Ok. Just a thought
Sent from Samsung Mobile -------- Original message -------- From: Cesar Souza <ce...@animati.com.br> Date: 17/10/2013 16:51 (GMT+02:00) To: users@felix.apache.org Subject: Re: Security Warning: Felix with Java Web Start but I developed other application that runs with no warning and I didn't sign the jnlp file. the jnlp specification says that is not mandatory to sign the file. JavaTM Network Launching Protocol & API Specification (JSR-56) Version 7.0 "A JNLP file can optionally be signed. A JNLP Client must check if a signed version of the JNLP file or JNLP template exist, and if so, verify that at least one of them match the JNLP file that is used to launch the application." On Thu, Oct 17, 2013 at 9:49 AM, Rob Walker <r...@ascert.com> wrote: > Yep - I think using app arguments is probably what let you start the app. > > I suspect the fact that you aren't signing the JNLP could account for why > you are seeing the warning. > > It was a pain when Sun introduced the need to sign JNLPs - there was a > security hole they needed to close, but it made it very difficult to do any > kind of dynamic handling with them. > > -- Rob > > > On 17/10/2013 2:46 PM, Cesar Souza wrote: >> >> hi Rob >> >> I am not signing the JNLP file. >> But now all the properties are in application's arguments: >> >> >> https://github.com/nroduit/weasis-pacs-connector/blob/master/src/main/resources/weasis-jnlp-default.xml >> >> On Wed, Oct 16, 2013 at 4:36 PM, Rob Walker <r...@ascert.com> wrote: >>> >>> Are you signing your JNLP file? >>> >>> If not, use of properties may have something to do with your problem: >>> >>> >>> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/signedJNLP.html >>> >>> -- Rob >>> >>> >>> On 16/10/2013 9:21 PM, Cesar Souza wrote: >>>> >>>> now the application is working again in Java 7u45, but the warning >>>> still appearing. >>>> >>>> before the jnlp code was: >>>> >>>> <resources> >>>> <property name="felix.config.properties" >>>> value="conf/config.properties" /> >>>> <property name="gosh.args" value="-sc telnetd -p 17179 start" /> >>>> </resources> >>>> >>>> we change it to: >>>> >>>> <application-desc main-class="...WebstartLauncher"> >>>> >>>> >>>> <argument>-VMPfelix.config.properties="conf/config.properties"</argument> >>>> <argument>-VMPgosh.args="-sc telnetd -p 17179 start"</argument> >>>> </application-desc> >>>> >>>> the whole project is here: >>>> >>>> http://www.dcm4che.org/confluence/display/WEA/Building+Weasis+from+source >>>> >>>> On Wed, Oct 16, 2013 at 10:25 AM, Karl Pauls <karlpa...@gmail.com> >>>> wrote: >>>>> >>>>> Alternatively, can you try to get me more information about what is >>>>> failing >>>>> exactly? >>>>> >>>>> regards, >>>>> >>>>> Karl >>>>> >>>>> >>>>> On Wed, Oct 16, 2013 at 2:40 PM, Karl Pauls <karlpa...@gmail.com> >>>>> wrote: >>>>> >>>>>> it would be really helpful if you could provide me with a failing toy >>>>>> example... >>>>>> >>>>>> regards, >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> On Wed, Oct 16, 2013 at 2:37 PM, Cesar Souza <ce...@animati.com.br> >>>>>> wrote: >>>>>> >>>>>>> Hi guys >>>>>>> >>>>>>> We are facing a big problem, our software cannot run under Java 7 >>>>>>> update 45 due to the problem that I reported here. >>>>>>> Please, can you raise the priority of the issue on Jira ? >>>>>>> >>>>>>> On Fri, Oct 11, 2013 at 4:00 PM, Rob Walker <r...@ascert.com> wrote: >>>>>>>> >>>>>>>> Will def update the issue with anything I find. >>>>>>>> Our examples are anything but small though - very hard to split >>>>>>>> stuff >>>>>>> >>>>>>> out, 40+ bundles and a ton of our own app code plus off the shelf >>>>>>> libs. >>>>>>>> >>>>>>>> Will report back with findings though! >>>>>>>> - Rob >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>> >>>>>>>> From: "Cesar Souza" <ce...@animati.com.br> >>>>>>>> To: users@felix.apache.org >>>>>>>> Sent: Friday, 11 October, 2013 8:55:50 PM >>>>>>>> Subject: Re: Security Warning: Felix with Java Web Start >>>>>>>> >>>>>>>> Thanks, Rob >>>>>>>> >>>>>>>> If you have a small example, please attach it to the Jira issue that >>>>>>>> I've just created. >>>>>>>> >>>>>>>> https://issues.apache.org/jira/browse/FELIX-4281 >>>>>>>> >>>>>>>> On Fri, Oct 11, 2013 at 3:42 PM, Rob Walker <r...@ascert.com> wrote: >>>>>>>>> >>>>>>>>> I have J7u40, but I haven't tested the WebStart aspect since >>>>>>>>> updating. >>>>>>> >>>>>>> Quite possible it will hit the same problem, saw the warnings in the >>>>>>> release notes. Will give it a try next week if I get a chance and >>>>>>> report >>>>>>> back >>>>>>>>> >>>>>>>>> - Rob >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>> >>>>>>>>> From: "Cesar Souza" <ce...@animati.com.br> >>>>>>>>> To: users@felix.apache.org >>>>>>>>> Sent: Friday, 11 October, 2013 6:52:26 PM >>>>>>>>> Subject: Re: Security Warning: Felix with Java Web Start >>>>>>>>> >>>>>>>>> Hi Rob >>>>>>>>> >>>>>>>>> I have already verified all jars in my application. >>>>>>>>> Are you using the Java 7 update 40 with your web start application >>>>>>>>> ?? >>>>>>>>> >>>>>>>>> Is there a way to turn on the debug log in Felix? >>>>>>>>> Maybe I can see what resource is causing the security warning. >>>>>>>>> >>>>>>>>> On Fri, Oct 11, 2013 at 2:26 AM, Rob Walker <r...@ascert.com> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> That seems to imply at least one of the JARs or bundles being >>>>>>>>>> loaded >>>>>>> >>>>>>> isn't >>>>>>>>>> >>>>>>>>>> signed - probably worth a re-check on all JARs to make sure >>>>>>> >>>>>>> everything is >>>>>>>>>> >>>>>>>>>> signed. >>>>>>>>>> >>>>>>>>>> We also use a launcher, and WebStart Felix. Our production build >>>>>>>>>> we >>>>>>> >>>>>>> signs >>>>>>>>>> >>>>>>>>>> everything and we don't see that message - but in development, >>>>>>>>>> where >>>>>>> >>>>>>> we >>>>>>>>>> >>>>>>>>>> don't sign, we do get it. >>>>>>>>>> >>>>>>>>>> I think I remember reading the latest Java versions are >>>>>>>>>> progressively >>>>>>>>>> locking down the running of unsigned JARs, which is causing some >>>>>>>>>> controversy. >>>>>>>>>> >>>>>>>>>> -- Rob >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 10/10/2013 9:37 PM, Cesar Souza wrote: >>>>>>>>>>> >>>>>>>>>>> Hi >>>>>>>>>>> >>>>>>>>>>> I have a valid certificate and I already successfully signed a >>>>>>>>>>> Java >>>>>>>>>>> Web Start application. So, there is no problem with the >>>>>>>>>>> certificate >>>>>>> >>>>>>> or >>>>>>>>>>> >>>>>>>>>>> the process to sign my applications. >>>>>>>>>>> But now I am trying to sign another application that uses Felix. >>>>>>> >>>>>>> There >>>>>>>>>>> >>>>>>>>>>> is a launcher and all the libraries are in a remote directory, >>>>>>>>>>> all >>>>>>>>>>> them signed, accessed through a web server. >>>>>>>>>>> When I launch the application everything is OK until the >>>>>>>>>>> execution >>>>>>>>>>> of >>>>>>>>>>> the Felix's init method. In this moment a dialog appears and show >>>>>>>>>>> the >>>>>>>>>>> following message: >>>>>>>>>>> ----------------------------------- >>>>>>>>>>> "Security Warning >>>>>>>>>>> >>>>>>>>>>> Do you want to run this application? >>>>>>>>>>> An unsigned application from the location below is requesting >>>>>>> >>>>>>> permission >>>>>>>>>>> >>>>>>>>>>> to run. >>>>>>>>>>> >>>>>>>>>>> Running unsigned applications like this will be blocked in a >>>>>>>>>>> future >>>>>>>>>>> release because it is potentially unsafe and a security risk." >>>>>>>>>>> ----------------------------------- >>>>>>>>>>> >>>>>>>>>>> Is this a Felix's security problem ? >>>>>>>>>>> Thanks for helping me. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>>>>>>>>>> For additional commands, e-mail: users-h...@felix.apache.org >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ascert - Taking systems to the edge >>>>>>>>>> r...@ascert.com >>>>>>>>>> +27 21 300 2028 ext 5119 >>>>>>>>>> www.ascert.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>>>>>>>>> For additional commands, e-mail: users-h...@felix.apache.org >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> atenciosamente, >>>>>>>>> Cesar Souza >>>>>>>>> >>>>>>>>> Animati Computação Aplicada >>>>>>>>> Santa Maria, RS - (55) 3286 4010 >>>>>>>>> http://animati.com.br >>>>>>>>> >>>>>>>>> >>>>>>>>> --------------------------------------------------------------------- >>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>>>>>>>> For additional commands, e-mail: users-h...@felix.apache.org >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> atenciosamente, >>>>>>>> Cesar Souza >>>>>>>> >>>>>>>> Animati Computação Aplicada >>>>>>>> Santa Maria, RS - (55) 3286 4010 >>>>>>>> http://animati.com.br >>>>>>>> >>>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>>>>>>> For additional commands, e-mail: users-h...@felix.apache.org >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> atenciosamente, >>>>>>> Cesar Souza >>>>>>> >>>>>>> Animati Computação Aplicada >>>>>>> Santa Maria, RS - (55) 3286 4010 >>>>>>> http://animati.com.br >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>>>>>> For additional commands, e-mail: users-h...@felix.apache.org >>>>>>> >>>>>>> >>>>>> -- >>>>>> Karl Pauls >>>>>> karlpa...@gmail.com >>>>>> http://twitter.com/karlpauls >>>>>> http://www.linkedin.com/in/karlpauls >>>>>> https://profiles.google.com/karlpauls >>>>>> >>>>> >>>>> -- >>>>> Karl Pauls >>>>> karlpa...@gmail.com >>>>> http://twitter.com/karlpauls >>>>> http://www.linkedin.com/in/karlpauls >>>>> https://profiles.google.com/karlpauls >>>> >>>> >>>> >>> -- >>> >>> >>> Ascert - Taking systems to the edge >>> r...@ascert.com >>> +27 21 300 2028 ext 5119 >>> www.ascert.com >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org >>> For additional commands, e-mail: users-h...@felix.apache.org >>> >> >> > > -- > > > Ascert - Taking systems to the edge > r...@ascert.com > +27 21 300 2028 ext 5119 > www.ascert.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@felix.apache.org > For additional commands, e-mail: users-h...@felix.apache.org > -- atenciosamente, Cesar Souza Animati Computação Aplicada Santa Maria, RS - (55) 3286 4010 http://animati.com.br --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@felix.apache.org For additional commands, e-mail: users-h...@felix.apache.org
