Is there any way of getting text onto the system clipboard from an unsigned applet (ctrl+c doesn’t even work).
No there isn’t, you need full permissions. I’ve looked into it in detail. Flash and javascript also block it out too.
Not entirely true, there is a solution here (although I’ve not tried it). They say that the user needs to initiate the process, by clicking on top of an invisible Flash object.
You can communicate with Applets via JavaScript, so you could get your text out, and then use the interface they provide to set it up to copy this to the clipboard when the user clicks.
Interesting. At first it seemed strange since clipboard access is seen as a security concern. But then after trying it, i see that it only supports copy operations to the clipboard, not paste. So information can’t be retrieved which is fine and logical.
I wonder why adobe made it possible for such a back-door hack like that to work, rather than support it out of the box. Odd.
It IS possible to get to the clipboard via JNLP, without signing.
http://download.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/jnlpAPI.html
I haven’t tried it yet. But I’ve had success getting FileOpenService and FileSaveService working. Making a proper JNLP file was a chore, but it’s not that bad, once one has done it right the first time.
Here’s a more direct link:
http://download.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/ClipboardService.html
[quote]ClipboardService provides methods for accessing the shared system-wide clipboard, even for applications that are running in the untrusted execution environment. Implementors should warn the user of the potential security risk of letting an untrusted application have access to potentially confidential information stored in the clipboard, or overwriting the contents of the clipboard.
[/quote]
here
function setClipboardText(text) {
if (window.clipboardData) {
window.clipboardData.setData('text', text);
} else {
var flashId = 'flashId-HKxmj5';
/* Replace this with your clipboard.swf location */
var clipboardSWF = 'http://appengine.bravo9.com/copy-into-clipboard/clipboard.swf';
if(!document.getElementById(flashId)) {
var div = document.createElement('div');
div.id = flashId;
document.body.appendChild(div);
}
document.getElementById(flashId).innerHTML = '';
var content = '<embed src="' +
clipboardSWF +
'" FlashVars="clipboard=' + encodeURIComponent(text) +
'" width="0" height="0" type="application/x-shockwave-flash"></embed>';
document.getElementById(flashId).innerHTML = content;
}
}
then execute:
jsObject.eval("setClipboardText(\"" + text + "\");");
to run it
[/quote]
That is so strange, two different ways to access the clipboard in java, but one has stricter security access… weird!
This is just speculating, but maybe it has to do with HOW it accesses the clipboard, because maybe one does it a different way, in by doing that does things that are security risk. just thinking speculating, that could be completely wrong 
this recent blog post might clarify the situation a little http://blogs.oracle.com/kyle/entry/copy_and_paste_in_java
so eeeh, how exactly is this a security issue (especially all of the sudden) ?
is someone gonna, like, flood your clipboard ?
or paste your passwords from it ? (if they were in the clipboard to begin with, its obviously your own fault =D)