WebStart API development - bypass security

A

Andrew Thompson

Have any of you done any amount of development using
the webstart API?
<http://java.sun.com/products/javawebstart/1.0.1/javadoc/index.html>
(The FileService, ClipboardService, PersistenceService..)

I have found the development cycle to be a PITA, and am
looking for shortcuts.

The basic problem is that in order to access any of the
services, you cannot simply 'run your classes' in Java from
the command line - even if you add the JWS jar to the classpath,
the ServiceManager is not properly initialised, and
ServiceManager.getServiceNames()* returns a 0 length array.

*
<http://java.sun.com/products/javawe...ax/jnlp/ServiceManager.html#getServiceNames()>

When launching via webstart itself, the application/applet
needs to be jar'd, and requires a JNLP file.

Fortunately, you can then test it from the command
line and local filesystem (avoiding the entire hassle of
uploading it to a server configured to send the correct
mime-type) by using the -codebase option on launch..
<http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/javaws.html#options>

But.. I find that even using the sand-boxed (no need to sign the code)
methods in one part of an application, I often need other parts of the
application to have 'full access' (libraries and native libs etc.).

To add code signing to that development test cycle is a killer,
is there is any way to tell the javaws launcher (either via options,
system configuration, or voodoo) to 'ignore all restrictions'
and simply run test code as 'trusted'?

Or is this a case of
"(slap the OP) Use an advanced IDE with ANT and this is all easy"?

Andrew T.
 
T

tiewknvc9

for free code signing certificate check out http://www.cacert.org/

I believe for testing, you can sign your own applications, which
results in a request for full system access when the code is first run.
The screen that appears says something like, "we dont trust this
person, so neither should you, but if you are foolish then click ok to
allow them to give you a virus and destroy your your computer"

done with jarsigner of course.

Signing your code locally (by yourself, the untrusted source), will
allow you to accept the hideous certificate mentioned above. But I
dont think that there is a way to test it without signing your code in
some way. Ant would be the way to go in my mind, if you felt up to it.
But you could always just leave a command prompt open with all your
build calls.

good luck
 
A

Andrew Thompson

tiewknvc9 said:
for free code signing certificate check out http://www.cacert.org/

I believe for testing, you can sign your own applications, which
results in a request for full system access when the code is first run.

A self-signed certificate - that is what I am currently using
(for both testing and later deployment), and exaclty I want
to avoid *having* to do during *development*.

Andrew T.
 
T

tiewknvc9

Andrew said:
A self-signed certificate - that is what I am currently using
(for both testing and later deployment), and exaclty I want
to avoid *having* to do during *development*.

Andrew T.

I dont think that sun would allow that. Since a developer could
potentially release something to the public that was not signed,
starting with the command line code allowing full access to the
machine..

Java is a pain with security. But its probably a good move on their
end.
 
D

Daniel Dyer

I have found the development cycle to be a PITA, and am
looking for shortcuts. ....
Or is this a case of
"(slap the OP) Use an advanced IDE with ANT and this is all easy"?

You don't necessarily need to use an IDE, but Ant would probably make
things easier (there's a built-in task for signing jars:
http://ant.apache.org/manual/CoreTasks/signjar.html). How do you do the
build currently?

I'm a big advocate of always having an automated, single-step build
process. It doesn't really matter whether that's achieved with Ant,
Maven, Make or some home-grown scripts. Once you have to execute more
than one command to do a build there's a chance of messing things up.

Dan.
 
A

Andrew Thompson

Daniel said:
You don't necessarily need to use an IDE, but Ant would probably make
things easier (there's a built-in task for signing jars:
http://ant.apache.org/manual/CoreTasks/signjar.html). How do you do the
build currently?

I'm a big advocate of always having an automated, single-step build
process. It doesn't really matter whether that's achieved with Ant,
Maven, Make or some home-grown scripts. Once you have to execute more
than one command to do a build there's a chance of messing things up.

Yeah, thanks. I think I just needed to hear it.

I wish I could figure how to run Ant from the command line,
I'll need to hit the docs. (I have two "powerful IDE's" installed,
both of which can run Ant scripts, but one is utterly broken -
never starts up, the other broke when settings were overwritten
during a 1.2 install the other night.. long story..)

Andrew T.
 
A

Andrew Thompson

Andrew said:
....
I wish I could figure how to run Ant from the command line,
I'll need to hit the docs.

(a short time later...)
C:\Documents and Settings\Administrator>ant
Buildfile: build.xml does not exist!
Build failed

....Woo-Hoo! :)

That's progress, from..

C:\Documents and Settings\Administrator>ant
'ant' is not recognized as an internal or external command,
operable program or batch file.

Andrew T.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top