Webstart security message

[Dirk Niemeier]

Hi,
since 1.7.0.51 update I get every application start an security message. My webstart app is an intranet local application and I need unresticted access.
The message is: "do you want to start this application?"
(this application need unrestricted acces, this can be a risk,.....) free translation from german.

TIA
Dirk

 

[markspace]

Hi, since 1.7.0.51 update I get every application start an security
message. My webstart app is an intranet local application and I need
unresticted access. The message is: "do you want to start this
application?" (this application need unrestricted acces, this can be
a risk,.....) free translation from german.

<http://www.java.com/en/download/faq/signed_code.xml>


Quote:

"Developers: As of 7u51, (January, 2014), your Rich Internet
Applications (RIAs, also known as Applets and Web Start applications)
must be updated. The updates required are on the packaging and
distribution; no API code changes should be required. The impetus for
these changes relates to potential re-purposing of sandboxed
applications, whereby placing permissions within a signed JAR prevents
modification of your specified permission level.
RIAs must contain two things:

Code signatures from a trusted authority. All code for Applets and
Web Start applications must be signed, regardless of its Permissions
attributes.
Manifest Attributes
Permissions – Introduced in 7u25, and required as of 7u51.
Indicates if the RIA should run within the sandbox or require
full-permissions.
Codebase – Introduced in 7u25 and optional/encouraged as of
7u51. Points to the known location of the hosted code."

 

[Roedy Green]

since 1.7.0.51 update I get every application start an security message. My webstart app is an intranet local application and I need unresticted access.
The message is: "do you want to start this application?"
(this application need unrestricted acces, this can be a risk,.....) free translation from german.

Here are three solutions.

1. buy a real code-signing cert, and put a copy of your jnlp file
inside the jar under the name. JNLP_INF/APPLICATION.JNLP before you
sign the jar. You still need a freestanding copy to launch the app.

2. put your properties in a kludge.properties resource in the jar and
read them with Properties.load instead of System.getProperties.

3. Run the app standalone. Put the properties as -D switches on the
command line.

 

[Dirk Niemeier]

Hello Roedy,
I tried solution no.1. And I am a small step further.

I signed it and get an other startup popup, because the missing JNLP-INF/APPLICATION.JNLP. ( signed, but start with unrestricted access and JLNP is missing ).
My problem is now: when I add the APPLICATION.JNLP to the JAR file I get the popup where I can check that the popup should not come up again. But after I confirm that I will start the application nothing happens. When I delete the APPLICATION.JNLP from the JAR file it will start again.
You ever heard about that problem?
TIA
Dirk

 

[Roedy Green]

You ever heard about that problem

Nothing works the way any sane person would design. It makes you give
permission several times to run a program. It asks you if you want to
give permission of all time to everything on the site. You say yes.
But it acts as if you said no.

It asks for permission for sandbox apps.

It asks permission if you reload the page (through Chrome is better
about that).

It asks permission if you jump to a page then hit back.

I don't have real cert yet. I gave up part way through application.
My legal name is not the name everyone knows me by, and I don't want
to broadcast my legal name. My company is not really in business any
more to have a license. It is on my todo list to give it another
bash.

 

[Richard Maher]

Nothing works the way any sane person would design.

I suggest it has more to do with competence than sanity.

It makes you give
permission several times to run a program. It asks you if you want to
give permission of all time to everything on the site. You say yes.
But it acts as if you said no.

In my opinion Eric Costlow's lack of exposure to Java and its inner
workings has left him tinkering at the periphery and trying to electrify
and razor-wire the moat.

It asks for permission for sandbox apps.

This is his greatest crime against the Java community :-( This paradigm
has served Java so faithfully over the years it is absolutely
unbelievable that anyone would throw this baby out with any bathwater.

It asks permission if you reload the page (through Chrome is better
about that).

Any of you out there using Chrome and Applets on Linux? Has it stopped
working yet?

It asks permission if you jump to a page then hit back.

I don't have real cert yet. I gave up part way through application.
My legal name is not the name everyone knows me by, and I don't want
to broadcast my legal name. My company is not really in business any
more to have a license. It is on my todo list to give it another
bash.

Don't worry, for every additional lock Eric puts on the door he opens
another window. Site-policy files, user exception list etc.

 

[Dirk Niemeier]

Hi,
it's nice for you to talk about your opinions. But that discussion should be an other thread.

My problem is solved by my self. I had a special VM arg setting that caused the problem. (java-vm-args="-Xrunyjpagentort=10001")

Is the port reserved for something?

TIA
Dirk