After change in security in new version of Java there is a popup showing information about unsigned content every time site is reloaded. So we decided to sign our applets (and all libraries used). But after signing, all applets ceased to load on site, it’s just blank grey space. After deploying signed jars we got information saying “Application Blocked by Security settings”. When I click ‘OK’ applet shows information "Error. Click for details", when I click it there is no information in applet console.
What can be reason of this?
Steps to resolve in my case:
-create jar per applet
-create jnlp file per applet outside jar file
-still you need jnlp in jar file in JNLP-INF
-set properties in manifest
-then sign every lib and jar with cert
Related
I am running the java web start application. since the application digital signature has been expired. I have purchase the signature from the CA and signed my jar file using storetype as pkcs12.
After signing all the jar used in JNLP file and started the application. Still the security warning popup appears and prompt a message as "The Application's digital signature has expired". When i click to read "more information" link from the popup, it says "Part of the application is missing a digital signature. And also "application's associated file (JNLP) does not have one".
So i plan to SIGN MY JNLP file also. To sign my JNLP file, i have followed this link.
From the document
"To create a signed JNLP file you don't sign the JNLP file itself, but
you include the JNLP file inside the directory structure before the
JAR file is created and then signed. The JNLP file must be named
APPLICATION.JNLP and is included in the JNLP-INF subdirectory"
As document I have added the folder named as "JNLP-INF" and added a file named "APPLICATION.JNLP".
Here is my folder structure
Tomcat
webapps
application_name(xxxx)
Client-lib ( all the jars inside is signed)
JNLP-INF ( has APPLICATION.JNLP)
META-INF
WEB-INF
client.jnlp
index.html
In the build.xml,copied the test.jnlp to /JNLP-INF/APPLICATION.JNLP and signing the jar files.
Still i am getting the message in warning security popup as ""The Application's digital signature has expired"
Any help will be appreciated.
Thanks
It sounds like you need to get your CA to issue you a new (non-expired) certificate. How to do this will vary based on your CA. If your certificate is, indeed, not expired, this should not cost you anything. But your certificate is only as valid as how long you've paid them for.
Make sure we cleaned up all the cache for the applets and applications.
To do this procees, go to control panel -> java -> Temporary internet files -> settings -> delete files -> check the check boxes for Cached applications and applets and Installed applications and applets.
This will make sure, your cache is clear and now start your services and check the jar signing .
Thanks
I don't believe signing your JNLP would help. You should instead resign all the jars of your application.
If I am correct about this and understood you correctly, you need to put /JNLP-INF/APPLICATION.JNLP inside your .jar an then sign it. Afterwards copy it to a custom location and start it. This should help.
The .jnlp itself is not signed, but the copy of it can be matched against the APPLICATION.JNLP inside the signed .jar
I'm having a bit of trouble with an applet using the SDK for the u.are.u 4500 biometric fingerprint reader.
When I test the applet locally using NetBeans, the applet works fine.
The problem is when I try to publish the applet.
I always get the "java.lang.NoClassDefFound".
I modified the java configuration so that the server config and my workstation config matches.
The SDK is installed in c:\java\jdk1.7.0_07
The JRE is installed in c:\java\jre7
The jar files for the biometric fingerprint reader are:
dpfpenrollment.jar
dpfpverification.jar
dpotapi.jar
dpotjni.jar
The CLASSPATH is:
C:\Java\jdk1.7.0_07\jre\lib\ext;
C:\Java\jdk1.7.0_07\jre\lib\ext\mysql-connector-java-5.1.22-bin.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpfpenrollment.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpfpverification.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpotapi.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpotjni.jar;
JAVA_HOME is:
c:\java\jre7
I have tried putting the jar files in the lib folder, put the result is the same.
I googled for this error, but nothing I find helps me solve this.
Any help is appreciated...
Thanks
The CLASSPATH is:
C:\Java\jdk1.7.0_07\jre\lib\ext;
C:\Java\jdk1.7.0_07\jre\lib\ext\mysql-connector-java-5.1.22-bin.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpfpenrollment.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpfpverification.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpotapi.jar;
C:\Java\jdk1.7.0_07\jre\lib\ext\dpotjni.jar;
No, no, no. As mentioned by EJP, that is not what the ext directory is for. Furthermore, the end users will not have those Jars in the ext directory, and even if they are, they will not be added to the run-time class-path of the applet.
If the applet requires those Jars, they need to be put in an accessible path on the server, while the codebase should point to that place and the archive attribute might be something like:
archive='mysql-connector-java-5.1.22-bin.jar,dpfpenrollment.jar,dpfpverification.jar,dpotapi.jar,dpotjni.jar'
The MySQL jar is a bit worrying as well. An applet should not have direct access to the DB, but that access should instead be mediated by server side functionality. If your applet can access the DB, a malevolent user can reverse engineer it and access the DB directly.
How can I programmatically find the path of JNLP file?I am using Java Web Start to generate the JNLP file.
I know that manually you can find the JNLP file in the Java Cache Viewer in Resources with the name launch.jnlp, but I really need to know if there exists a Java class that can programmatically find the jnlp file by searching the in-memory cache.
How can I programatically find the path of JNLP file?
It is hidden deliberately. If you can find it from within code (shorting of asking the user to browse to it), the JRE has a security bug.
..for launching the installer I need the application jar files path
No you don't.
Put the installer inside a Jar.
Add the Jar to the resources of the app.
Get an URL using getResource(String).
Read the byte[] and write it to a temporary file at a known location (e.g. java.io.tmpdir).
Launch the installer from the known location.
String jnlpPath = System.getProperty("jnlpx.origFilenameArg");
Every time I click a Java Webstart button, Firefox downloads the JNLP file and puts it in my Downloads folder. I have over 500 JNLP files from my JWS app called name-123.jnlp and so on. Internet Explorer doesn't do this, is there a way to stop Firefox from doing it ? I'm the app's developer, so server side changes are possible too.
Additional info: I set the mime type correctly on the server.
You can try following
In your Firefox browser, go to Edit >> Preferences >> Applications, in Content Type select the option "use other" for jnlp files
2.In the dialog box, select the "javaws" file location (for me, it was located in "/usr/java/jre1.6.0_16/bin")
I have it working on Ubuntu
I've coded small JavaFX Applet in Netbeans 6.8 IDE. Everything works fine if the applet runs on my computer. But when I put the applet (and edited JNLP files containing changed paths to server) into server, it doesn't load any data from an server text file. Paths are correct - i look at it many times - they are ok. It also doesn't load images with external urls. What is wrong?
Haven't seen your code so I'm going to make a guess. If your resource is not bundled in your JAR file and you are using file:// to access it, then you will need to sign your applet. On NetBeans, right click on project node -> properties -> application. Select self signed.
If you don't want to sign your applet, then access your resource as REST. Use the HttpRequest.
If it is on the client machine, consider using JNLP APIs like so.
FileOpenService fos = (FileOpenService)ServiceManager
.lookup(“javax.jnlp.FileOpenService”);
//Open dialog pops up
FileContent fc = fos.openFileDialog(null, null);
The best way to diagnose the problem is to open the Java Console and see if there are any exceptions. Run $JAVA_HOME/bin/ControlPanel -> Advanced -> Java Console -> Show Console