airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nadeem Anjum <nadeem.cs....@gmail.com>
Subject Re: [GSoC 2014] Project based on XBaya
Date Thu, 13 Mar 2014 17:14:45 GMT
Hi Marlon,

Is it possible to prevent the jars from being self-signed in XBaya's JNLP?

Thanks,
Nadeem


On Thu, Mar 6, 2014 at 6:48 AM, Marlon Pierce <marpierc@iu.edu> wrote:

> Nice detective work, Nadeem.  We use several self-signed jars in XBaya's
> JNLP. We used to sign them during the build process, but I think we
> finally just placed the signed jars in the repo.
>
> Security problems with Java applets and webstart apps may be why the
> default permissions have gotten more restrictive, so I suggest being
> careful if turning the permissions down.
>
> Marlon
>
> On 3/5/14 6:59 PM, Nadeem Anjum wrote:
> > Hi everyone,
> >
> > This is with reference to Heejon's issue [1] with Xbaya security issue
> with
> > the jre(51).
> >
> > I was able to recreate this issue on Windows.
> >
> > When the security level in java control panel is set to very high or
> high,
> > it gives the following error:
> > "Your security settings have blocked a *self-signed application* from
> > running "
> >
> > When the security level is set to medium or the application is added to
> > exception site list, the application is allowed to run with a warning,
> > which displays the *publisher* as "*unknown*"
> >
> > As per [2], there are two possible reasons for this:
> >
> > 1. *Jar file missing Permission Attribute*
> > 2.* Self signed application* (Certificate not from trusted authority)
> >
> > I modified the permissions in the main jar adding *permissions:
> > all-permissions *in the manifest.mf file, but the problem still persists.
> > According to [3], The Permissions attribute is used to verify that the
> > permissions level requested by the RIA when it runs matches the
> permissions
> > level that was set when the JAR file was created. *This attribute is
> > required in the manifest of the main JAR file for the RIA, secondary JAR
> > files and extensions are not required to have the Permissions attribute*.
> > If the attribute is not present in the main JAR file, then the RIA is
> > blocked
> >
> > So it appears the problem is not due to missing permissions in third
> party
> > jars.
> >
> > Rather the problem is apparently due to *self-signed signature*, as when
> > providing a self-signed signature (the free kind), the "Publisher" field
> > will always say "UNKNOWN" whether or not it is provided when creating the
> > signature, as per [4]
> >
> > Please share your opinion on this issue.
> >
> > [1]: http://markmail.org/thread/c6exit64mmhhpew7
> > [2]: https://www.java.com/en/download/help/java_blocked.xml
> > [3]:
> >
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> > [4]: https://code.google.com/p/jzebra/issues/detail?id=155
> >
> >
> > On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <smarru@apache.org> wrote:
> >
> >> Hi Nadeem,
> >>
> >> We still did not compile the list of GSoC projects for 2014, but
> >> independent of other, I think we certainly can take some help on XBaya
> and
> >> we have major refactoring needs come up. Let me suggest a list of tasks
> for
> >> you to get started.
> >>
> >> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
> with
> >> this thread [2]
> >>
> >> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
> >> interacting with Amazon EC2 Resources so better packaging of the JNLP
> will
> >> help them.
> >>
> >> As for the GSoC project itself, it will involve changing the current
> XBaya
> >> which reads the components in the workflow based on XML Schemas and
> WSDL's
> >> and we need to migrate that using in development thrift based data
> models.
> >> This will require also changes to XBaya communications to registry and
> >> workflow interpreter to talk to the new Airavata API. I will clearly
> >> elaborate on the GSoC project, but for now, please start with helping
> >> Heejoon and understanding the inner workings of 5    and 10 minute
> >> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
> >> rapid development over the next few weeks.
> >>
> >> Suresh
> >> [1] - http://airavata.apache.org/community/mailing-lists.html
> >> [2] - http://markmail.org/thread/c6exit64mmhhpew7
> >> [3] -
> >>
> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
> >>
> >> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <nadeem.cs.iit@gmail.com>
> wrote:
> >>
> >>> Hello Everyone,
> >>>
> >>> Over the last few days I have been going through Airavata codebase. I
> >> specifically got interested in XBaya, and it will be great if I could
> get a
> >> chance to work on a project based on XBaya for GSoC 2014
> >>> Thanks,
> >>> Nadeem
> >>
>
>

Mime
View raw message