signed web start
When I run my application via web start I get...
"Unsigned application requesting unrestricted access to the system".
I have a jar file which is written as both an application and an applet. It is signed (just like the web start and applet documentation requires) using a thawte certificate and it verifies correctly.
Furthermore when I run it as an applet the plug-in sees that it is signed and allows me to ingonre the sandbox restrictions.
The JRE is 1.3.1 and a different application running via web start identifies the JRE as 1.3.1.
My application contains only one file: janitas.jar.
My JNLP file looks like...
<?xml version="1.0" encoding="UTF-8"?>
<!-- file janita.jnlp -->
<jnlp codebase="http://www.april.se/janita/jnlp" href="http://www.april.se/janita/jnlp/janita.jnlp">
<information>
<title>AniTa for the Web</title>
<vendor>Keith Barker</vendor>
<icon href="HelloJNLP.jpg"/>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.3+"/>
<jar href="janitas.jar"/>
</resources>
<application-desc main-class="janita"/>
</jnlp>
I would be very grateful for any hints, I have searched this forum, and found no problems that could be causing this.
The web server is on the internet. The address to run this application is:
http://www.april.se/janita/jnlp/janita.jnlp
The jar file is at:
http://www.april.se/janita/jnlp/janitas.jar
Thanx in advance,
Keith
OK I mananged to solve my problem. So for you who have the same problem here's what I did.
I went into the "Java Web Start Application Manager"
Then I selected my "signed" application
It showed up as an unsigned application (open padlock)
So I went into the "Application" menu and selected "Remove Application"
I went back to my web browser, clicked on my link, and hey-presto I loaded a signed jar.
Looking in the "Java Web Start Application Manager" again, my program now shows up as signed (closed padlock)
Good luck to you all
/Keith
I used netscape signtool to sign my jar for use with JWS (as mentioned elsewhere, this is a supported method of signing) using my Thawte cert.
When I check my jar with signtool it correctly shows that is is signed properly.
However in Java Web Start I get the message about an unsigned app trying to have unrestricted access.
I just checked the application manager as was mentioned in the above post, but the application shows the closed lock indicating that it is signed. I also tried changing the "root certificates" to each of the Thawte ca's but no luck.
Does anyone have any ideas? Am I best off to just use the jarsigner tool instead?
I've been been using a signed JAR with Web Start since JWS 0.5 beta. I too, had trouble early on. In my opinion, the whole Netscape/IE certificate architecture complicates things. VeriSign now has a "Sun Java Signing Digital ID" (and I believe Thawte has one of these as well). These Digital ID's are used in conjunction with the Sun JDK 1.3 "jarsigner" and "keytool" tools (no browser import/export involved). This link on Sun's site is very useful:
http://java.sun.com/docs/books/tutorial/security1.2/TOC.html#tool
I revoked my Netscape certificate and replaced it with one of
these new certs. I was up and running in no time. If you are
buying a new certificate, or can replace your old one with one
of these, it will save you a lot of time and frustration.
Mike
