Zlatko, While it is true that out of the box, the a WebStart client needs a signed jar to perform privileged operations, keep in mind that you might be able to 1.) change the policy file for the WebStart JVM or 2.) import your self-signed cert into the keystore (and distribute that keystore to all clients) or 3.) just self-sign the jar - this method works, but the user will see a rather disturbing message the first time the jar is run (something along the lines of 'untrusted code, do not run'). As far as lazily downloading a jar, I believe that the WebStart client only allows for one signature to be used (across all jars), so as long as the original signature is accepted initially, there should be no problem downloading additional jars (assuming the signature is the same). Of course, you can decompile the WebStart client and 'take out' the section of code that checks for the signature. Jad will decompile the code into code that will recompile. I previously experimented with changing the look and feel, as well as disabling some of the options that the user might be inclined to change (URL, proxy setting, etc.) using this method. The homepage is http://kpdus.tripod.com/jad.html, but the site seems to be having problems. If you are interested, I can email you a copy of the executable.
Regards, John John Ghidiu Benderson Development Company Inc. [EMAIL PROTECTED] (716) 878-9376 -----Original Message----- From: Zlatko Kostadinov [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 03, 2002 03:51 To: JDJList Subject: [jdjlist] RE: Applet writing files on client Thanks John That's really good idea, but what I read in the webstart spec is that it needs a signed application to gisve the needed permissions. I have never tried it but this is written in the spec: The JNLP Client must check a JAR file for signing information before it is used, i.e., before a class file or another resource is retrieved from it. If a JAR file is signed and the digital signature does not verify, the application must be aborted. For a lazily downloaded JAR file, i.e., a JAR file that is downloaded after the application is launched, this might require aborting an already-running application. And if i did not sign the jar it will not have permissions to write on the disk: All applications are by default run in an untrusted or restricted environment by a JNLP Client. The restricted environment is similar to the well-known Applet sandbox, and is designed so untrusted applications are prevented from intentionally or unintentionally harming the local system. For example, the restricted environment limits access to local disk and the network. Maybe there is much easier way to import the certificate as trusted in webstart - this will be really good. Thanks for your help Zlatko ----- Original Message ----- From: "John Ghidiu" <[EMAIL PROTECTED]> To: "JDJList" <[EMAIL PROTECTED]> Sent: Tuesday, July 02, 2002 6:11 PM Subject: [jdjlist] RE: Applet writing files on client Not necessarily much simpler, but we have started using WebStart for all client applications in our workspace. The deployment of WebStart to all the users was a little rough, but deploying an application to the client has become much easier - in fact, all that really needs to be done is to copy the jar file (and sometimes the JNLP file). One of the good things about WebStart is that you can specify the JVM that you want to use. If you are not familiar with WebStart, look here: http://java.sun.com/products/javawebstart/ Hope that helps! Regards, John Ghidiu -----Original Message----- From: Zlatko Kostadinov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 02, 2002 11:02 To: JDJList Subject: [jdjlist] Applet writing files on client Hi I have to run applet that uses the file system on the client. The applet will be used just in mine company, so I have not a "real" CA certificate. I created a "developer" certificate and signed the applet with it. The java plugin 1.4.0 propmts the user to grant the needed permissions to the applet or no. I want to have the same result on the older plugins (1.3.x) but in this case the certificate must be imported in the trusted certificates database (either in IE or in "jre\lib\security\cacerts" - different for the different versions). Unfortunately it seems to be too complicated operation for the ordinary user. Does anyone have a suggestion how to make this operation simple and easy to be done. Thanks! Zlatko To change your membership options, refer to: http://www.sys-con.com/java/list.cfm To change your membership options, refer to: http://www.sys-con.com/java/list.cfm To change your membership options, refer to: http://www.sys-con.com/java/list.cfm To change your membership options, refer to: http://www.sys-con.com/java/list.cfm
