Certificate chain and Java Web Start
Hi,
I have an application as a JAR file with other JAR libraries. All these files are signed with a certificate that I have generated with my own CA (OpenSSL).
The trusted chain is this: rootCA.cer ->subCA1.cer ->jws.cer
jws.cer was generated with a Certificate Sign Request through the java KEYTOOL and then my CA has signed this request. After done this, I have put the jws.cer in the same keystore of the request but to do this I needed to put the rootCA.cer and subCA1.cer before in the keystore.
The keystore has now three certificates and the key pair of jws.cer. This certificate works good to sign the JAR files.
Is it all good?
When I call this application with Java Web Start a popup always appears and say "Certificate is valid, etc. etc.". All it's good but pop-up is shown anyway.
I have inserted the rootCA and subCA1 certificate in the client Java Web Start certificate store but the pop-up is always shown.
Why this?
Is It not enough to install the CA certificate (and then the SubCA certificate) in the JavaWS certificate (client) store to not have the pop-up visualization?
Thanks
no.
Having a validly signed certificate (even if ussing a root already in the jres trusted root ca store) only verifys who the code is comming from, it is still up to the user to determine if your are trustworthy (to grant trust based on that verified identity).
If you want to avoid seeing the certificate, you would need to import your certificate into the pre-approved certificate keystore. (that is , either into the User or System Trusted Certificates list) using the security tab on the Java Control Panel.
/Andy
Similar Messages
-
Problem with win2000sp3 and Java web start
I have JRE and Java web start (1.2.0_01, build b01) which come downloading file j2re-1_4_1_01-windows-i586-i.exe from sun.
I have win2000pro running on my PC.
I had updated win2000 to service pack 2 and everything was fine.
Now i decided to update to service pack 3 (in the process I also updated other components) from Microsoft and:
1) Java applets seem to be running fine within i.e.
2) If i try to run an application from java web start my PC freezes and I have to restart it.
3) Staroffice 6.0, which runs on Java, seems to be fine.
I reinstalled both sp3 and jre etc, with no result.
Is this a known problem?
Thanks to all.
MaurizioI suspect that you have hit a known problem with Swing on Java 1.4.1 with buggy video drivers. Do you have an ATI card? They are the worst offenders. ATI released new drivers for its Radeon line today. They fix the problem.
-
Java Plug-in and Java Web Start Will Not Start In JDK 1.4.2_03
I can't get the Java Plug-in or Java Web Start to start in JDK 1.4.2_03, but they did work when I first installed the JDK months ago. When I double-click either icon an hourglass displays for a second and then disappears without opening the window. I don't even get an error message.
I've tried reinstalling the JDK three times. On the last reinstall, I followed some instructions on how to completely remove the JDK. Here's the URL of the instructions I followed:
http://www.pcreview.co.uk/forums/thread-295773.php
Strangely JBuilder stopped working too.
I'm running Windows 2000.
Help!
Thank you!Hi
Once u have got the Certificate from the Verisign there will be 3 chains in that cert(what i think)......Get the other 2 certificates from U r cert(like intermediate and Root)....and install them in the trust and Intermediate folder...
other option is u generate the CSR keeping Sys Date 1 month ahead..( i tried like this only..it worked)
Regards,
Anand -
How to solve the certificate problems in Java Web Start
Hi, All,
I encounted these two problems recently:
(1) I have an application which is supposed to be started by Java Web Start. I have written my own code which calls other .jar files from other companies. Since for web start, you need to sign all .jar files if you want more permssions. Now I got the following problem:
'=================================
An error occurred while launching/running the application.
Title: My stuff
Vendor: UCLA
Category: Launch File Error
JAR resources in JNLP file are not signed by same certificate
=================================
How to go around this? It seems that the .jar files from that company has been signed already. Then I tried to uncompress those jars and re-archieve again, then sign it again using the keystore I used to sign my own .jar files. It still does not work. Any help on this will be appreciated!
(2) Afterr I signed a .jar file, when I want to run it again, using command: java -jar abc.jar
It does not work any more, I am not sure whether it will become a problem if loaded by Web start.
Thanks a lot!
DavidIn another forum answer, a user named Dietz suggested the following:
If you have a library signed by another signer, you need to factor it out into a seperate extension jnlp file.
AJones0131 -
JRE 1.6.0_04 and java web start
Hello
Version 1.6.0_04 now contains JAX-WS 2.1
I want users install this version of java when when run my app with java web start.
So my jnlp before:
<resources>
<j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se" />
</resources>I try this:
<resources>
<j2se version="1.6.0.04+" href="http://java.sun.com/products/autodl/j2se" />
</resources>And this
<resources>
<j2se version="1.6.0_04+" href="http://java.sun.com/products/autodl/j2se" />
</resources>But when I launch jnlp,
at com.sun.javaws.Launcher.downloadJREResource(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)Does url http://java.sun.com/products/autodl/j2se ready for java version 1.6.0_04 ?
How can i do ?
Edited by: Laurentapo on Jan 31, 2008 6:29 AMI honestly do believe I have read somewhere recently (some blog? where?!) that 1.6.0_04 won't be made available there as Sun would issue security release next (this? Feb?) month and did not want to bump versions in 2 consecutive months.
At least that is what I understood. Now if only I could provide link to the source where I read that... , I am sorry, am old :)
HTH,
P -
File creation and Java Web Start
Hi All,
I need to write a Java application with the following requirements and deploy the application using Java Web Start:
- Load the properties file(say, "./props/xyz.properties")
- Read the location where the file needs to be created from the
loaded properties file
- Now, create a file at the specified location.
I am able to perform the initial 2 steps after including the "props" directory(which contains the xyz.properties file) in my sigend jar file. But, unable to create a file in the specified directory.
Is it possible to create file at a predefined location(outside the jar file) within the server from where the application is downloaded?
I have included the code segment which I tried :
ClassLoader classLoader = this.getClass().getClassLoader();
// load the properties file
URL fileURL = classLoader.getResource("props/xyz.properties");
Properties props = new Properties();
props.load(fileURL.openStream());
// read the location
String location = props.getProperty("file.dir", "");
String dir = classLoader().getResource(location).getPath();
// create a new file
File newEntry = new File(dir + "raghu.txt");
newEntry.createNewFile();
Is there a way to achieve this? If so, please let me know that.
Thanks in advance,
RaghuAllong with signing you jar, you need to request all-permissions in the jnlp file:
<security>
<all-permissions/>
</security>
/Dietz -
Exception while using Java Comm and Java Web Start together
Hello Java Experts!
Here's the problem that's been bothering me. The application i'm developing uses Java Comm API to listen to Serial Ports. The application works absolutely fine when it is run locally.
Now, I need to deploy this remotely using java web start. All resources(dependent jar files) are present on the server and are referenced properly in the JNLP file. All jar files are signed properly.
Still, it throws the following exception.
java.lang.NullPointerException: name can't be null
at java.io.FilePermission.init(Unknown Source)
at java.io.FilePermission.<init>(Unknown Source)
at java.lang.SecurityManager.checkDelete(Unknown Source)
at javax.comm.CommPortIdentifier.getPortIdentifiers(CommPortIdentifier.java:70)
The exact line of code where it apparently seems to error out is...
Enumeration portList = CommPortIdentifier.getPortIdentifiers();
Are there any security issues involved here? Can a application deployed through java web start access serial ports on the system?
Any pointers as to what the problem might be would be much appreciated.
Thanks in advance!I have the IBM Communications API. I've
been told that it works with Java Web Start but I
have not tried it. IBM has changed it's download site
so.... I can't point you to it. But I have it(55k zip'ed)
and can send it to you if you post your E-Mail address
of where you would like it sent.
Bruce Houghton
PS If it does work with Web Start please post the
news here. I will be watching. -
RMI,Servlets and Java Web Start
I am a new developer working on a java application. My java GUI will access one server where a user will have an account. This server will store data, execute programs and access other servers for information. I have completed the GUI and I am beginning to build the client-server communication with RMI. There appear to be several tools for doing client-server communication, and while I have read much, I don't understand which is the best to explore. For applets I have read that a good method to use is servlets with RMI. But is this also true for a stand-alone application? If not, what is the best/preferred method? What if I choose to use Java Web Start (which I have not read up on, yet) will the best method of client-server communication change?
Thanks in advance, shawnIt depends on your budget too. To me the optimim way to communicate is to use SERVLET/JSP combination for client/server communication.
-
Http Proxy and Java Web Start 1.4.2_08
Hi All,
I'm confused as to how Java Web Start is supposed to work with an HTTP proxy. I'm testing an application in an environment which has an http proxy.
Our application starts successfully with Web Start but the application is failing to connect to URLs. I have dumped the properties right when the app starts and proxyHost, proxyPort, http.proxyHost, http.ProxyPort are all set correctly. But every attempt to connect to URLs timeout.
Note that running under 1.5, I get the value of the
javaplugin.proxy.config.list property and use it to set the properties http.proxyHost and http.proxyPort. Then I am able to connect successfully to the same URLs which failed in 1.4.2_08 ( also fails
with 1.4.2_03).
Can someone please help me understand what's wrong here?
Many thanks,
JasonActually, what I observed, in 1.4.2_08, is that the https.proxy* properties are being set. The http.proxy* properties are not set.
in 1.5.0_04 none of the properties are set except for
javaplugin.proxy.config.list, which I use to set http.proxyHost and http.proxyPort. -
JSP, Serverlet and Java Web Start
As I have heard serverlets and JSP's can be created using java web start that comes with j2se.What then is difference between J2EE AND J2SE
VarunaAs I have heard serverlets and JSP's can be created using java web start that comes with j2se.What then is difference between J2EE AND J2SE
Varuna -
Serverlets, JSP and Java Web Start
Hi As I have heard J2EE is used for serverlet's and JSP programming But JSP and Serverlet programming can be created and implemented using java web start which comes with J2SE what then is the difference between J2EE and J2SE
Clarification:
J2EE has an additional E in it, while J2SE as an additional S.
Ok, now that we cleared that up, Lets see if I can answer your question.
There is no magic button such as 'java web start' that will automatically generate computer code for you. You have to write java line by line and debug each and every line of code. A typical whole project may consist up up to 1500 functions (mine has over 12000). You read whole books on the subject as I discuss below and work through thier examples. Within about 2 or 3 years of hard study, you should be a pretty good programmer.
Java is an object oriented language that you'll need to become familiar with that takes some practice to learn. Also, a java based web site consists of several technologies in addition to the java language that you'll need to be familiar with. Many programmers will read articles on the internet and pick up fragments of information on these various technologies and throw a web site together thats impossible to maintain and enhance. I think it would be better if you read whole books and experiment with the technologies. Consider it an at-come college course. Here is my suggested reading list read in roughly this order ( I suggest buying them one at a time via the internet (its cheaper) before moving onto the next book).
"Thinking In Java" - Bruce Eckel
HTML & XHTML: The Definitive Guide
JavaServer Pages - Hans Bergsten
Programming Jakarta Struts
JavaScript: The Definitive Guide
SAMs Teach Yourself SQL
JDBC and Java
Also, visit the Web Tools Platform (WTP) Project (www.eclipse.org/webtools) . Its a free Eclipse Java development tool that has the bulk of the java development IDE market (above even JBuilder).However, I suggest creating a few small java programs using the dos command line before you let this IDE do a lot of the work for you. You also might want to install some type of database (Oracle Lite, MySql, etc) on your computer so you have a database to play with (you'll need a computer with at least 2Gbytes of memory). -
Bea Weblogic 6.0 and Java Web Start
We want to use Java Web Start on the Bea Weblogic 6.0 Application Server.
Is there any way to add the Java Web Start Mime Type to the Bea Weblogic 6.0 Server?
MichaelSure, check out the documentation on adding mime types. I'm not quite sure
what mime types are supported by WebStart, but the documentation for it will
likely include that information.
Michael Girdley, BEA Systems Inc
Learning WebLogic? Buy the book.
http://www.learnweblogic.com/
"Michael Werner" <[email protected]> wrote in message
news:[email protected]..
>
We want to use Java Web Start on the Bea Weblogic 6.0 Application Server.
Is there any way to add the Java Web Start Mime Type to the Bea Weblogic6.0 Server?
>
Michael -
MAC OSX 10.9 and Java Web start
Hello All ,
We are facing a warning when we tried to launch the JNLP on MAC using Java 1.7_45 .
Warning message - "This Java Application will be blocked in a future Java Security update because the jar file manifest does not contain the Permissions attribute . Please contact the Publisher for
more information "
Warning is about adding permissions to application jar files but we have already done this on all the jars .
Added code base and permissions attribute in manifest file of each jar . This works fine on Windows 7 and XP with same Java version .
Example -
Permissions: all-permissions
Codebase: code base location from jnlp
Interestingly Java console does not show any warnings so i am not sure why Java is showing this message that the application will be blocked in future java releases on MAC if permissions is not added to Jar file .
Looking at all the testing it seems there is some kind of issue between Java 7 update 45 and MAC OSX 10.9
(As the same jnlp works without any warnings on other OS )
Any help will be much appreciated .
System Details
OS - MAC OSX 10.9
Java - 1.7_45
thanks
RupeshHi,
The Drivers are available via Apple Software Update,
In order to configure it wirelessly you may use the HP Easy Wireless Install app.
You may find a step by step guide in the following document:
h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?sp4ts.oid=4337543&spf_p.tpst...
The app iself can be downloaded from the Mac App Store:
https://itunes.apple.com/us/app/hp-easy-wireless-setup/id876495880?mt=12
If you experience any issues while trying to locate the pritner during the wireless configuration. restoring the network defaults for the printer can be done by pressing and holding both the Cancel ( ), the Wireless ( ), and the Power ( ) buttons for three seconds.
Regards,
Shlomi
Say thanks by clicking the Kudos thumb up in the post.
If my post resolve your problem please mark it as an Accepted Solution -
Hi,
I've written an application which uses Xforms to fill in and save a set of fields to a file and then uses an Xforms submission to launch a java web start application which reads in the saved data. This approach allows me to provide a simple forms gui and process the resultant data on the client side.
However, this solution is limited and it would be much nicer if my web start application could read the xml instance data direct from the xforms submission (and provide data back to the form).
I know it's a long shot, but is there a way of doing this? An XForms submission with a post or put simply overwrites my jnlp file if it has permission to do so (as one might expect).
At the moment I do the following ...
<xf:submission id="RunJava" method="get" action="http://www..../myfile.jnlp"/>
If it were possible to do this then Xforms and java web start would make powerful allies imho.
Thanks for any wisdom.
-- Rupertbump
-
Custom Policy implementation when using Java Web Start.
Hi,
I hope it's okay for me to make a 'look here' type of post.
I'm having some trouble related to JAAS and Java Web Start and have made a post about it in the Web Start forums. I haven't had much luck in the Web Start forums and I don't want to make a duplicate post here, so here's a link:
http://forum.java.sun.com/thread.jspa?threadID=756178
If anyone has any suggestions please reply in the Web Start thread.
RyanIf you implement your own classloader, and then still run with a SecurityManager installed, then your ClossLoader is responsible for asigning the permissions to the code it loads.
You need your ClassLoader to extend SecureClassLoader, and implement the method :
SecureClassLoader.getPermissions(CodeSource cs) to return the PermissionCollection you want.
/Andy
Maybe you are looking for
-
Adding our own function to sap standard function code.
HI, My requirement is to add a functionality to icon(import) on alv application tool bar so that the customer get a popup message after data is transfered to excel. is that possible. else i want to know the procedure to pass header of my alv when i t
-
Links in email not opening in Firefox, only reach homepage.
When I click on a link in my mail program (Apple mail 4.3), I used to open Firefox on my homepage and also open a tab with the link. Since the 3.6.10 upgrade, Firefox only opens on my homepage. I have to then go back to the mail program and re-click
-
MBPro only drops wi-fi at home
Hello, I am using a Spring 2008 macbook Pro running Snow Leopard 10.6.2 OS. My wi-fi connection constantly drops at home (probably about 5 times per hour) where I am using a 2wire modem/router combo from AT&T. I haven't noticed any similar problems i
-
Reg: Creating sub menu for a concurrent program under menu on the Menu bar
Hi all, I would like to know, how we can create a sub menu for a conc. program under a sub menu on the Menu Bar ? Thanks In Advance. Regards, Neeti
-
Please tell me how I import video from my iPhone to iPhoto ?
Please tell me how I import video from my iPhone to my iPhoto Library ?