2

I have a JNLP/Web Start application on a secure apache http server (no Tomcat - do I need it?). It has been signed with the free keystore I generated by java. When I launch it, I get the following error:

For security, applications must now meet the requirements for the High or Very High security settings, or be part of the Exception Site List, to be allowed to run.

I have added the location to the Exception Site List (with a trailing slash to include all subdirectories and files) but I continue to get this error.

Of course it won't work in Chrome. I have tried launching the jnlp file from the command line, the URL from Firefox and Internet Explorer and they all give me the same error.

I have obtained a certificate and signed my jar file. I have run jarsigner -verify on the jar file and everything looks in order (but I am not sure what I am looking for):

 jarsigner -verify -verbose -keystore garageMonitor.jks ../GarageMonitorFinder.jar

s k     1561 Fri Oct 09 18:19:48 UTC 2015 META-INF/MANIFEST.MF
        1425 Fri Oct 09 18:19:50 UTC 2015 META-INF/8D95B904.SF
        8149 Fri Oct 09 18:19:50 UTC 2015 META-INF/8D95B904.RSA
           0 Fri Oct 09 14:13:14 UTC 2015 META-INF/
           0 Fri Oct 09 14:13:14 UTC 2015 com/
           0 Fri Oct 09 14:13:14 UTC 2015 com/thompco/
           0 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/
smk      107 Fri Oct 09 14:13:12 UTC 2015 META-INF/INDEX.LIST
smk     1128 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitor.class
smk     2320 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorBroadcastClient.class
smk     3631 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorFinder.class
smk      903 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui$1.class
smk      903 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui$2.class
smk      903 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui$3.class
smk      822 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui$4$1.class
smk      954 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui$4.class
smk     8192 Fri Oct 09 14:13:14 UTC 2015 com/thompco/garagemonitor/GarageMonitorGui.class

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

When I try to run the jnlp file, I still get the aforementioned error. Is there any way to trouble-shoot this?

Is there anyway to trouble-shoot/debug this?

jordanthompson
  • 888
  • 1
  • 12
  • 29
  • I accessed the same URL (and JNLP file) from firefox on a Debian system and it worked fine, so the problem is definitely with Windows, but I can't figure out what I am doing wrong in my configuration. – jordanthompson Oct 06 '15 at 12:32
  • I tried down-grading my windows version of java to match the one one on Debian, but it still does not work. – jordanthompson Oct 06 '15 at 18:54
  • So I may have found some issues in my manifest (codebase was incorrect, etc) but after making the changes, I am seeing the same problems. Any suggestions where to look would be great. – jordanthompson Oct 10 '15 at 03:58
  • OK, after pulling the remainder of my hair out, I stumbled on a thread. Turns out if you go to your java control panel and settings... uncheck 'Keep temporary internet files on my computer'. Apply changes, restart your browser and try again your it worked if you run it from the command line... BUT, if you try it from the web hosted location, it does not. In fact, now that I have tried it again, it doesn't even work from the command line anymore :-( – jordanthompson Oct 10 '15 at 04:17

2 Answers2

2

OK, after pulling the remainder of my hair out, I stumbled on this thread. Turns out you:

go to your java control panel and settings... uncheck 'Keep temporary internet files on my computer'. Apply changes and try again your .jnlp

it works! Well it did. Once.

I subsequently found this EXTREMELY useful JNLP debugger from Andrew Thompson (no relation) called JaNeLa. The website it was originally hosted is down, but AlBundy (and we thought he was just a shoe salesman) put it on github here Turns out it is extremely easy to use: Just run the jar and point it at the URL or file (URL is better.)

Community
  • 1
  • 1
jordanthompson
  • 888
  • 1
  • 12
  • 29
1

For me, after moving to Java 8, I saw this same error. The solution for me was to add:

Permissions: all-permissions

to the jar manifest. For more information, see this oracle blog and info on the Permissions Attribute. (It seems as if Permissions attribute was needed with Java 7, but it didn't become an issue for me until I started using Java 8.)

Marnee
  • 370
  • 1
  • 4
  • 15