Hiding the web start security popup

Similar Messages

• Java web start security dialog with Java 7 update 51

  I build a Java Web Start application signed with a valid certificate.
  When I star the application the security dialog appear correctly as show in this figure
  http://www.java.com/en/img/download/trusted_signed.jpg
  My issue is about the "do not show again" checkbox.
  If the attributes href are present in the jnlp tag of the jnlp file the checkbox appear.
  If the attribute are not present, the checkbox doesn't appear and the run needs to be confirmed every time.
  (Example:
  <jnlp spec="1.0+" codebase=
  "http://docs.oracle.com/javase/tutorialJWS/samples/deployment/webstart_ComponentArch_DynamicTreeDemo"
  href="dynamictree_webstart.jnlp">
  This is a problem because my jnlp file is under a password protected directory and if href is specifed, the Java Web Start application try to retrieve it as the other resources. ( result in access denied because only the browser session is authenticated and the run fails)
  The documentation at Deploying a Java Web Start Application said:
  The codebase and href attributes are optional when deploying Java Web Start applications that will run on at least the Java SE 6 update 18 release or later. You must specify the codebase and href attributes when deploying Java Web Start applications that will run with previous releases of the Java Runtime Environment software.
  What is the right code? With href or without?
  Is this a BUG or a feature?
  How can I show the "don't show again" checkbox without having to specify the href attribute?

  From the documentation at JAR File Manifest Attributes for Security
  If the Application-Library-Allowable-Codebase attribute is present and matches the location from which the RIA is started, then a single host is listed in the Location field for the prompt and the option to hide future prompts is provided.
  This issue is also discussed here: Java Web Start security dialogs with Java 7 update 51 - Stack Overflow

• Trying the stop the "Adobe PDF – Security" popup message

  I'm using MS-Access to create multiple PDF reports, occasionally the whole process stops because of the “Adobe PDF – Security” popup message asking to “Select Document Components to Encrypt”.  We do not encrypt any of the PDF documents, and always hit the Cancel button.  It’s a pain when we run reports during the night as the whole process stops waiting for a reply to the encryption message.  Does anyone know how to stop the popup message ???

  You are correct, it is Distiller question.  I moved the question to the Adobe Windows discussion forum.
  Thanks,
  BWilliams

• Web Start Security and the Cache

  Hi,
  If the jars are signed and download occurs then webstart will verify the signature and tell the user that jars signed by user xxxxx are about to be run. Then the jars are cached by web start. My question is, what is to stop an attacker from replacing the jars in the cache with malicious ones? Does web start verify the signature on the jars when they are loaded from the cache aswell, thus preventing the jars from being changed? Or does the versioning system web start uses somehow prevent replacing the jars.
  Thanks for any help,
  Dave.

  How would an attacker replace the jars with malicious ones? Through the initial signed jars? That means the initial ones are already malicious anyway, so why bother? After all, the user has already given those signed jars all-permissions anyway...
  I'm sure you could devise some other means to do it using virus-like software, but all this would give you far greater control over the users machine than anything those cached jars could ever give you, even if the JNLP client did no checking on its cache whatsoever.

• Keystore used by the web start

  Dear friends,
  the keystore used by web start is the same used by the IExplorer?
  i.e., if I import a certificate in te browser, it is also valid to my web start applications ?

  No, these are two seperate keystores.
  However, if using 1.5.0 or later on windows, you can see a checkbox in the Security section of the advanced tab
  "Use certificates and keys from the browser keystore"
  this (on by default) will allow you to import a certificate only into you browser, and not have to import it again using the control panel.
  (This may only work with IE, I'm not sure)
  /Andy

• Urgent Problems with Web Start Security

  Has anyone used Java Web Start to load application? I have given all-permissions to the application when loaded and also give the AllPermission in Policy.setPolicy() inside the code. I encountered the following problems right now.
  (1) In the application, I want to connect another server (different from the web server where I load the application), and get the following error (looks like that I cannot ping other server):
  com.esri.mo.client.io.UnableToPingEsrimapException: Unable to ping ESRIMAP
  (2) I create local directory, connect to database, use the return results to create some corresponding local files and load the local files in the Swing component, but it just cannot load. Here is the error message:
  java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\ABC\Desktop\.\shpdir read)
  I believe all these problems are resulted from security. But I have set the permission and policy already, so any solutions are highly appreciated!
  Best Regards
  David

  Has anyone used Java Web Start to load application? I
  have given all-permissions to the application when
  loaded and also give the AllPermission in
  Policy.setPolicy() inside the code. I encountered the
  following problems right now.
  (1) In the application, I want to connect another
  server (different from the web server where I load the
  application), and get the following error (looks like
  that I cannot ping other server):
  com.esri.mo.client.io.UnableToPingEsrimapException:
  Unable to ping ESRIMAP
  (2) I create local directory, connect to database, use
  the return results to create some corresponding local
  files and load the local files in the Swing component,
  but it just cannot load. Here is the error message:
  java.security.AccessControlException: access denied
  (java.io.FilePermission C:\Documents and
  Settings\ABC\Desktop\.\shpdir read)
  I believe all these problems are resulted from
  security. But I have set the permission and policy
  already, so any solutions are highly appreciated!
  Best Regards
  DavidHello David,
  If you want to use local files(R&W) then you have to set the following lines the .jnlp file like this:
  <security>
      <all-permissions/>
  </security>Now if you assign all permission then you have to make jar file signed.(you can use jarsigner tools provided with the jdk_1.4.* to make the jar file signed).
  If the jar file is signed then you have unrestricted access to the client side.
  best of luck.

• I no longer see the padlock sign when on https sites. Why? And is the web page secure?

  When making payments etc on https sites I used to get a padlock symbol on the address line or bottom right hand corner tool bar. This was a symbol I had been told to check for to ensure the page is secure. I no longer see the padlock symbol on https sites since I upgraded to Firefox 4? On the tool bar at the top all I get is the golden star for book marking a page and nothing on the bottom tool bar.Why? And is the page still secure?

  The padlock has been replaced by the site identity button, for details on using it see https://support.mozilla.com/kb/Site+Identity+Button
  If you want to add a padlock icon to the location bar, you can use the Padlock add-on - https://addons.mozilla.org/firefox/addon/padlock-icon/

• Hiding The Web Service Homepage

  Is it possible to hide the web service homepage in WLS 7.0? Moving to 8.x
  is currently not an option for us.
  Jimmy
  James "Jimmy" Wilson
  [email protected]

  Is it possible to hide the web service homepage in WLS 7.0? Moving to 8.x
  is currently not an option for us.I'll answer my own question, use the exposeHomePage attribute of the
  web-service tag in the WebLogic web service deployment descriptor.
  However, this also causes the WSDL to become invisible as well. Explicitly
  setting the exposeWSDL attribute to true (the default) changes nothing.
  Jimmy
  James "Jimmy" Wilson
  [email protected]

• Java Web Start keeps asking user to accept signed app

  When in select "run" in the java web start security popup for a signed web start application I expected that Java Web Start would remember my decision since the app i supposed to be installed and run locally the next time? But next time I run the app Im asked the same question. So far Im only using a self-signed certificate - will web start react differently when I use a real certificate? I do have the option to generally accept the certificate in the popup but I was hoping java web start would remember my decision on a per application basis?

  Did a quick search on your post for '?' and did not find one. Did you have a question?
  BTW - when posting code or code snippets, XML/HTML(/JNLP) or input/output, please use the code tags as described on the 'sticky post' on the top of the forum thread listing. It is not too late to edit your initial post to do that (and you might as well add a question while you have it open for edit).

• Java Web Start and IE6 as the default browser on win2k

  Hi,
  I need to access web pages from my java web start app. These pages are on the save server and the same webapp context as the jsp page to launch the web start app, and are protected.
  I have tried with basic auth and servlet filter with cookie to control the access to the web server. When I need to access web server resource from web start app, I create the URL to the page I want to access, set the auth header or cookie and call the web start BasicService to open it in the default browser.
  With Netscape 4/7 or Firefox as the default browser, I have no problem to send the auth header or cookie from the web start app to the webserver for security checking and get access to the resource on the server.
  But it seems not woking when IE is set to be the default browser. I am always asked for userid/password if I use basic auth; or redirected to the login page if I use servlet filter and cookie.
  If anybody knows a solution for this IE dfficulity, could you please share it?
  harry

  How did you even get k9 on your iPad...it does not show up in my iTunes apps? So I
  Had to download it on my computer ...transfer it to my iPad... Now it's in my Dropbox
  On the iPad...but I can't figure out how to install it from here......I want a browser on my
  iPad that ihas parental controls...I see quite a few should be in the iTunes store..even
  Firefox....but not a one show up in my iTunes app store?????

• Accessing the browser session from a Web Start application.

  I am redeploying my applets as applications (JFrame) in the Web Start architecture. Is there a way for these applications to access the browser session that they were opened from? This was provided for me when I was opening my applets in a browser popup window (window.open()).

  To access the session, pass the session id in the jnlp file (this is assuming your jnlp file is generated dynamically by a servlet).
  Create another servlet to return whatever objects you want from the server session (call this servlet RetObject, lets say).
  When you access RetObject using a URLConnection, append ;jsessionid=<sessionid> to the servlet url
  e.g.,
  http://server/RetObject;jsessionid=hjh232323232jhkjh
  (for websphere, this variable may be csessionid. jsessionid works on weblogic and on tomcat).
  Use ObjectInputStream to receive objects from the servlet.
  -Rahul

• Web Start doesn't leave the gate on Linux and Mac

  I am evaluating Java Web Start to decide whether to recommend it as part of a government grant proposal. My initial impression of Web Start has been a sorry one. When I go to
  http://java.sun.com/products/javawebstart/demos.html
  and click on one of the demos, I am redirected to the page
  http://java.sun.com/products/javawebstart/needdownload.html
  which tells me that I need to download Java Web Start ("a one-time process"). Fine, I click on the download link, and instead of a download, what I get is a bug-report page:
  http://java.sun.com/webapps/bugreport
  I have seen this behavior on both Linux and Mac OS X. (My Windows machine already had Web Start installed from several months ago; I don't know if this reflects a superior Windows support relative to Linux or Mac OS X support, or a better download software several months ago.)
  This is a terrible first impression for one's software. Given these beginnings, any sane developer would run away as fast as possible from the Web Start technology. Clearly a lot of work has gone into Web Start, and to see squandered like this is surprising.
  Our software's user base (research biologists) has large Macintosh and Linux constituencies. My experience with Web Start suggests that Web Start would be a disastrous choice for us. I hope there is a simple way around these obstacles.
  Any suggestions would be much appreciated.
  Thanks,
  GFBerriz

  I haven't tested JWS before JRE 1.4 so I can't recommend you anything if you require JRE 1.3 or before, but if you can install JRE 1.4, specially JRE 1.4.2 or after, JWS works very good on Linux and Windows. In both platforms I use deploy applications using JWS and they all work very good. I have no experience on Mac OS X.
  Both platforms obviously require Java preinstalled. Also there is some ways to install Java automatically, this is something that must be done by an administrator as every other software that requieres installation and configuration on every PC. After that step, everything is very simple.
  On Linux if you click on a .jnlp file for the first time, at least mozilla ask if you want to save the file or open it, you can select the javaws executable inside your java installation as the program to open this file, mark that that's the action you always want to do with that kind of files, and that's all. Also you can manually register .jnlp files and application/x-java-jnlp-file mime tipe as handled by javaws as the last part of the java installation and this first step will not be necesary.
  On Windows the installer automatically register itself as insterested in handling jnlp files, so the previous step for linux is not required.
  Hope this helps.
  rivas.

• Poll: What is Your Web Start Project of the Year 2003?

  Hi,
  The Saturn Times announced the nominations for the "Web Start Project of the Year 2003" award today.
  The line-up includes:
  * NetX
  * OpenJNLP
  * Xito BootStrap
  * JDistro/Warf
  * Web Application Launcher (WAL)
  * Web Start Services Pack
  * Apollo
  * Rachel
  * Lopica Web Start Tools
  * Vamp Ant Task Suite
  Cast your vote today and help find the winner.
  Full story and pollstation @ http://lopica.sourceforge.net/times/2003/12/poll_what_is_your_web_start_project_of_the_year_2003.html
  - Gerald

  Hi,
  Due to popular demand here are the links to the ten Web Start Project of the Year 2003 contenders for easy reference.
  * NetX online @ http://jnlp.sourceforge.net/netx
  * OpenJNLP online @ http://openjnlp.nanode.org
  * Xito BootStrap online @ http://xito.sourceforge.net/projects/bootstrap
  * JDistro/Wharf @ http://www.jdistro.com
  * Web Application Launcher (WAL) @ http://w-a-l.sourceforge.net
  * Web Start Services Pack @ http://lopica.sourceforge.net/services
  * Apollo @ http://ajax.sourceforge.net/apollo
  * Rachel @ http://rachel.sourceforge.net
  * Lopica Web Start Tools @ http://sourceforge.net/projects/lopica
  * Vamp Ant Task Suite @ http://vamphq.com/ant.html
  - Gerald

• Certificate chain and Java Web Start

  Hi,
  I have an application as a JAR file with other JAR libraries. All these files are signed with a certificate that I have generated with my own CA (OpenSSL).
  The trusted chain is this: rootCA.cer ->subCA1.cer ->jws.cer
  jws.cer was generated with a Certificate Sign Request through the java KEYTOOL and then my CA has signed this request. After done this, I have put the jws.cer in the same keystore of the request but to do this I needed to put the rootCA.cer and subCA1.cer before in the keystore.
  The keystore has now three certificates and the key pair of jws.cer. This certificate works good to sign the JAR files.
  Is it all good?
  When I call this application with Java Web Start a popup always appears and say "Certificate is valid, etc. etc.". All it's good but pop-up is shown anyway.
  I have inserted the rootCA and subCA1 certificate in the client Java Web Start certificate store but the pop-up is always shown.
  Why this?
  Is It not enough to install the CA certificate (and then the SubCA certificate) in the JavaWS certificate (client) store to not have the pop-up visualization?
  Thanks

  no.
  Having a validly signed certificate (even if ussing a root already in the jres trusted root ca store) only verifys who the code is comming from, it is still up to the user to determine if your are trustworthy (to grant trust based on that verified identity).
  If you want to avoid seeing the certificate, you would need to import your certificate into the pre-approved certificate keystore. (that is , either into the User or System Trusted Certificates list) using the security tab on the Java Control Panel.
  /Andy

• Java Web Start Application surprisedly does not start anymore based on new JRE1.7.0_45

  Hi everyone,
  we have to maintain a self-developed Java Application which is running based on JRE1.5.0_51 (x64). Our recent client machines have JRE1.7.0_40 (x64 too) installed in addition to the mentioned (and needed) JRE1.5.0_51 (x64).
  Everything was fine up to the point where we tried to install the newest JRE1.7.0_45 (x64) as the new version for doing the web start magic. The result is that our application (which is/was unchanged!) does not launch anymore. The strange thing is that we do not get any StackTrace, Exception or something else like this.
  The startup process simply hangs :-(
  Nothing has changed (application itself, firewall, network settings, hardware) apart from the new JRE version. It's reproducible at will. If I install JRE1.7.0_40 (x64) the application starts, if I install JRE1.7.0_45 (x64) the application hangs.
  I can say for sure, that in both cases (*_40 AND *_45) Web Start is able to do the synchronizing job and to launch the application base on the correct JRE1.5.0_51 (x64).
  My guess is that in case of an installed JRE1.7.0_45 (x64), the application hangs when it tries to connect to the database (Oracle 11g) via JDBC.
  I found a little hint in the Web Start Console. Therefore I had to switch the trace level of the console to 3 (which includes security, network and basic)
  In case of an installed JRE1.7.0_40 (x64) - which leads to a running application - I will receive the following output:
  Java Web Start 10.40.2.43
  JRE-Version verwenden 1.5.0_51-b10 Java HotSpot(TM) 64-Bit Server VM
  security: Istrusted: http://PKS-Server/jnlp2/advise_office.jnlp true
  avawsApplicationMain     3798 DEBUG root                : get Service: com.sun.jnlp.BasicServiceImpl@3b8e609b  fileName: connection.properties
  network: Cacheeintrag nicht gefunden [URL: http://PKS-Server/jnlp2//connection.properties, Version: null]
  network: Verbindung von http://PKS-Server/jnlp2//connection.properties mit Proxy=DIRECT wird hergestellt
  avawsApplicationMain     3803 INFO  root                : 'Alex2 connection.properties' wurde vom WebServer gelesen
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  avawsApplicationMain     4488 DEBUG root                : get Service: com.sun.jnlp.BasicServiceImpl@3b8e609b  fileName: connection.properties
  network: Cacheeintrag nicht gefunden [URL: http://PKS-Server/jnlp2//connection.properties, Version: null]
  network: Verbindung von http://PKS-Server/jnlp2//connection.properties mit Proxy=DIRECT wird hergestellt
  avawsApplicationMain     4492 INFO  root                : 'Alex2 connection.properties' wurde vom WebServer gelesen
  Connect OK => application starts.
  In case of an installed JRE1.7.0_45 (x64) - which leads to a hanging application - I will receive the following output:
  Java Web Start 10.45.2.18
  JRE-Version verwenden 1.5.0_51-b10 Java HotSpot(TM) 64-Bit Server VM
  security: Istrusted: http://PKS-Server/jnlp2/advise_office.jnlp true
  avawsApplicationMain     3805 DEBUG root                : get Service: com.sun.jnlp.BasicServiceImpl@25a41cc7  fileName: connection.properties
  network: Cacheeintrag nicht gefunden [URL: http://PKS-Server/jnlp2//connection.properties, Version: null]
  network: Verbindung von http://PKS-Server/jnlp2//connection.properties mit Proxy=DIRECT wird hergestellt
  avawsApplicationMain     3810 INFO  root                : 'Alex2 connection.properties' wurde vom WebServer gelesen
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  network: Verbindung von socket://PKS-Server:1521 mit Proxy=DIRECT wird hergestellt
  These last "network:" log entries will never stop. This will lead to an infinite loop which results in a great memory leak. I have to kill the process via windows task manager in order to get rid of it.
  Does someone out there has the same problem? Are there any new additional security issues which prevent my client to establish the database connection on port 1521?
  Any other ideas?
  Thanks in advance for any hint on this issue!
  Regards,
  Alex

  Resolution: We still were not able to solve this issue! The only way to get out of this is to install the JRE1.5 as the x64 variant. In this case no switching from 64-bit to 32-bit is needed and everything is on track again.
  But this is still strange and unexplainable :-(