Help with signing jar files

Similar Messages

• Turning off jar cache causes classnotfound with signed jar files

  Hi,
  I have a problem with applet signed jars when the java cache is turned off.
  With the cache turned off, I get a class not found for the first class it attempts to use from the signed jar file from an applet.
  If I turn the jar caching on, all works perfectly with no other changes.
  Anyone have any ideas? This is java 6u16.
  Thanks

  jkc532 wrote:
  .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
  ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

• Problems with signed JAR files in JWS/JRE6 environment.

  Hello All,
  I'm encountering a problem running our desktop application as a Java Web Start deployment in a JRE 6 environment. There were never any problems when running the same application as a JWS deployment in JRE 1.4, or 5, environments. There are also currently no problems in a JRE 6 environment when running the application as a standard desktop application.
  The problem which I am having has nothing to do with launching the application. But for good measure, I verified the JNLP file with JaNeLA. A couple things we out of order, which I addressed to make JaNeLA happy, but my problem still persists. Here is my JNLP file (anonymized to protect the innocent):
  TS: 2010-10-18 17:04:46
  <?xml version="1.0" encoding="UTF-8"?>
  <jnlp codebase="$$codebase" href="$$name">
       <information>
            <title>Acme Desktop</title>
            <vendor>Acme Corporation</vendor>
            <homepage href="http://www.acme.com/"/>
            <description>Acme Client for Acme Server</description>
            <description kind="tooltip">Acme Client for Acme Server</description>
            <icon href="desktop.gif"/>
            <offline-allowed/>
       </information>
       <security>
            <all-permissions/>
       </security>
       <resources>
            <j2se version="1.5+"/>
            <jar href="acmedesktop.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/antlr-2.7.2.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/backport-util-concurrent.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-codec-1.3.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-httpclient.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-logging.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/acmeapi.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/HelpJavaDT.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/HelpJavaDT_es.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/jacorb.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/Multivalent.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/slf4j-api-1.5.6.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/slf4j-jdk14-1.5.6.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/snow.jar" download="lazy" version="8.00.01.00+"/>
            <jar href="lib/AcmeTMClient.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/xercesImpl.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/xml-apis.jar" download="eager" version="8.00.01.00+"/>
            <extension name="installer" href="desktopInstaller.jnlp" />
            <extension name="Java Help" href="help.jnlp"/>
            <property name="java.library.path" value="./lib"/>
            <property name="admin" value="false"/>
            <property name="webstart" value="true"/>          
            <!-- The following two lines are for SSO implementation only
            <property name="urladdress" value="http://localhost:8080/AcmeDesktop/servlet/AcmeServlet"/>
            <property name="cookiespec" value="RFC2109"/>
            -->          
       </resources>
       <resources os="Windows">
            <nativelib href="lib/jniWin32.jar" version="8.00.01.00+"/>
       </resources>
       <application-desc main-class="desktop"/>     
  </jnlp>-----
  When running as a JWS deployment, on JRE 6, the application will be functioning normally for a little while, and then suddenly the following exception is thrown, and the current operation fails because the class in question cannot be accessed:
  java.lang.SecurityException: class "acmeapi.communication.CDocImpl"'s signer information does not match signer information of other classes in the same package
       at java.lang.ClassLoader.checkCerts(ClassLoader.java:807)
       at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488)
       at java.lang.ClassLoader.defineClassCond(ClassLoader.java:626)
       at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
       at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
       at com.sun.jnlp.JNLPClassLoader.findClass(JNLPClassLoader.java:288)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
       at acmeapi.common.CDoc.getAnnotationsInfo(CDoc.java:493)
       at acmedesktop.communication.CCommunicationManager.privateGetAnnotations(CCommunicationManager.java:1976)
       at acmedesktop.communication.CCommunicationManager.getAnnotations(CCommunicationManager.java:1828)
       at acmedesktop.annotations.CViewAnnotations.getAnnotations(CViewAnnotations.java:826)
       at acmedesktop.annotations.CViewAnnotations.createView(CViewAnnotations.java:583)
       at acmedesktop.annotations.CViewAnnotations.setData(CViewAnnotations.java:736)
       at acmedesktop.annotations.CViewAnnotations.init(CViewAnnotations.java:205)
       at acmedesktop.hitspanel.CHitsPanel.viewAnnotations(CHitsPanel.java:281)
       at acmedesktop.hitspanel.CHitsTab$3.mousePressed(CHitsTab.java:316)
       at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:263)
       at java.awt.Component.processMouseEvent(Component.java:6260)
       at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
       at java.awt.Component.processEvent(Component.java:6028)
       at java.awt.Container.processEvent(Container.java:2041)
       at java.awt.Component.dispatchEventImpl(Component.java:4630)
       at java.awt.Container.dispatchEventImpl(Container.java:2099)
       at java.awt.Component.dispatchEvent(Component.java:4460)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
       at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4235)
       at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
       at java.awt.Container.dispatchEventImpl(Container.java:2085)
       at java.awt.Window.dispatchEventImpl(Window.java:2478)
       at java.awt.Component.dispatchEvent(Component.java:4460)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
       at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)-----
  The classes of our desktop product are contained within the 'acmedesktop' and 'acmeapi' packages. It requires access to the hard drive of the workstation, and therefore, all jar files included with the application are signed using the following ANT task when compiled:
  <signjar keystore="resources/codesigning/keystore.pfx" storetype="pkcs12" storepass="myPassword" alias="myAlias">
       <fileset dir="${jws_dist}/app" includes="*.jar"/>
       <fileset dir="${jws_dist}/app/lib" includes="*.jar" excludes="jhall__V${dt_version}.jar"/>
  </signjar>-----
  Therefore, all classes, within all jar files, are signed with the same certificate (with the exception of the JavaHelp libraries, which are already signed by Sun - but the class in question attempting to be loaded here is not contained within the JavaHelp jar file anyway). So, the point being, that the exception message stating that the "signer information of the acmeapi.communication.CDocImpl class doesn't match the signer information of other classes in the same package", is simply not correct. All classes within that jar file were signed using the same certificate.
  I downloaded the JRE 6 source from dev.java.net and picked through this issue with a debugger. The ClassLoader.checkCerts() method compares the certificate used to sign the current class which is attempting to be loaded, with the certificates which signed all other previously loaded classes within the same package. If they don't match, the exception above is thrown. What is causing the issue is when the checkCerts() method attempts to get the certificates which signed the currently loading class, null is returned. And obviously, comparing null, with an array of the certificates which signed the previously loaded classes, isn't going to match; therefore this exception is thrown.
  The checkCerts() method gets the certificates of the currently loading class by calling the java.security.CodeSource.getCertificates() method. Tracing deeper in the debugger, the CodeSource object ultimately gets the certificates from the 'signersRef' member variable of the com.sun.deploy.cache.CachedJarFile class. signerRef is a SoftReference object and can therefore be garbage collected at some point. If it has already been garbage collected, the CachedJarFile class will attempt to retrieve it again from the loaded cache entry by calling com.sun.deploy.cache.MemoryCache.getLoadedResource().
  The MemoryCache class maintains the cache entries to the jar files as MemoryCache.CachedResourceReference objects, which subclass WeakReference, and therefore these objects can be garbage collected as well. If the cache entries have also been garbage collected, this leaves the CachedJarFile class with no ability to repopulate the CachedJarFile.signerRef object. Therefore it is completely out of luck getting the certificates which signed the currently loading class, which ultimately causes the above exception.
  When the com.sun.deploy.cache.Cache class attempts to retrieve a cache entry using its getCacheEntry() method, it will attempt to get the entry from the MemoryCache class, if null is returned, it will recreate the cache entry and add it back to the MemoryCache. In contrast, when the CachedJarFile class attempts to get a cache entry from the MemoryCache class, if null is returned, it just gives up.
  (from com.sun.deploy.cache.CachedJarFile:244)
  private CacheEntry getCacheEntry() {
       /* if it was not created by Cache do not search for entry */
       if (resourceURL == null)
            return null;
       CacheEntry ce = (CacheEntry) MemoryCache.getLoadedResource(resourceURL);
       if (ce == null) {
            //This should not happen because CacheEntry should not get collected
            // before CachedJarFile is collected.
            Trace.println("Missing CacheEntry for " + resourceURL + "\n" + ce,
                 TraceLevel.CACHE);
       return ce;
  When debugging, code execution falls within the code block with the comment stating "This should not happen...", but it is happening in my case.
  On an interesting side note, using the jvisualvm.exe tool included with JDK 6, I was able to tell that it seems as though these objects are collected the first time that the JVM allocates more heap space, and then the issue will occur. If I set the initial heap size very large (using -Xms) this issue won't occur at all. But that is kind of a bad solution which I would rather not do, but it is interesting to note for the sake of troubleshooting this issue. The max heap size (-Xmx) is plenty big enough, so the issue is not that we are running out of memory here.
  Does anyone have any insight as to what could be causing this? I've searched, and found a couple threads with similar problems but with no clear solutions. It is not just one workstation either, it happens everywhere I deploy the app as a Java Web Start application in a JRE 6 environment. I have been using version 1.6.0_18 on XP, but it seems to happen on any update version of 1.6. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?
  Thank you
  Jake
  Edited by: jkc532 on Nov 12, 2010 10:35 AM

  jkc532 wrote:
  .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
  ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

• Oracle 9i: Help with loadjava jar files to call out web service from pl/sql

  I'm trying to build a web service client using dbws_callout_utility.zip (version used for prio 10g database). I followed the articles in oracle site to loadjava jar files (soap.jar, dms.jar, ejb.jar, jssl-1_1.jar, mail.jar, servlet.jar) into Oracle DB 9i before invoke jpub to gen stub class and wrappers in oracle 9i but i have many errors such as ora-29534 and ora-29521. As consequence i could not invoke jpublisher to generate code.
  Pls. help my with detail guide to overcome these errors, thanks in advance! My DB is Oracle 9.2.0.5

  Dear,
  I have read your article, it is useful for me. But I cannot Apply to my case. Please kindly help me. Thank you.
  When running, the error occurs:
  1:39:31 Execution failed: ORA-20000: soapenv:Server.userException - org.xml.sax.SAXParseException: Attribute name &quot;password&quot; associated with an element type &quot;user&quot; must be followed by the &apos; = &apos; character.
  My webservice Url: http://abc.com.vn:81/axis/ABC_WS_TEST.jws?wsdl
  I make PL/SQL (similiar as your example)
  FUNCTION INVOKESENDMT
  RETURN VARCHAR2
  AS
  l_request soap_api.t_request;
  l_response soap_api.t_response;
  l_return VARCHAR2(32767);
  l_url VARCHAR2(32767);
  l_namespace VARCHAR2(32767);
  l_method VARCHAR2(32767);
  l_soap_action VARCHAR2(32767);
  l_result_name VARCHAR2(32767);
  p_zipcode VARCHAR2(160);
  BEGIN
  --p_zipcode:='''TEST'' ; ''TEST'';''84912187098'';''84912187098'';''0'';''8118'';''1'';''000001'';''ThuNghiem'';''''';
  p_zipcode:='TEST';
  -- Set proxy details if no direct net connection.
  --UTL_HTTP.set_proxy('myproxy:4480', NULL);
  --UTL_HTTP.set_persistent_conn_support(TRUE);
  -- Set proxy authentication if necessary.
  --soap_api.set_proxy_authentication(p_username => 'TEST',
  -- p_password => 'TEST');
  l_url := 'http://abc.com.vn:81/axis/ABC_WS_TEST.jws';
  l_namespace := 'xmlns="' || l_url || '"';
  l_method := 'sendMT';
  l_soap_action := l_url || '#sendMT';
  l_result_name := 'sendMTResponse';
  l_request := soap_api.new_request(p_method => l_method,
  p_namespace => l_namespace);
  soap_api.add_parameter(p_request => l_request,
  p_name => 'user password sender receiver chargedflag servicenumber messagetype messageid textcontent binarycontent',
  p_type => 'xsd:string',
  p_value => p_zipcode);
  l_response := soap_api.invoke(p_request => l_request,
  p_url => l_url,
  p_action => l_soap_action);
  l_return := soap_api.get_return_value(p_response => l_response,
  p_name => l_result_name,
  p_namespace => l_namespace);
  RETURN l_return;
  END;

• Help with creating jar file and running it ?

  Hey guys,
  I have a program with a package called classes and a sub-package called classes.mainLib.
  I am trying to create a JAR file of the class files in mainLib. There is only one class file in classes and that contains the main method. So this is what i am doing:
  1. create a manifest file with: Main-Class: classes.Cars
  2. from within the mainLib directory (./program_name/classes/mainLib/) i do this:
  jar cvf mainLib.jar manifest ./*.class
  3. Then i move this jar file to ./program_name/lib and change directory to ./program name/
  4. try to do this: java -jar ./lib/mainLib.jar
  But it errors with:
  gary@linuxbox:~/java/cars$ java -jar ./lib/mainLib.jar
  Failed to load Main-Class manifest attribute from
  ./lib/mainLib.jar
  Any ideas why this is happening. the manifest is included in the jar'ing
  Thanks.

  At a glance, it looks like you are placing only the
  class files in the jar and trying to navigate your
  classpath to run it. Instead, you have to place ALL
  the package folders into the jar from the root of
  your package hierarchy and the jar runs anywhere, in
  any folder. The packages are INSIDE the jar.
  also I see cars/classes in a path you describe ...and
  the program seems to wnat classes/Cars ??? Could
  this be an additional issue (or am I missing seeing
  something about your package structure)?Firstly, i believe all my spelling and cases are correct.
  I have the following strcuture:
  Cars.class (contains main) : package classes in ./classes directory
  All other classes : package classes.mainLib in ./classes/mainLib
  I would like to jar ALL files in mainLib but not the class that contains the main method. Is this possible?
  I'm not sure how clear i was earlier, hope this is more understandable.

• Help with Using JAR files

  I'm attempting to run a Java program that is contained in a .JAR file. The problem is not with that .JAR but with referencing a second .JAR for support classes. The problem is that I've created a support .JAR with two classes: Compute and Task called "Compute.jar". I've created a second class "ComputeEngine.jar" (in case you're wondering, this is the RMI example from the Sun website). I'm trying to compile this in XCode (Mac OS X IDE) which I'm not too familiar with but getting the hang of it.
  I've gotten far enough to reference the Compute.jar in the compiling and building of ComputeEngine.jar but when I run the ComputeEngine.jar, I get nothing. So I use a terminal window to run the ComputeEngine.jar with "java" command. Here's what happens:
  I enter: java -cp /Developers/Projects/Compute/build/Compute.jar -jar "ComputeEngine.jar"And I get an error: Exception in thread "main" java.lang.ClassDefNotFoundError: compute/ComputeI'm not sure why this is happening. Here is the jar tf Compute.jar output:
  META-INF/
  META-INF/MANIFEST.MF
  compute/
  compute/Compute.class
  compute/Task.classAnyone have a clue?
  Thanks
  Matt

  Thanks for the prompt response. Forgive my ignorace, but I'm new to JARs (actually wouldn't have been using it but for the fact that XCode defaults to that type of target). How do I specify the classpath in my jar? And which jar are we talking about? The Compute.jar or the ComputeEngine.jar?
  Thanks again.

• Help with runnin JAR files

  java -cp smpp.jar:smscsim.jar com.logica.smscsim.Simulator
  Can someone explain this line. Where do the jar files have to be located for this to work. also what is the function of the com.logica.smscsim.Simulator. Does it mean that the jar files should be in com.logica.smscsim. I try it and it gives me
  Exception in thread "main" java.lang.NoClassDefFoundError: com/logica/smscsim/Simulator
  And the Simulator.java file is in the com.logica.smscsim. The class path is set.
  Here is a web site that i got this from: http://opensmpp.logica.com/CommonPart/Introduction/Introduction.htm
  Thanks!

  cp is an abbrieviation for classpath java -classpath .... is equivalent to java -cp. In your case, the jars contain the Simulator class. If you opened on with winzip or winrar you would find the Simulator class in com/logica/smscsim folder. It doesn't matter where the jar files are located. The line that you put on there, however, assumes that you are executing the java command from the same folder where the jars are.

• Help with Java JAR file opbfuscation.

  I am looking for a free (no $) for use on commercial java code
  code obfuscation program, which can beat the Jode decompiler.
  I have tried Proguard, and I have tried Joga
  (using Jode itself for obfuscation is too complex for my purposes).
  Is there a simple way to beat decompilers like Jode and DJ,
  without a financial outlay if possible,
  given how easy it is to decompile Java bytecode?

  All interesting remarks, everyone!
  Proguard doesn't prevent decompilation on something very small, like a jar
  with one or two classes.
  Proguard is free(no money) for use over commercial java code,
  and is itself a java jar, so it will run on Windows,
  Mac and Linux platorfms.
  It also correctly obfuscates and links external java libraries
  and references to the man jar/class in a very systematic way.
  I'm just wondering if there is something similar to proguard on licensing arrangements,
  working over small amounts of code, and beating
  the decompilers (like Jode).
  I have used the code obfuscation that Dr.Java performs on it's classes during compilation.
  And while the resulting class file tested does confound Jode,
  JD-Gui ("Java decompiler") instantly beats the results of Dr.Java.
  Considering how easy it is to break class files, I was figuring that either Sun
  or another would offer a free/open source/cheap way to secure these class files,
  without resulting to Zelix Klassmaster, and instead of leaving a mess
  of decompiled source code, prevent decompilation of java byte
  code even happening at all?
  Any ideas?
  Edited by: Zac1234 on Jul 5, 2009 10:55 PM

• Help with ejb-jar file

  Hello everybody;
  Have any of you read the article "HOWTO: Use a BC4J Application Module in a Stateless EJB Session Bean" ?
  Well, what I am trying to do is a Stateles CMT Session Bean with more than 1 method, and my question is what can I do in order to specify the container that I am going to use a container transaction per each method in my EJB Session bean.
  I hope you read it, because I am clueless in al this stuff!

  The EJB JAR DTD looks like this visually:
  So you can include multiple <method> element siblings as the child of a <container-transaction> element.

• Is it possible to verify a signed jar-file from a program?

  Is it possible to verify a signed jar-file from a program
  (using some API) likewise jarsigner does?

  Is it possible to verify a signed jar-file from a
  program
  (using some API) likewise jarsigner does?Hi,
  You would have to open the jarfile, read each jar entry and for each of them do a getCertificates() and then in turn verify each certificate with the public key of the enclosed certificates in the jar file.
  An easier solution would be to use the verify flag of the JarFile or JarInputStream.
  Hope it helps..
  Cheers,
  Vijay

• Three questions about signed jar file and applet

  I use three signed jar file. Each of them signed by different certificate. First of JARs contain applet class. When I start applet from html page I see message &#8220;This applet was signed by&#8230;&#8230; but Java cannot verify it&#8230; Do you trust&#8230;?&#8221;. All times I press &#8220;Yes I trust&#8221; and after this questions applet stop to work end exit. If I use only one certificate for signing of three JARs then applet continue to work after question. 1) What should I do to fix this bug? 2) Is it any method to check from applet that user press Trust button? Is it any method to emulate work of SecurityManager to check that Certificate object is trusted (I want do call some method check(Certificate) and if certificate is not trusted I want to see message with question: &#8220;Do you want to trust this certificate&#8221; and so on)?

  Hello Jarman,
  1. If I have a signed jar file, then as long as the
  certificate is recognised as trusted that applet can
  run as a fully trusted application on the client
  machine. So I should not have to add lines such as
  permission java.lang.RuntimePermission
  "readFileDescriptor", "read" ;
  permission java.lang.RuntimePermission
  "writeFileDescriptor", "write" ;
  to my java.policy file. true/false ?true
  2. If I am running a signed jar file in the Java
  plugin then I do not need to have a verisign or thawte
  certificate (however to allow my certificate to be
  accepted I do have to import it into the cacerts file
  on the client machine). True/false?true
  3. Following on from question 2, if I want to be able
  to run an applet on a client machine, without messing
  around with ANY files on those machines, I need a
  verisign or thawte certificate. True/false?true
  4. (And finally) Apart from a security exception
  saying that I need to add one of the lines like those
  of question 1, is there any way I can get other debug
  information as to why the signed jar file is not being
  recognised as signed?No. This could be a problem of importing your certifcate into the wrong place.
  The information on the following link is a little bit dated but it helped me to successfully install a testcertificate and sign an applet with it.
  http://www.suitable.com/Doc_CodeSigning.shtml

• Peculiar issue with signed .jars and Linux (Debian unstable, 2.4.20-custom)

  BACKGROUND:
  I am a developer working on a Java3D application, which is to be deliverable over
  the Web. Delivery as an applet seemed a natural choice, and so I spent a considerable amount of effort learning (I won't say "mastering") the process of
  creating a self-signed .jar containing java3d-<some_version>.exe. I have in fact
  successfully created a fully-fuctional from-scratch JPI/Java3D/myapp install. By
  this I mean that Windows machine with only stock IE installed could hit my URL,
  get the proper JPI installed, followed by the Java3D runtime I'd chosen, as well
  as a third-party DXF loader, and finally (after much clicking of 'Yes', 'Accept',
  'OK', etc.) see my app in a browser window.
  That was on my old, slow, Windows2000 workstation. Now I have a shiny, new
  workstation upon which my employer has graciously allowed me to run Linux. Sadly,
  the re-creation of the self-signed .jar files under a new JDK has not gone smoothly.
  PROBLEM DESCRIPTION:
  When a user attempts to download the self-signed .jar containing the auto-install
  executable for the Java3D runtime, the normal security warning prompts are displayed (one for granting to install the extension, one to accept the "suspect" certificate from me alone). The plugin happily downloads the .jar file, and then
  a NullPointerException is thrown, with a
  stack trace like:
  NPE!
  at java.util.zip.ZipFile.getInputStream (unknown source)
  at java.util.jar.JarFile.getInputStream (unknown source)
  <something>doPrivileged<something>
  etc.
  I apologize for the lack of a full stack trace; I would essentially have to type it in by hand after printing it out on the remote test box; I hope that I've caught the important details above.
  After this, the pure-java signed .jar is downloaded and installed, and then the applet "loads" with the predictable ClassNotFoundException for javax.media.j3d.SceneGroup.
  Downloading and installing the J3D runtime by hand and then re-visiting the URL results in a fully-functional applet.
  I've tried Blackdown Linux JDKs 1.4 and 1.3.1, as well as Sun's JDKs 1.3.1_07 and 1.3.1_05 for the compiling, jar'ing, and jarsigner'ing of these files, all with the same result. At each new JDK, I re-did the HTML conversion so that he appropriate
  JPI version was required on the client. I did complete uninstallations of all client JPI instances (including Web Start for 1.4.1_x, as well as cleaning the registry on the client).
  When this strategy worked, it was on Sun JDK 1.3.1_05 for Windows runnning on Windows2000, unknown service pack.
  DESIRED BEHAVIOR:
  I would like my clients to be able to go from stock Windows2K/IE (this being an intranet without any other options) to some JPI version running the J3D extension, with only the need to click 'OK', 'Accept', 'Grant This Session', etc. a bunch of times on the part of the user. I want this to happen without my having to resurrect my decrepit old Compaq Deskpro just to play the role of "build host" for my
  Java3D and loader .jar files, if at all possible.
  FILES:
  Here's what gets merged into the "main" applet's mainfest at creation time:
  Manifest-Version: 1.0
  Extension-List: java3d DxfLoader
  java3d-Extension-Name: javax.media.j3d
  java3d-Implementation-Vendor-Id: com.sun
  java3d-Implementation-Version: 1.3
  java3d-Specification-Title: Java 3D API Specification
  java3d-Specification-Version: 1.3
  java3d-Specification-Vendor: Sun Microsystems, Inc
  java3d-Implementation-URL: http://10.1.1.1/heartcad/lib/java3d.jar
  DxfLoader-Extension-Name: eupla.dxfloader
  DxfLoader-Implementation-Title: Eupla DXFLoader
  DXFLoader-Implementation-URL: http://10.1.1.1/heartcad/lib/DxfLoader.jar
  And into the manifest for the J3D .jar:
  Manifest-Version: 1.0
  Implementation-Version: 1.3
  Specification-Version: 1.3
  Extension-Installation: "java3d-1_3-windows-i586-directx-rt.exe"
  Extension-Name: javax.media.j3d
  Implementation-Vendor-Id: com.sun
  Implementation-Vendor: Sun Microsystems, Inc
  Specification-Vendor: Sun Microsystems, Inc

  I have seen that bug, and the problem I'm having seems to be different than it. The extension installer is in the first extension .jar my applet asks for, and it
  never works automatically, regardless of how many times the applet is loaded.
  The second .jar, which doesn't have to run any installer, always works fine, but the first one will never work (a manual install of the Java3D runtime is required). This seems to not be the behavior described in the bug.
  I will continue to search for an answer to this problem, and of course if I should find anything I'll post it here.

• How can i add update signed jar file

  I am developing an applet which requires signing to run in a browser.
  I am developing supporting classes. But these class files have to be added
  to the jar. Isnt it??
  But to test the applet i need to load it in the browser each time i modify the class files. So the jar file need to be updated every time. But an
  IOError
  is being displayed when i try to update the signed jar file.
  How can i update signed jar file?? Or is there any othe way to test the signed applet during development??

  How can i update signed jar file?You can't, the signature is there to make sure the content of the jare hasn't been messed
  with.
  Either recreate the jar and re sign it or set up a policy during testing.

• Problems with Signed jar

  I am having a problem with signed jar and deploy in html
  get this error on the page
  self signed
  /dist/testfx.html
  JavaFX application could not launch due to system configuration. See java.com/javafx for troubleshooting information.Unsigned jar works perfectly but has security and permission issues when using classes.
  This was working in beta 45

  Can you post an example project that demonstrates the problem? There were changes to the ant tasks and netbeans support around B45 that could cause problems depending on which version of the SDK and NetBeans you have. Similarly, if you wrote ant scripts prior to B44 and then use them with a later build you could have problems. And of course, if you're producing the Jar file and deployment artifacts without using the provided ant tasks (for example, using the normal ant jar task) you'll have problems.
  I've verified that this works as expected in the FX 2.0 GA release using ant from the command line, and with the NetBeans 7.1 beta release using the FX 2.0 GA release.

• URLClassLoader + dynamically loading signed jar files

  I have an applet that does not know all of the jar files it will need to load at startup.
  I would like to dynamically load these signed jar files using the URLClassLoader, however it does not recognize these jar files as being signed and I get java.security.AccessControlException: access denied errors.
  Any suggestions?
  Thanks!

  Try this classloader for loading the jars, it should to the trick:
  import java.net.URL;
  import java.net.URLClassLoader;
  import java.net.URLStreamHandlerFactory;
  import java.security.AllPermission;
  import java.security.CodeSource;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  public class AllPermissionsClassLoader extends URLClassLoader {
      public AllPermissionsClassLoader (URL[] urls) {
          super(urls);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent) {
          super(urls, parent);
          System.out.println(parent);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) {
          super(urls, parent, factory);
      protected PermissionCollection getPermissions (CodeSource codesource) {
          Permissions permissions = new Permissions();
          permissions.add(new AllPermission());
          return permissions;
  }