Security issue with jnlp jar for java swing

StackOverflow https://stackoverflow.com/questions/18145619

Question

How to create totally security proof jnlp. I created one jnlp and uploaded on my online server. It is not working at all, but in my local, it is working fine.

My online JNLP is opening GUI, only when, i decrease the java security level to medium( i think it is not secure at all) and it is not working (none of the functionality is working)

I googled it about it, but could not find anything useful. Edited Can you please verify the JNLP file...find at link..This application is running perfectly fine in my local..it is not working..what could be the reason?

Was it helpful?

Solution

Basically do or read the following:

  1. Sign your app and all your jars with an official certificate
  2. Also "sign" your JNLP file (meaning put a copy of your jnlp file into JNLP-INF folder as described here.
  3. Set the permissions right (e.g. all <security><all-permissions/></security>)
  4. Set the trusted-library | trusted-only attributes (More infos here)
  5. [optional] Set the 7u25 introduced permissions and codebase attributes in the JAR Manifest File(s) (More infos here)

For more information also look:

Jar signing

7u21 release notes

And if you have trouble with your jnlp file verify it with JaNeLA.

OTHER TIPS

Especially if you are using a self-signed certificate, you should review Java Applet & Web Start—Code Signing and the new security prompts introduced in Java version 7u21.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top