 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / September 2006WebStart API development - bypass security
Have any of you done any amount of development using the webstart API? <http://java.sun.com/products/javawebstart/1.0.1/javadoc/index.html> (The FileService, ClipboardService, PersistenceService..) I have found the development cycle to be a PITA, and am looking for shortcuts. The basic problem is that in order to access any of the services, you cannot simply 'run your classes' in Java from the command line - even if you add the JWS jar to the classpath, the ServiceManager is not properly initialised, and ServiceManager.getServiceNames()* returns a 0 length array. * <http://java.sun.com/products/javawebstart/1.0.1/javadoc/javax/jnlp/ServiceManage r.html#getServiceNames()> When launching via webstart itself, the application/applet needs to be jar'd, and requires a JNLP file. Fortunately, you can then test it from the command line and local filesystem (avoiding the entire hassle of uploading it to a server configured to send the correct mime-type) by using the -codebase option on launch.. <http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/javaws.html#options> But.. I find that even using the sand-boxed (no need to sign the code) methods in one part of an application, I often need other parts of the application to have 'full access' (libraries and native libs etc.). To add code signing to that development test cycle is a killer, is there is any way to tell the javaws launcher (either via options, system configuration, or voodoo) to 'ignore all restrictions' and simply run test code as 'trusted'? Or is this a case of "(slap the OP) Use an advanced IDE with ANT and this is all easy"? Andrew T. for free code signing certificate check out http://www.cacert.org/ I believe for testing, you can sign your own applications, which results in a request for full system access when the code is first run. The screen that appears says something like, "we dont trust this person, so neither should you, but if you are foolish then click ok to allow them to give you a virus and destroy your your computer" done with jarsigner of course. Signing your code locally (by yourself, the untrusted source), will allow you to accept the hideous certificate mentioned above. But I dont think that there is a way to test it without signing your code in some way. Ant would be the way to go in my mind, if you felt up to it. But you could always just leave a command prompt open with all your build calls. good luck > Have any of you done any amount of development using > the webstart API? [quoted text clipped - 35 lines] > > Andrew T. > for free code signing certificate check out http://www.cacert.org/ > > I believe for testing, you can sign your own applications, which > results in a request for full system access when the code is first run. A self-signed certificate - that is what I am currently using (for both testing and later deployment), and exaclty I want to avoid *having* to do during *development*. Andrew T. > > for free code signing certificate check out http://www.cacert.org/ > > [quoted text clipped - 6 lines] > > Andrew T. I dont think that sun would allow that. Since a developer could potentially release something to the public that was not signed, starting with the command line code allowing full access to the machine.. Java is a pain with security. But its probably a good move on their end. > I have found the development cycle to be a PITA, and am > looking for shortcuts. ... > Or is this a case of > "(slap the OP) Use an advanced IDE with ANT and this is all easy"? You don't necessarily need to use an IDE, but Ant would probably make things easier (there's a built-in task for signing jars: http://ant.apache.org/manual/CoreTasks/signjar.html). How do you do the build currently? I'm a big advocate of always having an automated, single-step build process. It doesn't really matter whether that's achieved with Ant, Maven, Make or some home-grown scripts. Once you have to execute more than one command to do a build there's a chance of messing things up. Dan.  SignatureDaniel Dyer http://www.uncommons.org > > I have found the development cycle to be a PITA, and am > > looking for shortcuts. [quoted text clipped - 6 lines] > http://ant.apache.org/manual/CoreTasks/signjar.html). How do you do the > build currently? <whispers>command line based .bat files.</whispers> > I'm a big advocate of always having an automated, single-step build > process. It doesn't really matter whether that's achieved with Ant, > Maven, Make or some home-grown scripts. Once you have to execute more > than one command to do a build there's a chance of messing things up. Yeah, thanks. I think I just needed to hear it. I wish I could figure how to run Ant from the command line, I'll need to hit the docs. (I have two "powerful IDE's" installed, both of which can run Ant scripts, but one is utterly broken - never starts up, the other broke when settings were overwritten during a 1.2 install the other night.. long story..) Andrew T. > > On Sat, 30 Sep 2006 04:45:30 +0100, Andrew Thompson ... > > > "(slap the OP) Use an advanced IDE with ANT and this is all easy"? > > > > You don't necessarily need to use an IDE, but Ant would probably make > > things easier (there's a built-in task for signing jars: ... > I wish I could figure how to run Ant from the command line, > I'll need to hit the docs. (a short time later...) C:\Documents and Settings\Administrator>ant Buildfile: build.xml does not exist! Build failed ...Woo-Hoo! :-) That's progress, from.. C:\Documents and Settings\Administrator>ant 'ant' is not recognized as an internal or external command, operable program or batch file. Andrew T. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.