Re: Signing JARs for Java cleint
Re: Signing JARs for Java cleint
- Subject: Re: Signing JARs for Java cleint
- From: Cliff Tuel <email@hidden>
- Date: Thu, 06 Mar 2003 16:09:40 -0800
> What can I do short of extracting all files from Apple's JAR and recreating it
> with my own signature?
*** Solution 1 ***
This solution shows how to re-sign wojavaclient.jar:
1. Add the JNLP mime type to Apache's mime.types file
(/etc/httpd/mime.types): application/x-java-jnlp-file jnlp
2. Make a new JNLP file. Or better yet, find on the Web and edit it
(try:
http://developer.apple.com/java/javawebstart/apps/welcome/JWS_Demo.jnlp )
3. Add a directory to your Web server called "webstart".
4. Add the JNLP file to the webstart directory.
5. Add the wojavaclient.jar to the webstart directory
(/System/Library/Java/wojavaclient.jar)
6. Make a jar file of any custom client-side Java Classes. Add this to the
webstart directory.
7. Create a keystore file with which to sign the jars (create it in a place
you can remember):
% keytool -genkey -keystore myKeystore -alias myAlias
8. Sign all the jars in the app (you copied these to the webstart
directory).
% jarsigner -keystore myKeystore wojavaclient.jar myAlias
% jarsigner -keystore myKeystore clientsideclasses.jar myAlias
etc...
9. Edit the JNLP file to include the correct codebase (your web server).
10. Edit the JNLP file to include the jars you signed in step 8.
11. Edit the main-class argument in the JNLP file to be
"com.webobjects.eoapplication.EOApplication". Also add the applicationURL
argument and URL of the server-side WO app. Example:
<application-desc main-class="com.webobjects.eoapplication.EOApplication">
<argument>-applicationURL</argument>
<argument>
http://foo.bar.com:8888/cgi-bin/WebObjects/YourApp.woa</argument>
</application-desc>
12. Request the JNLP file from your Web server. WebStart should launch,
download and start the client app.
*** Solution 2 ***
Got this off another mailing list...
1.) You dont need to (and shouldn't) unsign third party jars and re-sign
them with your own certs, to use them in a signed javaws application.
Instead, put the jars signed by a different certificate in a seperate jnlp
file, a component-extension, and refer to it in your main jnlp file.
2.) When you need to have all-permissions, and you are developing an
application, instead of signing it each iteration, you can modify the
.java.policy file in your home directory (or the java.policy file in the
jre's lib directory) to give all-permissions to code from your codebase:
grant codeBase "http://myserver.com/*" {
permission java.security.AllPermission;
};
then you will have all-permissions even w/o asking for it in your jnlp file.
--
Cliff Tuel email@hidden http://apple.com/services/technicalsupport
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.