Posted by BIS on May 08, 2015; 7:44pm
URL: https://forum.jogamp.org/Hosting-custom-signed-set-of-Jars-tp4034457.html

I'm still working on resurrecting a set of old JOGL web start apps. I am at the point of adding jnlp files and jars to support JOGL to my web site, and I need to be pointed at the appropriate resources.

Steps I've taken so far -

1) Ported projects from JOGL 2.2.4 to 2.3.1.

2) Successfully built a simple do-nothing test app, modified it's manifest to accommodate all the new web-start security requirements, paired it with a JNLP file that also accommodates new security requirements, signed it with a trusted cert, and successfully deployed it to my site. (Note that this was a little tricky. As Julien had noted, there are a number of new attributes that have to be included in the manifest (Permissions, Application-Name and Codebase), and they (at least some) are apparently order-sensitive. Furthermore, if your app loads any resources, even from it's own signed jar, you also have to include the 'Trusted-Library' tag, the Permissions tag MUST be all-permissions (and the JNLP MUST match this), and the Trusted-Library tag has to follow the other three. (At least that was what I found.))

3) The apps used JavaHelp. In order to ease the transition as the security protocols tightened, Sun had made available an unsigned set of JavaHelp jars a few years back, with the intention that developers could sign them and put them on their servers. OK as far as it goes, but remember those additions the manifest now requires? Using 7-Zip, I drilled into the jhbasic.jar from the package, modified and saved it's manifest in situ, then signed the jar. Worked perfectly - the test app can now download the jhbasic.jar as an application extension from my server (had to modify the JavaHelp jar's JNLP to include the security tag) without any security warnings or prompts beyond the single one for the host app. (Runs with a JRE security setting of Very High with no problems.)

4) So. I am ready to perform the same operations on a set of JOGL jars and JNLP files. At one time, as I recall, there was an example that demonstrated hosting the entire set of JOGL jars and jnlp's on a user's server. There was one main jnlp that would identify the web browser's host OS and point it at the correct sub-jnlp, which would load the appropriate jars and/or host OS binaries.

Does that example still exist? Where? Is there a pre-built package, rev-specific (2.3.1), with JUST the jars and jnlp's I'd need to implement this sort of solution? Or do I need to download the jogamp-all package for that rev and go through it to extract the jars I'd need before modifying and signing them? (If that's the case, is there any documentation of the process, or a simple-to-follow procedure?)

Thanks in advance...