• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Web Start & distribution question

 
Burk Hufnagel
Ranch Hand
Posts: 814
3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One of my cohorts was trying to use Web Starts to set up an internal utility application. He was having a difficult time and told me the problem was that all the JAR files had to be signed with the same digital signature.
The issue was that he was using some third-party JAR files and they had a "bad CRC" (or something similar) so the only way he could sign them was to unjar each file then rejar it (essentially creating a new JAR file with a good CRC) then sign the new JAR.
Is this a reasonable thing? Seems to me that most people wouldn't put up with this kind of a restriction. I'm guessing there must be a better way and I'm hoping someone here knows it.
If so, please chime in!
Thanks,
Burk
 
Hema Menon
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Java webstart uses the same sandbox security model similar to the applets. If your application requires unrestricted access to the local systems, the jars needs to be signed. And all the jars will have be signed with the same signature.
 
mukund kulkarni
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
YA!
I had also the same problem with the third party jars.
And the only way is to unjar each file then rejar it (essentially creating a new JAR file with a good CRC) then sign the new JAR.
As JWS is new technology nad it requires that all the jars to be signed (if you have mentioned all-permissions) third party vendors need to take care of these issues in their further releases.
 
Burk Hufnagel
Ranch Hand
Posts: 814
3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ick. Okay, I understand the security issue, but I don't have to like it.
There's got to be a better way than this, don't you think?
It's one thing for an applet but if you're installing an application then it really doesn't make sense to me that each application will have it's own copy of a popular 3rd party JAR file.
I'll say it again, there's got to be a better way!
 
Hema Menon
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Straight from Java Webstart home FAQ,
How do I use JAR files that are signed by different certificates?
Check it out at
http://java.sun.com/products/javawebstart/faq.html#72
 
Burk Hufnagel
Ranch Hand
Posts: 814
3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Interesting... If I read that right, you can essentially have an XML based #include of another JNLP file. (Guess I'm showing my C-based roots.)
Thanks for the info - I'll pass it along.
Burk
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic