3 Replies Latest reply on Oct 9, 2003 2:37 AM by didi1976

    Deploying JB CLient JAR's through Java WebStart - security e

    gurka

      Hi.

      Trying to deploy a swing app with Java WebStart 1.4.2 and the JBoss /client JARs. I get the following error:

      - Unsigned Applicaiton requesting unrestricted access to the system.
      - Unsigned Resource: http://localhost:8080/jws/apps/jboss_libs/log4j.jar

      Does this mean that the log4j.jar file is unsigned in the distribution of JBoss (using 3.2.2RC3)?

      If i disable unrestricted access for the app within the JNLP declaraiton, I get an error on the following call in the java code:
      System.setProperty(Context.PROVIDER_URL,sAppServer);

      The exception thrown is:
      java.security.AccessControlException: access denied (java.util.PropertyPermission java.naming.provider.url write)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.System.setProperty(Unknown Source)

      Can anyone offer any help or ideas on what I can do here?

      - We will be signing our applicaiton JAR's with the corporate certificate.
      - I can add security certificates into the Java WebStart application - but I would also need to add the certificates for the JBoss JARs. Is there such a certificate?

      Thanks in advance for any help you can provide.

        • 1. Re: Deploying JB CLient JAR's through Java WebStart - securi
          didi1976

          Hi!

          We have just signed log4j.jar and jbossall-client.jar like our jar-files with our certificate.

          Didi

          • 2. Re: Deploying JB CLient JAR's through Java WebStart - securi
            gurka

            I did the same. The problem ended up being that 3 of the JAR's are actualy signed by Sun, and as such must be in their own JNLP file and included into the main applicaiton JNLP using the tag as follows:
            extension name="Sun/JBoss Client Libraries" ref="sun.jnlp" />

            The jar's needed in this package are
            - jcert.jar
            - jnet.jar
            - jsse.jar

            The remainder of the JBoss/client JARs are unsigned, and I had to end up signing them with our own certificate in order to allow the app to use the "<all-permissions/>" security tag.

            So all in all, I ended up with 3 JNLPs:
            1 - main jnlp with ref's to my app's JARs plus 2 references to the external JNLPs.
            2 - Sun JNLP for the 3 JARs signed by Sun.
            3 - JBoss client JARs signed by us.

            • 3. Re: Deploying JB CLient JAR's through Java WebStart - securi
              didi1976

              Hi,

              you have to split up the jnlp file into several different according to their signing. Below is an example for a Client with JavaHelp and JBoss:

              yourclient.jnlp:
              <?xml version="1.0" encoding="utf-8"?>


              ...


              <all-permissions/>


              <j2se version="1.4+" />






              <application-desc main-class="YourClient"/>



              jh.jnlp:
              <?xml version="1.0" encoding="utf-8"?>


              JavaHelp
              SUN

              SUN JavaHelp
              JavaHelp
              <!-- -->
              <!-- -->
              <offline-allowed/>


              <all-permissions/>


              <j2se version="1.4+"/>


              <component-desc/>


              jbossclient.jnlp:
              <?xml version="1.0" encoding="utf-8"?>


              JBoss Client Library
              JBoss.org

              JBoss Client Library
              JBoss Client Library


              <all-permissions/>


              <j2se version="1.4+"/>



              <component-desc/>



              Hope that helps,
              Didi