I'm trying to test a java applet that I'm working on, which is running on my VM. When I try to run it from any of my browsers in windows, I get the message "The Java security settings have prevented this application from running".
In the Java control panel, I've added the domain and the specific page to the list of site exceptions. I've imported the self-signed certificate and added it to the list of Trusted Authorities. I've also set the security level to Medium.
In the applet's manifest.mf file, I've got the codebase set to "*" (I initially had it set more specifically but made it lenient just to make sure that wasn't the issue).
I'm not sure what else to try in order to get this applet to run
It turns out the problem was with my manifest.mf file. I had changed the Codebase but not the Application-Library-Allowable-Codebase. Setting:
"Application-Library-Allowable-Codebase: *"
fixed my problem.
Related
We have recently needed to change our SSL certificate on our server. Our consuming application has suddenly stopped working. I had presumed this was to do with Java's cacerts, and modified the program to import the new certificate to each client, the problem was not resolved.
When the application attempts to load the remote view (shown below) on the server, it simply loads a white page. I have tried loading the page through http:// and it seems to function, however the rest of the application (including the API) requires https, and subsequent calls to the API fail (images loaded through https are showing as broken within the app).
The website is functional, and when I access URL's being provided to the app, through my desktop browser they load without issue. The app is also functional when I run it in Debug mode, these issues only occur when I use the "Run" build mode.
I have tried creating a blank MAF application, hoping it was some caching issue, however this new app also cannot load the remote URI. I have done a clean build and have tested other remote URI's (they work). I feel as if there is an issue with Java somehow not accepting the new certificate. The first time I tried to load the website within Eclipse's browser, an error displayed along the lines of "certificate revocation information". I didn't pay much attention to this error and it provided the option to install the new certificate, after which the page loaded within eclipse's browser.
In Jdeveloper there is an option of Disabling the Application Transport Security as shown in the image.
Could you try disabling in your eclipse too, Kindly refer this doc https://wiki.eclipse.org/Jetty/Howto/Configure_SSL, this might do a little help :)
The issue seems to be due to the changed SSL certificate on your server.
Short answer:
There was no chain installed, I installed the provided ca-bundle file and updated the httpd.conf file to reflect the chain location and the app now works.
Long answer:
When our server dev installed the new certificate, he neglected to install the ca-bundle (certificate chain) provided by the CA. The site was working in a browser, I can only assume, because it has a more complete list of trusted CA's built in. My best guess is that MAF requires the chain to be installed and was failing some security test, or the chrome webview it uses did not have this CA on the trusted list.
Some of our customers cannot run our Java Web Start client anymore since Java 8 Update 111. They get:
java.io.IOException: Unable to tunnel through proxy. Proxy returns
"HTTP/1.1 407 Proxy Authentication Required
Looks like it has to do with this change:
Now, proxies requiring Basic authentication when setting up a tunnel
for HTTPS will no longer succeed by default. If required, this
authentication scheme can be reactivated by removing Basic from the
jdk.http.auth.tunneling.disabledSchemes networking property, or by
setting a system property of the same name to "" ( empty ) on the
command line.
Is there any way if customers are not willing to change their proxy authentication method?
Note: Adding <property name="jdk.http.auth.tunneling.disabledSchemes" value=""/> to <resources> of the JNLP has no effect. This is because only a few properties are supported this way (there is a list near the bottom of this page). "jdk.http.auth.tunneling.disabledSchemes" is not among them.
I found out that there is one way, but not in the hands of the developer: The user can add
-Djdk.http.auth.tunneling.disabledSchemes=""
for Java 8 in Java Control Panel → Java → View... → Runtime Parameters
for Java 9 in Java Control Panel → Desktop Settings → Runtime Parameters
Beside the answer of mbee one can also configure this in the net.properties file of the jre:
C:\Program Files (x86)\Java\jre1.8.0_131\lib\net.properties
Currently last line 100 need to be commented out:
Before:
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
After:
#jdk.http.auth.proxying.disabledSchemes=
#jdk.http.auth.tunneling.disabledSchemes=Basic
Note that both answers need to be repeated after a Java Update, although the Java Auto Update is deactivated with Basic Internet Proxy Authentication.
If you require to do this at runtime you can set the value of the jdk.http.auth.proxying.disabledSchemes property by adding
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
to the main method of your application.
I had this issue too while trying to access an external SOAP Webservice trough a Proxy-Server using BASIC-Authentification for an application running on Apache Tomcat.
Setting the property programmatically (System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");) during application initialization did not work. It had to be set as VM-Argument or (not very nice way of course :)) in [JRE_HOME]\lib\net.properties.
I enabled the below feature in net.properties and it worked without any other changes:
java.net.useSystemProxies=true (this was false earlier)
I have java applet in web application with Two-way SSL. Under IE11 and Java7u55 the applet pop ups Identification required. Please select certificate to be used for authentication. dialog box.
Is there any java plugin specification to explain that behavior? It Looks like the applet looses the ssl and try to recreate it again, doesn't it?
Java7u51 doesn't show this dialog box!
In applet's archive attribute I was setting the full path name to each JAR library (about 15).
The solution is to add codebase applet attribute to point the place where all JAR libraries reside.
I have JAR which is properly signed with a valid certificate from a trusted company. Im running an applet using HTML applet tag. My Manifest file includes following permissions:
Application-Name ="XYZ"
Permissions="all-permissions"
Codebase="*"
Trusted-Library="true"
I get the following warning message when running applet in browser:
I do not want this message to appear when my users open my applet. Can you advise me why this warning message is appearing and how to avoid it from appearing for my users?
Thanks!
how to avoid it from appearing for my users?
There is no way to avoid it. It is the choice of the user as to whether to run trusted code, and the decision of Sun/Oracle that they should be prompted.
Why exactly does the applet require all-permissions?
I am using the SWT Browser Widget to load the image of a webcam-server via HTTPS. Sadly the webcam-server certificate is untrusted. I tried to 2 variants to load the image:
Browser.setHTML(String)
Load the image using HTML+JavaScript every second. This is the prefered way to avoid flickering. This works very fine for HTTP, if i have a HTTPS connection i will see noting at all except my alternative text.
Browser.setUrl(String)
Load the image by setting the URL every second. This causes massiv flickering because of the reload, wich is unacceptable. I tried this variant with all available SWT-Browsers. If i use SWT.WEBKIT or SWT.MOZILLA (XulRunner) i have no chance at all to get the image. An dialog pop up and tell me the certificate is untrusted with no option to accept it. If i use SWT.NONE the IE is used (i am on WinXP) and the pop-up dialog ask if i want to trust the cert, after pressing OK i can see the image.
Here at Stackoverflow i found: how-to-import-a-ssl-certificate-file-with-swt-browser.
But i unable to find the cert_override.txt in my XULRunner, and i am unable to find a download link for the Personal Security Manager (like many others) !
How can i allow the untrusted certificate, use variant 1 and XULRunner aka MOZILLA ? Is it possible to do it programmatically ?
cert_override.txt is located in the user's profile. On Windows the directory for XULRunner's user profiles is %APPDATA%\<vendor>\<product>\Profiles\<something>.default, on OS X /Library/Application Support/<product>/Profiles/<something>.default, on Linux ~/.<vendor>/<product>/Profiles/<something>.default. At runtime you can use nsIDirectoryService to locate the directory (ProfD is the key for this directory).
You can either write to the user's profile directly from your application or add a copy of cert_override.txt to your XULRunner application to be copied into all user profiles created (it would have to be put under defaults/profile/cert_override.txt in the XULRunner application directory). Note that the latter will only have an effect on new profiles being created, not on profiles that already exist.
Btw, the simplest way to create a cert_override.txt file would be accepting an untrusted certificate in Firefox and then copying the entry from the Firefox profile to the XULRunner profile.