I'm completely cool with the Java Plugin being deprecated. Hardly anyone bothers with Applets anymore, and users hate them. But I like Java Web Start or JNLP and many are using them.
BUT
If I download a JNLP file and attempt to run it, I cannot. The JDK on my computer only allows High security or Very high security, not Low or Normal. In fact the only way I can run the file, is to manually type in an exception for the Domain it is signed as; which doesn't immediately work.
My question is:
Is there a quick runaround for this? I can get the {damn} thing to run for myself, but normal users are never going to pick this up, even if they'd find the configuration in Control panel.
You are right in that you can add your URL/domain to the trusted site list as a workaround, which is usually not a great solution when distributing to users.
A better solution would be to sign your application. Take a look at this post, which talks in detail about this subject:
Java 7u51 will not accept JNLP with self-signed certificate?
Related
I have a question about how to manipulate files from the browser, currently we are using a java applet. To create some folders, replace/delete save some files/folders and execute a shell command with parameters. As we know Chrome no longer supports the npapi and therefor java applets, FireFox will soon follow and my guess is that IE will not stay behind forever.
So the actual question is what's the best way to go?
Should we think about creating plugins (but this then should be done for all major browsers - a lot of work)
Or do you recommend to install an external program, what we can launch on the users system? By for instance associating a specific extension, or by adding a url scheme?
What about this Java Web Start? Does this allow us to communicate with the domino api?
Any other technologies that would be better?
The website we are building is using IBM Domino 9.0.1 XPages (JSF).
Answering to your use case: content management system.
For adding files the HTML5 files API should do all you need. There are plenty of examples including multi file uploads.
It gets trickier when you want to provide a round-trip edit experience. Like you click something and Word, Excel, Impress, Photoshop opens and you edit. When you save it all goes back to Domino.
The solution here is wevDAV. You can even expose Domino views as folders in Explorer / Finder / Nautilus.
For Domino there is a project on OpenNTF that implements WebDAV for documents/attachments on Domino (I wrote it). It might be your best bet.
I think we should be making a distinction here:
things like file access can be done using HTML5 file access, but
things like local administration definitely aren't something that need or should be done from within the browser.
In fact, I always hated that Java suggested that users "need not install any software" to do this and that on their machine, which was a straight lie, considering they downloaded Java Software, had to tell their Java Policy framework to trust that and then that software was able to make local changes. That's just as unsecure as downloading any (signed) executable and making your user execute it.
Java's portability¹ doesn't apply to your use case, as it seems; "executing a shell command" sounds as non-portable as it gets. So, in the end, you either only have one platform you address, or one solution for every platform, in which case you gain no portability by the fact that the same Java executable can run on all JREs (given that's the case, even).
I'd say: It's a good time to let Java for Desktops die, especially since you don't seem to be doing anything that Java is good at² in your application.
As it sounds, the average installer framework can do what you want without you writing any code. There's plenty out there, especially for Windows, which you seem to be addressing; take microsoft's .MSI as an example. You'd end up with a two click, signable, trustable, updateable solution that wouldn't need the user to keep a JRE installed or secure at all.
CLARIFICATION: I really don't hate Java; I don't find it's the greatest language or has the best ecosystem, but whatever makes your application work is fine.
Now, you mention:
To be clear, we are creating a Document Managing System, which used to be on the Lotus Notes client and that we are trying to port to the Web.
That does in fact sound like it might be a good idea to chose any browser and embed that. In fact, Firefox is "merely" an application around a browser core, and you might just modify it (e.g. by writing an extension) to fit your needs. It's not really a "web application", that way, but it would meet your requirements of integration with a web application and local administrative access. I furthermore recommend thinking twice about the shell scripts you need to run locally -- maybe their job can be more easily replaced by another program or even something that is "web compatible" than calling them with local privileges from your web application.
¹ (which was a big thing back in the day, but honestly, Java applications nowadays are about as portable as your average .Net or Qt based application on desktop OSes, but never quite feel completely like home -- it's like portabilities ugly sister if you're portable, but only offer the minimal common subset of functionality and look and feel on each platform)
² ... whatever that might be!
My society was hit in the face with the NPAPI deprecation in the google browser.
We were using Silverlight for a long time and we are curently looking for any replacement solution.
What was good about applets and silverlight was the easiness for the applications to access the file system and get the rights to automatically save anything into the computer.
Beside it was compatible with the major OS and almost all Browsers, which was a great thing for our customers.
But chrome decided that NPAPI causes too much security problem, and they will remove it by september.
I'm looking for a simple way to provide access, at least to the file system of the customer.
asp.NET gives us anything we need, on the server side, but it can't do a thing on the client side. With silverlight we were able to use the clipboard,save multiples files on specific directory, send mails from the client etc.
I thought about making our own plugin on several OS, but that would be a lot of work. So i was wondering if there were a simple compatible solution that already exists.
You could build a FireBreath2 plugin to provide this functionality -- FireBreath2 will work on chrome w/ native messaging, and the functionality you describe shouldn't be too hard to do cross-platform. Keep in mind that you've got some serious security risks to protect against, though.
FireBreath2 as of this writing isn't quite production ready, but it's pretty close. ActiveX support isn't complete yet, but it shouldn't take that much work to finish it. It would require a good understanding of C++ and a willingness to help with the project since it's not 100% ready for prime time yet.
It's my final year project, which i'm making using java, and i have to develop one online attendance system for faculty and student. For faculty login, i need fingerprint login authentication, so i googled but i didn't find anything helpful in any case.
During my research, i found these sdk neurotechnology, grfinger. But, i'm very confuse how to use these on my web application. My laptop already have one fingerprint hardware, which uses authentec driver for windows login.
Please anyone help me to use my embed fingerprint reader for my web application. Thanks in advance !!
If there is any alternative for fingerprint login authentication (without using fingerprint reader hardware), in which we can just comparing the fingerprint manually, that can also useful for me. !!
It seems that you will need to use a signed Java applet for this. You might want to check this previous SO thread in which something similar to what you want is being discussed.
That being said, you might also want to take a look at "Why is your desktop app not a web app?". In your case I think it should be the other way round but I think that it might outline some points which you might find useful.
That being said, you might want to opt for a desktop application which could have it's own web browser, such as Lobo so basically your Java application which is running on the client machine handles the authentication and then, it uses its built in web browser to do whatever it needs to be done.
EDIT:
I have never used biometric locks, so unfortunately I might not be able to provide much help on the topic. As I said earlier, a Signed Java applet should have access to your client devices. If you have limited knowledge, I would recommend you build some simple desktop applications so that you can get it to work. Once you do this, you can migrate everything to your applet. You can check out this tutorial on how you can then include your applet into your web application. The tutorial uses Netbeans which in my opinion is a pretty good IDE.
I would recommend you look at some tutorials first to see the possible ways in which you can accomplish a given set of tasks. Once that you have found a way or two, you can then choose the best way which you can get them done.
I'm looking for advice on good options to deploy Java applications on end user systems.
Our end users are not tech savvy experts but casual computer users who can't be expected to figure out directories and version conflicts.
Runnable jar is not practical because we need to provide VM parameters. Batch files are not practical because for whatever reason, java.exe is not on the $PATH in a huge amount of Windows system.
Webstart is an option, but our users commonly complain that no shortcuts are created (a feature that's apparently broken), every click on the website prompts a new download, and a plethora of other issues make this option seem incredibly unprofessional to the end user.
Many of the things one finds when googleing for Java deployments are themselves built with Java, which means they won't run either on a system with a missing or broken Java installation.
If you do not want to spend any money, a popular solution is izpack.
If you're looking for a commercially supported solution, there is install4j (Disclaimer: My company develops install4j). The installer is a Java application here as well. However, it is started by a native launcher that can download a JRE bundle from your server on the fly. You can also statically bundle a private JRE. See here for more information on JRE bundles.
Webstart is an option, but our users commonly complain that no shortcuts are created (a feature that's apparently broken), every click on the website prompts a new download, and a plethora of other issues make this option seem incredibly unprofessional to the end user.
Many webstart deployments are quite unprofessional. Make sure any deployment that is showing problems is validated using JaNeLA. For the shortcuts specifically, look into the IntegrationService of the JNLP API for establishing them after launch, with feed-back.
Ultimately though, APIs will have bugs. If you find one in web start, please report it on the bug database (v. broken at the moment, but you have to try).
Many of the things one finds when googleing for Java deployments are themselves built with Java, which means they won't run either on a system with a missing or broken Java installation.
As to missing or too low version Java, use deployJava.js to ensure a suitable JRE is present. No ideas on the broken installs.
I doubt you will swing back to JWS for this immediate deployment, but please investigate it according to the ideas outlined above, for future use.
I know this question brings up a lot of security issues, but is it possible to check for files on a user's HD from a website? We have a software application and would like to be able to check for certain files-types on the user's cpu before they download our software.
Again, I realize this is intrusive and a security issue but wanted to ask anyway. If this is possible, would it be done with some type of Java or ActiveX control?
I would appreciate anyone pointing us in the right direction.
thx!
I suppose using either Java or ActiveX would work, but only where Java or ActiveX exist. Obviously, users of browsers other then IE don't get ActiveX, and I'm not sure the penetration of Java, or Java Webstart installs. I'm sure its not anywhere near everyone.
If your goal is to validate a system before installing some complex software with dependencies, I would suggest having a separate package that just does the validation. Especially if it is just a single .exe (not requiring installation), spending 30 seconds doing this in prep for some complex download, install, reboot, fail cycle seems like a good tradeoff.
It can be done with an ActiveX control. The user would, of course, be prompted for permission for this, but since sites like Panda Security can do a virus check via an ActiveX control, then it's definitely possibe to write one to list the files on a HD.
I'm not sure if the Java Sandbox will allow this, so I'll defer the question of doing this via a Java Applet to REAL Java developers. (I haven't been a Java developer since 1.14, and I was never any good at it.)
Java Web start can do this with the proper settings http://www.ibm.com/developerworks/java/library/j-webstart/