How to prevent loading of unsigned jars?

Question

In my application, noticed that among signed jar files even unsigned jar file are also getting loaded while invoke application, so to ensure the security i need guidance to prevent loading of any unsigned jars

EDIT:

How to identify / retrieve the Jar signature using ClassLoader

@user2310289 Standalone java application launch through jnlp — Jeevanantham, Oct 11 '13 at 07:10

score 1 · Answer 1 · edited May 23 '17 at 12:21

1

You might be able to achieve this using the all-permissions element in your jnlp file.

<security>
  <all-permissions/>
</security>

see http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/syntax.html and Is it possible to use jnlp without signing the jars?

Hope it helps.

edited May 23 '17 at 12:21

Community

1
1

answered Oct 11 '13 at 07:42

krishnakumarp

8,967
3
49
55

my jnlp already having this element, but application still allows to load unsigned jars , this is not working – Jeevanantham Oct 11 '13 at 08:51

score 0 · Answer 2 · answered Oct 11 '13 at 07:12

0

One solution is to create a custom version of JarClassLoader which will check jars signatures.

answered Oct 11 '13 at 07:12

Evgeniy Dorofeev

133,369
30
199
275

score 0 · Accepted Answer · edited May 23 '17 at 12:28

0

We can use jarverifier in the link, to check whether the jar has completely signed not and at the same time it can be used to verify the certificate of jar file.

edited May 23 '17 at 12:28

Community

1
1

answered Oct 15 '13 at 06:03

Jeevanantham

984
3
19
48

How to prevent loading of unsigned jars?

3 Answers3