> if you want to allow or deny this applet <b>every-time</b> (A or N) you encounter it or for <b>just one run</b> (y,n).<br/> \
+You can also select to trust or deny (again temporarily or permanently)  <b>all</b> the applets from <b>same, exact, codebase</b>. If you are visiting one page, which has various applets on various documents then this is a choice for you.<br/> \
+If you decide not to allow remembering your decision, then just a temporary record is made. If you revisit a page, a small green or red label will inform you about your last decision.<br/> \
+Once you select <b>remember</b> your decision, the dialog will <b>never appear again</b>.  But you can <b>edit</b> your decision in <b>itw-settings application <a href="#table">table</a></b> (packed with IcedTea-Web). If you change your decision to temporary one (n,y)  or delete its row, the dialogue will appear again. Of course you can switch also from Always to Never or vice versa. \
+<br/> \
+The dialogue always mentions the page on which an applet is displayed, and the URL from which it comes.  There is also a hint, if you have ever visited this applet saying if you have allowed or rejected it in the past <br/> \
+<blockquote cite="" > \
+<h3>Controls</h3> \
+<blockquote cite="" > \
+<li/><b>Remember this option</b> - If set, then dialogue will never be shown for this applet or page again. \
+<blockquote cite="" > \
+<li/><b>For applet</b> - Exact applet will be allowed or denied \
+<li/><b>For site</b> - All applets from this place will be allowed or denied  \
+</blockquote> \
+<li/><b>Proceed</b> - Applets, as selected above will be allowed \
+<li/><b>Cancel</b> - Applets, as selected above will be forbidden \
+</blockquote> \
+Be aware to "proceed" + "Remember this option" + "For site" on pages you do not know! It can make you vulnerable! \
+</blockquote> \
+</p> \
+<p> \
+<h2><A name="regexes">Regular expressions</A></h2> \
+IcedTea-Web extended applet security - uses a powerful matching engine to match exact (sets of) applets. Base stone is <b>Quotation</b> of URL \Q\E and <b>wildchars</b> llike .* or .? or more.<br/> \
+This was designed to suits the need to block or allow exact pages. The best is to show some examples:<br/> \
+N 12.12.2012 .* \Qhttp://blogs.com/evilJohn\E.* <br/> \
+N 12.12.2012 \Qhttp://blogs.com/goodJohn/evilApplet.html\E.* \Qhttp://blogs.com/goodJohn/\E goodJohnsArchive.jar <br/> \
+A 12.12.2012 \Qhttp://blogs.com/\E.* \Qhttp://blogs.com/\E.* <br/> \
+N 12.12.2012 .* \Qhttp://adds.com\E.* <br/> \
+Y 12.12.2012 .* \Qhttp://www.walter-fendt.de/ph14_jar/\E <br/> \
+<br/> \
+<i>So this table, created 12.12.2012:<br/></i> \
+<li/>Forbid all stuff which have some code on http://blogs.com/evilJohn pages<br/> \
+<li/>Forbidding also one exact applet from http://blogs.com/goodJohn/ with archive goodJohnsArchive.jar<br/> \
+<li/>Allowing all (other) applets from http://blogs.com/ but only when displayed also on http://blogs.com/<br/> \
+<li/>Forbidding all applets with code saved on  http://adds.com (except on http://blogs.com/ - to have forbidden http://adds.com also on http://blogs.com/, this (http://adds.com) record must be above blogs record)<br/> \
+<li/>And finally allowing all nice physical applets on  walter-fendt's pages <br/> \
+<br/> \
+Note - the date saved in .appletTrustSettings has a not so nice format, but I left this for now...<br/> \
+<br/> \
+All information about full regular expression syntax can be found on <a href="http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html">http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html</a> \
+</p> \
+<h2>Conclusion</h2> \
+<p> \
+Stay tuned to our homepage at <a href="http://icedtea.classpath.org/wiki/IcedTea-Web">http://icedtea.classpath.org/wiki/IcedTea-Web</a>!<br/> \
+If you encounter any bug, feel free to file it in our <a href="http://icedtea.classpath.org/bugzilla/">bugzilla</a> ... According to <a href="http://icedtea.classpath.org/wiki/IcedTea-Web#Filing_bugs">http://icedtea.classpath.org/wiki/IcedTea-Web#Filing_bugs</a><br/> \
+<br/> \
+Safe browsing from your IcedTea-Web team... \
+</p> \
+</body> \
--- a/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java	Fri Apr 12 13:31:49 2013 +0200
+++ b/netx/net/sourceforge/jnlp/security/UnsignedAppletTrustWarningPanel.java	Fri Apr 12 15:32:24 2013 +0200
@@ -53,6 +53,7 @@
 import javax.swing.ImageIcon;
 import javax.swing.JButton;
 import javax.swing.JCheckBox;
+import javax.swing.JDialog;
 import javax.swing.JLabel;
 import javax.swing.JPanel;
 import javax.swing.JRadioButton;
@@ -60,7 +61,9 @@

 import net.sourceforge.jnlp.PluginBridge;
 import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteUnsignedApplet;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExtendedAppletSecurityHelp;
 import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
+import net.sourceforge.jnlp.util.ScreenFinder;

 public class UnsignedAppletTrustWarningPanel extends JPanel {

@@ -101,6 +104,7 @@

     private JButton allowButton;
     private JButton rejectButton;
+    private JButton helpButton;
     private JCheckBox permanencyCheckBox;
     private JRadioButton applyToAppletButton;
     private JRadioButton applyToCodeBaseButton;
@@ -218,12 +222,23 @@

         allowButton = new JButton(R("ButProceed"));
         rejectButton = new JButton(R("ButCancel"));
+        helpButton = new JButton(R("APPEXTSECguiPanelHelpButton"));

         allowButton.addActionListener(chosenActionSetter(true));
         rejectButton.addActionListener(chosenActionSetter(false));

+        helpButton.addActionListener(new ActionListener() {
+
+            public void actionPerformed(ActionEvent e) {
+                JDialog d = new ExtendedAppletSecurityHelp(null, false,"dialogue");
+                ScreenFinder.centerWindowsToCurrentScreen(d);
+                d.setVisible(true);
+            }
+        });
+
         buttonPanel.add(allowButton);
         buttonPanel.add(rejectButton);
+        buttonPanel.add(helpButton);

         buttonPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/ExtendedAppletSecurityHelp.java	Fri Apr 12 15:32:24 2013 +0200
@@ -0,0 +1,182 @@
+/*   Copyright (C) 2013 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.security.appletextendedsecurity;
+
+import java.awt.Dimension;
+import java.io.IOException;
+import javax.swing.JButton;
+import javax.swing.JEditorPane;
+import javax.swing.JPanel;
+import javax.swing.JScrollPane;
+import javax.swing.JSeparator;
+import javax.swing.event.HyperlinkEvent;
+import javax.swing.event.HyperlinkListener;
+import net.sourceforge.jnlp.runtime.Translator;
+
+public class ExtendedAppletSecurityHelp extends javax.swing.JDialog implements HyperlinkListener {
+
+    public ExtendedAppletSecurityHelp(java.awt.Frame parent, boolean modal, String reference) {
+        this(parent, modal);
+        mainHtmlPane.scrollToReference(reference);
+
+    }
+
+    public ExtendedAppletSecurityHelp(java.awt.Frame parent, boolean modal) {
+        super(parent, modal);
+        Dimension d = new Dimension(600, 400);
+        setPreferredSize(d);
+        setSize(d);
+        initComponents();
+        mainHtmlPane.setText(Translator.R("APPEXTSEChelp"));
+        mainHtmlPane.addHyperlinkListener(ExtendedAppletSecurityHelp.this);
+        mainHtmlPane.setCaretPosition(1);
+        setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
+    }
+
+    @Override
+    public void hyperlinkUpdate(HyperlinkEvent event) {
+        if (event.getEventType() == HyperlinkEvent.EventType.ACTIVATED) {
+            try {
+                if (event.getURL() == null) {
+                    String s = event.getDescription().replace("#", "");
+                    mainHtmlPane.scrollToReference(s);
+                } else {
+                    mainHtmlPane.setPage(event.getURL());
+                }
+            } catch (IOException ioe) {
+                ioe.printStackTrace();
+            }
+        }
+    }
+
+    private void initComponents() {
+
+        jScrollPane1 = new javax.swing.JScrollPane();
+        mainHtmlPane = new javax.swing.JEditorPane();
+        mainPanel = new javax.swing.JPanel();
+        niceSeparator = new javax.swing.JSeparator();
+        mainButtonsPanel = new javax.swing.JPanel();
+        navigationPanel = new javax.swing.JPanel();
+        homeButton = new javax.swing.JButton();
+        homeAndDialogueButton = new javax.swing.JButton();
+        closePanel = new javax.swing.JPanel();
+        closeButton = new javax.swing.JButton();
+        getContentPane().setLayout(new javax.swing.BoxLayout(getContentPane(), javax.swing.BoxLayout.Y_AXIS));
+        mainHtmlPane.setContentType("text/html");
+        mainHtmlPane.setEditable(false);
+        jScrollPane1.setViewportView(mainHtmlPane);
+        getContentPane().add(jScrollPane1);
+        javax.swing.GroupLayout jPanel4Layout = new javax.swing.GroupLayout(mainPanel);
+        mainPanel.setLayout(jPanel4Layout);
+        jPanel4Layout.setHorizontalGroup(
+                jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                .addGap(0, 485, Short.MAX_VALUE)
+                .addGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                .addGroup(jPanel4Layout.createSequentialGroup()
+                .addGap(0, 217, Short.MAX_VALUE)
+                .addComponent(niceSeparator, javax.swing.GroupLayout.PREFERRED_SIZE, 50, javax.swing.GroupLayout.PREFERRED_SIZE)
+                .addGap(0, 218, Short.MAX_VALUE))));
+        jPanel4Layout.setVerticalGroup(
+                jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                .addGap(0, 10, Short.MAX_VALUE)
+                .addGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                .addGroup(jPanel4Layout.createSequentialGroup()
+                .addGap(0, 0, Short.MAX_VALUE)
+                .addComponent(niceSeparator, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+                .addGap(0, 0, Short.MAX_VALUE))));
+
+        getContentPane().add(mainPanel);
+        mainButtonsPanel.setLayout(new javax.swing.BoxLayout(mainButtonsPanel, javax.swing.BoxLayout.LINE_AXIS));
+        navigationPanel.setLayout(new javax.swing.BoxLayout(navigationPanel, javax.swing.BoxLayout.LINE_AXIS));
+        homeButton.setText(Translator.R("SPLASHHome"));
+        homeButton.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                jButton2ActionPerformed(evt);
+            }
+        });
+        navigationPanel.add(homeButton);
+        homeAndDialogueButton.setText(Translator.R("APPEXTSEChelpHomeDialogue"));
+        homeAndDialogueButton.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                jButton1ActionPerformed(evt);
+            }
+        });
+        closeButton.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                ExtendedAppletSecurityHelp.this.dispose();
+            }
+        });
+        navigationPanel.add(homeAndDialogueButton);
+        mainButtonsPanel.add(navigationPanel);
+        closeButton.setText(Translator.R("ButClose"));
+        closePanel.add(closeButton);
+        mainButtonsPanel.add(closePanel);
+        getContentPane().add(mainButtonsPanel);
+
+        pack();
+    }
+
+    private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {
+        // TODO add your handling code here:
+        mainHtmlPane.setText(Translator.R("APPEXTSEChelp"));
+        mainHtmlPane.setCaretPosition(1);
+    }
+
+    private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {
+        // TODO add your handling code here:
+        mainHtmlPane.setText(Translator.R("APPEXTSEChelp"));
+        mainHtmlPane.scrollToReference("dialogue");
+    }
+
+    public static void main(String args[]) {
+        java.awt.EventQueue.invokeLater(new Runnable() {
+            public void run() {
+                ExtendedAppletSecurityHelp dialog = new ExtendedAppletSecurityHelp(null, false);
+                dialog.setVisible(true);
+            }
+        });
+    }
+    private JButton homeAndDialogueButton;
+    private JButton homeButton;
+    private JButton closeButton;
+    private JEditorPane mainHtmlPane;
+    private JPanel mainButtonsPanel;
+    private JPanel navigationPanel;
+    private JPanel closePanel;
+    private JPanel mainPanel;
+    private JScrollPane jScrollPane1;
+    private JSeparator niceSeparator;
+}