https://stackoverflow.com/questions/19311955
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWe can use jarverifier in the link, to check whether the jar has completely signed not and at the same time it can be used to verify the certificate of jar file.
How to prevent loading of unsigned jars?
-
30-06-2022 - |
Question
In my application, noticed that among signed jar files even unsigned jar file are also getting loaded while invoke application, so to ensure the security i need guidance to prevent loading of any unsigned jars
EDIT:
How to identify / retrieve the Jar signature using ClassLoader
Solution 3
OTHER TIPS
You might be able to achieve this using the all-permissions element in your jnlp file.
<security>
<all-permissions/>
</security>
see http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/syntax.html and Is it possible to use jnlp without signing the jars?
Hope it helps.
One solution is to create a custom version of JarClassLoader which will check jars signatures.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
