在签订一个JNLP摆脱安全警告 [英] Signing a jnlp in order to get rid of the Security Warning

问题描述

我在哪里JNLP文件用于启动摆动基于Web的Java应用程序的公司开发。它有大量被下载到客户端的JVM缓存罐子。当我将JVM更新到当前的最新版本（版本1.7.0_45-B18）我开始看到下面当我尝试运行JNLP文件安全警告：

I am developing at a company where a jnlp file is used to start a swing web based java application. It has plenty of jars that are downloaded to the client's jvm cache. When I updated my jvm to its currently latest version (build 1.7.0_45-b18) I started seeing the security warning below when I try to run the jnlp file:

在我看到这个错误，阅读这篇文章，大约从甲骨文网站签约的JNLP文件（签名JNLP文件）
然后我说三件事情到项目：

After I saw this error and read this article about signing jnlp files from oracle site( Signing JNLP files) then I added three things to the project:

1. A JNLP-INF 文件夹包含 APPLICATION.JNLP 文件转换成不同的第三方的人我所有的罐子。


2. 签署所有这些罐子用我自己的公司的数字证书密钥库+捆绑


3. 通过Java控制面板导入数字证书到JVM的我的可信CA证书。

1. A JNLP-INF folder including an APPLICATION.JNLP file into all my jars except third party ones.
2. Signing all those jars with the digital certificate+keystore bundle of my own company
3. Importing the digital certificate into my trusted Ca certificates of jvm via java control panel.

在我做了上述变化，并试图新的罐子部署后运行JNLP文件，我得到了以下安全警告消息从JVM：

After I did the changes above and tried to run the jnlp file after deployment of new jars I got the following Security warning message from jvm:

正如你可以看到安全警告的严重级别更改为一个更温馨的水平，现在出版商的名称不是unknown.It是从证书的名称。即使该警告的水平降低它仍然是一个警告，我不希望我的最终用户看到这个每次。我怎样才能解决这个问题？

As you can see the Security Warning's severity level is changed to a more welcoming level and now the publisher's name is not unknown.It is the name from the certificate. Even if the warning's level is decreased it is still a warning and I dont want my end users to see this everytime. How can I solve this problem?

1. 我应该尝试登入所有第三方jar文件呢？如果是的话我怎么能与Ant命令呢？我怎样才能提取第三方罐子，它通过使用Ant添加JNLP-INF文件夹，然后重新包装它作为一个罐子？


2. 我应该还签署最后的所有MyApplication 的的.ear在it.This耳朵文件JNLP-INF子文件部署到JBoss服务器？


3. 我应该添加一些额外的线路到我的META-INF /清单文件的罐子？


4. 我应该期待甲骨文阻止我的应用程序与这个级别的警告呢？在JVM上运行

1. Should I try to sign all third part jars as well? If so how can I do it with an Ant command? How can I extract a third party jar and add the JNLP-INF folder in it and then repack it as a jar by using Ant?
2. Should I also sign the final myapplication.ear file with a JNLP-INF subfolder in it.This ear file is deployed to jboss server?
3. Should I add some extra lines to my META-INF/MANIFEST files in jars?
4. Should I be expecting oracle to block my application to run on jvm with this level of warning?

我的JNLP文件是这样的文字：

My JNLP file is this text:

<?xml version="1.0" encoding="utf-8"?>
    <jnlp spec="1.0+" codebase="http://10.100.10.9/ikarusdelhitest/" href="ikarus.jnlp">
<information>
    <title>Ikarus</title>
    <vendor>My Company name</vendor>
    <homepage href="http://www.mycompanyname.com" />
    <description>My jnlp triggered web based enterprise software</description>
    <icon href="ikarus.ico" />
    <offline-allowed />
</information>
<security>
    <all-permissions />
</security>
<resources>
    <j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se"
        java-vm-args="-Xnoclassgc -Xincgc -client -XX:DefaultMaxRAM=208M -Xms64M -Xmx256M -XX:PermSize=32M -XX:MaxPermSize=128M -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=50" />
    <jar href="jars/ikarus/ikarusClient.jar" />
    <jar href="jars/ikarus/ikarusDelegators.jar" />
    <jar href="jars/ikarus/clientRules.jar" />
    <jar href="jars/ikarus/ruleImps.jar" />
    <jar href="jars/ikarus/ikarusUtil.jar" />
    <jar href="jars/ikarus/ikarusResources.jar" />
    <jar href="jars/ikarus/domain.jar" />
    <jar href="jars/ikarus/domain_repository.jar" />
    <jar href="jars/ikarus/domain_service.jar" />
    <jar href="jars/ikarus/app_repository.jar" />
    <jar href="jars/ikarus/app_service.jar" />
    <jar href="jars/ikarus/infrastructure.jar" />
    <jar href="jars/ikarus/integration_domain.jar" />
    <jar href="jars/jboss_ejb_auth/ejb3-persistence.jar" />
    <jar href="jars/jboss_ejb_auth/jboss-ejb3x.jar" />
    <jar href="jars/jboss_ejb_auth/jbossall-client.jar" />
    <jar href="jars/jasper/commons-beanutils-1.8.0.jar" />
    <jar href="jars/jasper/commons-collections-3.2.1.jar" />
    <jar href="jars/jasper/commons-digester-1.7.jar" />
    <jar href="jars/jasper/commons-logging-1.1.jar" />
    <jar href="jars/jasper/iText-2.1.0.jar" />
    <jar href="jars/jasper/jasperreports-3.6.0.jar" />
    <jar href="jars/jasper/poi-3.2-FINAL-20081019.jar" />
    <property name="jnlp.localization" value="Delhi"/>
</resources>
<application-desc main-class="com.celebi.ikarus.main.Ikarus" />

任何帮助的感谢/评论/头脑风暴。

Thanks for any help/comment/brain storming.

推荐答案

该JNLP似乎需要，因为的Java VM-args来签署但要意识到大部分内存相关的选项可以用的方式，以使JNLP做指定的不的需要签名。我建议你​​尝试这种方式来代替。

This JNLP seems to need signing because of java-vm-args but realize that most of the memory related options can be specified in a way so that the JNLP does not need to be signed. I recommend you try that way instead.

这篇关于在签订一个JNLP摆脱安全警告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！