在签订一个JNLP摆脱安全警告 [英] Signing a jnlp in order to get rid of the Security Warning
问题描述
我在哪里JNLP文件用于启动摆动基于Web的Java应用程序的公司开发。它有大量被下载到客户端的JVM缓存罐子。当我将JVM更新到当前的最新版本(版本1.7.0_45-B18)我开始看到下面当我尝试运行JNLP文件安全警告:
I am developing at a company where a jnlp file is used to start a swing web based java application. It has plenty of jars that are downloaded to the client's jvm cache. When I updated my jvm to its currently latest version (build 1.7.0_45-b18) I started seeing the security warning below when I try to run the jnlp file:
在我看到这个错误,阅读这篇文章,大约从甲骨文网站签约的JNLP文件(签名JNLP文件)
然后我说三件事情到项目:
After I saw this error and read this article about signing jnlp files from oracle site( Signing JNLP files) then I added three things to the project:
- A JNLP-INF 文件夹包含 APPLICATION.JNLP 文件转换成不同的第三方的人我所有的罐子。
- 签署所有这些罐子用我自己的公司的数字证书密钥库+捆绑
- 通过Java控制面板导入数字证书到JVM的我的可信CA证书。
- A JNLP-INF folder including an APPLICATION.JNLP file into all my jars except third party ones.
- Signing all those jars with the digital certificate+keystore bundle of my own company
- Importing the digital certificate into my trusted Ca certificates of jvm via java control panel.
在我做了上述变化,并试图新的罐子部署后运行JNLP文件,我得到了以下安全警告消息从JVM:
After I did the changes above and tried to run the jnlp file after deployment of new jars I got the following Security warning message from jvm:
正如你可以看到安全警告的严重级别更改为一个更温馨的水平,现在出版商的名称不是unknown.It是从证书的名称。即使该警告的水平降低它仍然是一个警告,我不希望我的最终用户看到这个每次。我怎样才能解决这个问题?
As you can see the Security Warning's severity level is changed to a more welcoming level and now the publisher's name is not unknown.It is the name from the certificate. Even if the warning's level is decreased it is still a warning and I dont want my end users to see this everytime. How can I solve this problem?
- 我应该尝试登入所有第三方jar文件呢?如果是的话我怎么能与Ant命令呢?我怎样才能提取第三方罐子,它通过使用Ant添加JNLP-INF文件夹,然后重新包装它作为一个罐子?
- 我应该还签署最后的所有MyApplication 的的.ear在it.This耳朵文件JNLP-INF子文件部署到JBoss服务器?
- 我应该添加一些额外的线路到我的META-INF /清单文件的罐子?
- 我应该期待甲骨文阻止我的应用程序与这个级别的警告呢?在JVM上运行
- Should I try to sign all third part jars as well? If so how can I do it with an Ant command? How can I extract a third party jar and add the JNLP-INF folder in it and then repack it as a jar by using Ant?
- Should I also sign the final myapplication.ear file with a JNLP-INF subfolder in it.This ear file is deployed to jboss server?
- Should I add some extra lines to my META-INF/MANIFEST files in jars?
- Should I be expecting oracle to block my application to run on jvm with this level of warning?
我的JNLP文件是这样的文字:
My JNLP file is this text:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0+" codebase="http://10.100.10.9/ikarusdelhitest/" href="ikarus.jnlp">
<information>
<title>Ikarus</title>
<vendor>My Company name</vendor>
<homepage href="http://www.mycompanyname.com" />
<description>My jnlp triggered web based enterprise software</description>
<icon href="ikarus.ico" />
<offline-allowed />
</information>
<security>
<all-permissions />
</security>
<resources>
<j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se"
java-vm-args="-Xnoclassgc -Xincgc -client -XX:DefaultMaxRAM=208M -Xms64M -Xmx256M -XX:PermSize=32M -XX:MaxPermSize=128M -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=50" />
<jar href="jars/ikarus/ikarusClient.jar" />
<jar href="jars/ikarus/ikarusDelegators.jar" />
<jar href="jars/ikarus/clientRules.jar" />
<jar href="jars/ikarus/ruleImps.jar" />
<jar href="jars/ikarus/ikarusUtil.jar" />
<jar href="jars/ikarus/ikarusResources.jar" />
<jar href="jars/ikarus/domain.jar" />
<jar href="jars/ikarus/domain_repository.jar" />
<jar href="jars/ikarus/domain_service.jar" />
<jar href="jars/ikarus/app_repository.jar" />
<jar href="jars/ikarus/app_service.jar" />
<jar href="jars/ikarus/infrastructure.jar" />
<jar href="jars/ikarus/integration_domain.jar" />
<jar href="jars/jboss_ejb_auth/ejb3-persistence.jar" />
<jar href="jars/jboss_ejb_auth/jboss-ejb3x.jar" />
<jar href="jars/jboss_ejb_auth/jbossall-client.jar" />
<jar href="jars/jasper/commons-beanutils-1.8.0.jar" />
<jar href="jars/jasper/commons-collections-3.2.1.jar" />
<jar href="jars/jasper/commons-digester-1.7.jar" />
<jar href="jars/jasper/commons-logging-1.1.jar" />
<jar href="jars/jasper/iText-2.1.0.jar" />
<jar href="jars/jasper/jasperreports-3.6.0.jar" />
<jar href="jars/jasper/poi-3.2-FINAL-20081019.jar" />
<property name="jnlp.localization" value="Delhi"/>
</resources>
<application-desc main-class="com.celebi.ikarus.main.Ikarus" />
任何帮助的感谢/评论/头脑风暴。
Thanks for any help/comment/brain storming.
推荐答案
该JNLP似乎需要,因为的Java VM-args来签署
但要意识到大部分内存相关的选项可以用的方式,以使JNLP做指定的不的需要签名。我建议你尝试这种方式来代替。
This JNLP seems to need signing because of java-vm-args
but realize that most of the memory related options can be specified in a way so that the JNLP does not need to be signed. I recommend you try that way instead.
这篇关于在签订一个JNLP摆脱安全警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!