Hosting custom signed set of Jars

classic Classic list List threaded Threaded
11 messages Options
BIS
Reply | Threaded
Open this post in threaded view
|

Hosting custom signed set of Jars

BIS
This post was updated on .
I'm still working on resurrecting a set of old JOGL web start apps. I am at the point of adding jnlp files and jars to support JOGL to my web site, and I need to be pointed at the appropriate resources.

Steps I've taken so far -

1) Ported projects from JOGL 2.2.4 to 2.3.1.

2) Successfully built a simple do-nothing test app, modified it's manifest to accommodate all the new web-start security requirements, paired it with a JNLP file that also accommodates new security requirements, signed it with a trusted cert, and successfully deployed it to my site. (Note that this was a little tricky. As Julien had noted, there are a number of new attributes that have to be included in the manifest (Permissions, Application-Name and Codebase), and they (at least some) are apparently order-sensitive. Furthermore, if your app loads any resources, even from it's own signed jar, you also have to include the 'Trusted-Library' tag, the Permissions tag MUST be all-permissions (and the JNLP MUST match this), and the Trusted-Library tag has to follow the other three. (At least that was what I found.))

3) The apps used JavaHelp. In order to ease the transition as the security protocols tightened, Sun had made available an unsigned set of JavaHelp jars a few years back, with the intention that developers could sign them and put them on their servers. OK as far as it goes, but remember those additions the manifest now requires? Using 7-Zip, I drilled into the jhbasic.jar from the package, modified and saved it's manifest in situ, then signed the jar. Worked perfectly - the test app can now download the jhbasic.jar as an application extension from my server (had to modify the JavaHelp jar's JNLP to include the security tag) without any security warnings or prompts beyond the single one for the host app. (Runs with a JRE security setting of Very High with no problems.)

4) So. I am ready to perform the same operations on a set of JOGL jars and JNLP files. At one time, as I recall, there was an example that demonstrated hosting the entire set of JOGL jars and jnlp's on a user's server. There was one main jnlp that would identify the web browser's host OS and point it at the correct sub-jnlp, which would load the appropriate jars and/or host OS binaries.

Does that example still exist? Where? Is there a pre-built package, rev-specific (2.3.1), with JUST the jars and jnlp's I'd need to implement this sort of solution? Or do I need to download the jogamp-all package for that rev and go through it to extract the jars I'd need before modifying and signing them? (If that's the case, is there any documentation of the process, or a simple-to-follow procedure?)

Thanks in advance...
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

gouessej
Administrator
Hi

I use "Trusted-Only" instead of "Trusted-Library" in my fat JARs. Why not looking at our JNLP files?
http://jogamp.org/deployment/jogamp-current/jogl-all-awt.jnlp
http://jogamp.org/deployment/jogamp-current/jogl-demos/applet-gears.html

Please keep in mind that Java Webstart often gets broken, which mainly explains why I refused to invest any money in a "trusted" certificate.
Julien Gouesse | Personal blog | Website
BIS
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

BIS
This post was updated on .
Right - it looks as if I'm all set. You had pointed me at the right jnlp file - I just needed to look at a local version.

I have the first in the series of apps working with the 2.3.1 distribution, hosted on my server. So it's all good.


Thanks for your time and patience.



Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

gouessej
Administrator
Good job :)

Your applications will be blocked by default on recent Macs because of Gatekeeper even though they are signed.
Julien Gouesse | Personal blog | Website
BIS
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

BIS
gouessej wrote
Your applications will be blocked by default on recent Macs because of Gatekeeper even though they are signed.

That's good to know. I'm updating the installation instructions web page; I'll have to make a note of that.

Like we needed one more layer of security.

 
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

zakaria
Hi
I'll do everything I can jogl Zakaria Iran netbeans I install on me with a complete training videos help me Sorry my English is not good thanks
Please accompany the training videos or pdf files to this address Bqrstyn
zakaria.raisi@yahoo.com
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

gouessej
Administrator
In reply to this post by BIS
You can use the screen captures and the text on my website, it gives an overview of what you have to do to work around this "security improvement".
Julien Gouesse | Personal blog | Website
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

gouessej
Administrator
In reply to this post by zakaria
zakaria wrote
I'll do everything I can jogl Zakaria Iran netbeans I install on me with a complete training videos help me
You should read the wiki:
http://jogamp.org/wiki/index.php/Setting_up_a_JogAmp_project_in_your_favorite_IDE#NetBeans_IDE
Julien Gouesse | Personal blog | Website
BIS
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

BIS
In reply to this post by gouessej
gouessej wrote
You can use the screen captures and the text on my website, it gives an overview of what you have to do to work around this "security improvement".

That's very generous of you! (I take it you're referring to this page ? And this picture? )
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

gouessej
Administrator
BIS wrote
gouessej wrote
You can use the screen captures and the text on my website, it gives an overview of what you have to do to work around this "security improvement".

That's very generous of you! (I take it you're referring to this page ? And this picture? )
Yes, you're welcome :)
Julien Gouesse | Personal blog | Website
BIS
Reply | Threaded
Open this post in threaded view
|

Re: Hosting custom signed set of Jars

BIS
<Monty Burns>


Eeexxxxcellent.


</Monty Burns>