Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / August 2003

Tip: Looking for answers? Try searching our database.

Webstart Signing JARs

Thread view: 
Enable EMail AlertsStart New Thread
Kevin Munro - 07 Aug 2003 21:07 GMT
Hi, I'm using Webstart to deploy a java application from cd.  It looks
like I need my jar files to be signed otherwise I can't use this
deployment technology. It's an application rather than an applet so
doesn't need a browser. Can anyone point me in the right direction?
I'm new to Java.

Thanks, Kevin.
Reply to this Message
Roedy Green - 08 Aug 2003 00:17 GMT
> Can anyone point me in the right direction?
>I'm new to Java.

see http://mindprod.com/jgloss/jarsigner.html and follow the links.

It is actually quite trivial.
Create a phony cert using Keytool.  See
http://mindprod.com/jgloss/keytool or
buy one. See http://mindprod.com/jgloss/certificate.html

Then sign the jar with jarsigner. You have to write a JNLP file, but
other than that, it is no different from writing an application. You
don't have to put anything strange in your code.

see http://mindprod.com/jgloss/javawebstart.html

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Kevin Munro - 08 Aug 2003 09:34 GMT
Thanks for the info.  I'm still confused about this signing business.
The java application I'm deploying is contained in jar files and needs
access to read and write files.  I don't seem to be able to deploy
using web start unless I sign the jars.  Could I get away with a
phoney cert, maybe I need another installer that doesn't insist on
signed jars?

> > Can anyone point me in the right direction?
> >I'm new to Java.
[quoted text clipped - 11 lines]
>
> see http://mindprod.com/jgloss/javawebstart.html
Reply to this Message
Roedy Green - 09 Aug 2003 02:48 GMT
>Could I get away with a
>phoney cert, maybe I need another installer that doesn't insist on
>signed jars?

read the links, and also http://mindprod.com/jgloss/javawebstart.html

The main problem with a phony cert is if you are broadcasting to the
world at large and they may not trust your cert.  For a captive
audience they can install your phony cert or just say YES I trust you
anyway.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.