airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marlon Pierce <>
Subject Re: [GSoC 2014] Project based on XBaya
Date Thu, 06 Mar 2014 01:18:35 GMT
Nice detective work, Nadeem.  We use several self-signed jars in XBaya's
JNLP. We used to sign them during the build process, but I think we
finally just placed the signed jars in the repo. 

Security problems with Java applets and webstart apps may be why the
default permissions have gotten more restrictive, so I suggest being
careful if turning the permissions down.


On 3/5/14 6:59 PM, Nadeem Anjum wrote:
> Hi everyone,
> This is with reference to Heejon's issue [1] with Xbaya security issue with
> the jre(51).
> I was able to recreate this issue on Windows.
> When the security level in java control panel is set to very high or high,
> it gives the following error:
> "Your security settings have blocked a *self-signed application* from
> running "
> When the security level is set to medium or the application is added to
> exception site list, the application is allowed to run with a warning,
> which displays the *publisher* as "*unknown*"
> As per [2], there are two possible reasons for this:
> 1. *Jar file missing Permission Attribute*
> 2.* Self signed application* (Certificate not from trusted authority)
> I modified the permissions in the main jar adding *permissions:
> all-permissions *in the file, but the problem still persists.
> According to [3], The Permissions attribute is used to verify that the
> permissions level requested by the RIA when it runs matches the permissions
> level that was set when the JAR file was created. *This attribute is
> required in the manifest of the main JAR file for the RIA, secondary JAR
> files and extensions are not required to have the Permissions attribute*.
> If the attribute is not present in the main JAR file, then the RIA is
> blocked
> So it appears the problem is not due to missing permissions in third party
> jars.
> Rather the problem is apparently due to *self-signed signature*, as when
> providing a self-signed signature (the free kind), the "Publisher" field
> will always say "UNKNOWN" whether or not it is provided when creating the
> signature, as per [4]
> Please share your opinion on this issue.
> [1]:
> [2]:
> [3]:
> [4]:
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <> wrote:
>> Hi Nadeem,
>> We still did not compile the list of GSoC projects for 2014, but
>> independent of other, I think we certainly can take some help on XBaya and
>> we have major refactoring needs come up. Let me suggest a list of tasks for
>> you to get started.
>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with
>> this thread [2]
>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>> help them.
>> As for the GSoC project itself, it will involve changing the current XBaya
>> which reads the components in the workflow based on XML Schemas and WSDL's
>> and we need to migrate that using in development thrift based data models.
>> This will require also changes to XBaya communications to registry and
>> workflow interpreter to talk to the new Airavata API. I will clearly
>> elaborate on the GSoC project, but for now, please start with helping
>> Heejoon and understanding the inner workings of 5    and 10 minute
>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>> rapid development over the next few weeks.
>> Suresh
>> [1] -
>> [2] -
>> [3] -
>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <> wrote:
>>> Hello Everyone,
>>> Over the last few days I have been going through Airavata codebase. I
>> specifically got interested in XBaya, and it will be great if I could get a
>> chance to work on a project based on XBaya for GSoC 2014
>>> Thanks,
>>> Nadeem

View raw message