1

I have created a java application and deploying it using java web start.Application is working fine till JDK 7u21. But after that I updated my jdk version to 7u45.Application is blocked due after throwing security exception of self signed.

After that I explore issue on different website they suggested to lower down the security level in Java Control Panel.But I don't like this solution as I don't want a work around but a complete solution.

After more exploration I found following method of adding following attribute to MANIFEST.MF

Application-Name: My App Name
Permissions: all-permissions
Codebase: *
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Trusted-Library: true

I have added all this using following command

jar uvmf abc.jar patch.txt

where patch.txt contains above attribute that I have to add to manifest.MF

As my application contains some of eclipse plugins so I deleted ECLIPSEF.SF and ECLIPSEF.RSA files and again signed all plugins using my certificate. But still I didn't get rid of error.I am getting following errors :

basic: Your security settings have blocked a self-signed application from running with an out-of-date or expired version of Java.

security: Trust for: http://192.15.23.6:8888/myapps/plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.1.0.v20100503.jar has ended: Thu Jan 01 05:30:00 IST 1970

Please suggest how to explore it at next step to remove errors.

Ajay Yadav
  • 1,625
  • 4
  • 19
  • 29
  • 1
    Some comments; 1. 7u45 is not the newest java version, you will run into further issues with latest version, 2. you need to set of permissions in the jnlp file matching the manifest of the main jar, 3. you say you want a complete solution instead of a work-around, then I suggest to get a real certificate instead of self-signing. See the following answer for details about self-signing: http://stackoverflow.com/questions/19481826/java-7u51-will-not-accept-jnlp-with-self-signed-certificate – Steinar May 26 '14 at 08:00
  • 1
    @Steinar : Thanx, In jnlp permission tag is already defined with all-permission value. Can't I do it without buying an external certificate ? – Ajay Yadav May 26 '14 at 08:36
  • Sure, you can still perform self-signing, but it won't be the same experience for your users, they will have to accept your application by performing some additional step (lowering security or trusting your app explicitly). I think the answer in the link in my previous comment does an excellent job of describing what the end-user needs to do in order to run a self-signed application. – Steinar May 26 '14 at 08:54
  • This [answer](http://stackoverflow.com/a/23588550/230513) outlines the user experience with a self-signed certificate. – trashgod May 27 '14 at 16:26

1 Answers1

0

I have found solution to my above problem by signing JNLP

refer to following thread https://community.oracle.com/thread/2593583?start=15&tstart=0

Now I have to do this for dynamic jnlp. A solution is already provided in this thread but I am not able to understand that how that happened and how to implement that solution.

Please guide.

Ajay Yadav
  • 1,625
  • 4
  • 19
  • 29