felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cesar Souza <ce...@animati.com.br>
Subject Re: Security Warning: Felix with Java Web Start
Date Thu, 17 Oct 2013 12:46:55 GMT
hi Rob

I am not signing the JNLP file.
But now all the properties are in application's arguments:

https://github.com/nroduit/weasis-pacs-connector/blob/master/src/main/resources/weasis-jnlp-default.xml

On Wed, Oct 16, 2013 at 4:36 PM, Rob Walker <robw@ascert.com> wrote:
> Are you signing your JNLP file?
>
> If not, use of properties may have something to do with your problem:
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/signedJNLP.html
>
> -- Rob
>
>
> On 16/10/2013 9:21 PM, Cesar Souza wrote:
>>
>> now the application is working again in Java 7u45, but the warning
>> still appearing.
>>
>> before the jnlp code was:
>>
>> <resources>
>>      <property name="felix.config.properties"
>> value="conf/config.properties" />
>>      <property name="gosh.args" value="-sc telnetd -p 17179 start" />
>> </resources>
>>
>> we change it to:
>>
>> <application-desc main-class="...WebstartLauncher">
>>
>> <argument>-VMPfelix.config.properties="conf/config.properties"</argument>
>>      <argument>-VMPgosh.args="-sc telnetd -p 17179 start"</argument>
>> </application-desc>
>>
>> the whole project is here:
>> http://www.dcm4che.org/confluence/display/WEA/Building+Weasis+from+source
>>
>> On Wed, Oct 16, 2013 at 10:25 AM, Karl Pauls <karlpauls@gmail.com> wrote:
>>>
>>> Alternatively, can you try to get me more information about what is
>>> failing
>>> exactly?
>>>
>>> regards,
>>>
>>> Karl
>>>
>>>
>>> On Wed, Oct 16, 2013 at 2:40 PM, Karl Pauls <karlpauls@gmail.com> wrote:
>>>
>>>> it would be really helpful if you could provide me with a failing toy
>>>> example...
>>>>
>>>> regards,
>>>>
>>>> Karl
>>>>
>>>>
>>>> On Wed, Oct 16, 2013 at 2:37 PM, Cesar Souza <cesar@animati.com.br>
>>>> wrote:
>>>>
>>>>> Hi guys
>>>>>
>>>>> We are facing a big problem, our software cannot run under Java 7
>>>>> update 45 due to the problem that I reported here.
>>>>> Please, can you raise the priority of the issue on Jira ?
>>>>>
>>>>> On Fri, Oct 11, 2013 at 4:00 PM, Rob Walker <robw@ascert.com> wrote:
>>>>>>
>>>>>> Will def update the issue with anything I find.
>>>>>> Our examples are anything but small though - very hard to split stuff
>>>>>
>>>>> out, 40+ bundles and a ton of our own app code plus off the shelf libs.
>>>>>>
>>>>>> Will report back with findings though!
>>>>>> - Rob
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>
>>>>>> From: "Cesar Souza" <cesar@animati.com.br>
>>>>>> To: users@felix.apache.org
>>>>>> Sent: Friday, 11 October, 2013 8:55:50 PM
>>>>>> Subject: Re: Security Warning: Felix with Java Web Start
>>>>>>
>>>>>> Thanks, Rob
>>>>>>
>>>>>> If you have a small example, please attach it to the Jira issue that
>>>>>> I've just created.
>>>>>>
>>>>>> https://issues.apache.org/jira/browse/FELIX-4281
>>>>>>
>>>>>> On Fri, Oct 11, 2013 at 3:42 PM, Rob Walker <robw@ascert.com>
wrote:
>>>>>>>
>>>>>>> I have J7u40, but I haven't tested the WebStart aspect since
>>>>>>> updating.
>>>>>
>>>>> Quite possible it will hit the same problem, saw the warnings in the
>>>>> release notes. Will give it a try next week if I get a chance and
>>>>> report
>>>>> back
>>>>>>>
>>>>>>> - Rob
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>
>>>>>>> From: "Cesar Souza" <cesar@animati.com.br>
>>>>>>> To: users@felix.apache.org
>>>>>>> Sent: Friday, 11 October, 2013 6:52:26 PM
>>>>>>> Subject: Re: Security Warning: Felix with Java Web Start
>>>>>>>
>>>>>>> Hi Rob
>>>>>>>
>>>>>>> I have already verified all jars in my application.
>>>>>>> Are you using the Java 7 update 40 with your web start application
??
>>>>>>>
>>>>>>> Is there a way to turn on the debug log in Felix?
>>>>>>> Maybe I can see what resource is causing the security warning.
>>>>>>>
>>>>>>> On Fri, Oct 11, 2013 at 2:26 AM, Rob Walker <robw@ascert.com>
wrote:
>>>>>>>>
>>>>>>>> That seems to imply at least one of the JARs or bundles being
loaded
>>>>>
>>>>> isn't
>>>>>>>>
>>>>>>>> signed - probably worth a re-check on all JARs to make sure
>>>>>
>>>>> everything is
>>>>>>>>
>>>>>>>> signed.
>>>>>>>>
>>>>>>>> We also use a launcher, and WebStart Felix. Our production
build we
>>>>>
>>>>> signs
>>>>>>>>
>>>>>>>> everything and we don't see that message - but in development,
where
>>>>>
>>>>> we
>>>>>>>>
>>>>>>>> don't sign, we do get it.
>>>>>>>>
>>>>>>>> I think I remember reading the latest Java versions are
>>>>>>>> progressively
>>>>>>>> locking down the running of unsigned JARs, which is causing
some
>>>>>>>> controversy.
>>>>>>>>
>>>>>>>> -- Rob
>>>>>>>>
>>>>>>>>
>>>>>>>> On 10/10/2013 9:37 PM, Cesar Souza wrote:
>>>>>>>>>
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I have a valid certificate and I already successfully
signed a Java
>>>>>>>>> Web Start application. So, there is no problem with the
certificate
>>>>>
>>>>> or
>>>>>>>>>
>>>>>>>>> the process to sign my applications.
>>>>>>>>> But now I am trying to sign another application that
uses Felix.
>>>>>
>>>>> There
>>>>>>>>>
>>>>>>>>> is a launcher and all the libraries are in a remote directory,
all
>>>>>>>>> them signed, accessed through a web server.
>>>>>>>>> When I launch the application everything is OK until
the execution
>>>>>>>>> of
>>>>>>>>> the Felix's init method. In this moment a dialog appears
and show
>>>>>>>>> the
>>>>>>>>> following message:
>>>>>>>>> -----------------------------------
>>>>>>>>> "Security Warning
>>>>>>>>>
>>>>>>>>> Do you want to run this application?
>>>>>>>>> An unsigned application from the location below is requesting
>>>>>
>>>>> permission
>>>>>>>>>
>>>>>>>>> to run.
>>>>>>>>>
>>>>>>>>> Running unsigned applications like this will be blocked
in a future
>>>>>>>>> release because it is potentially unsafe and a security
risk."
>>>>>>>>> -----------------------------------
>>>>>>>>>
>>>>>>>>> Is this a Felix's security problem ?
>>>>>>>>> Thanks for helping me.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>> Ascert - Taking systems to the edge
>>>>>>>> robw@ascert.com
>>>>>>>> +27 21 300 2028 ext 5119
>>>>>>>> www.ascert.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> atenciosamente,
>>>>>>> Cesar Souza
>>>>>>>
>>>>>>> Animati Computação Aplicada
>>>>>>> Santa Maria, RS - (55) 3286 4010
>>>>>>> http://animati.com.br
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> atenciosamente,
>>>>>> Cesar Souza
>>>>>>
>>>>>> Animati Computação Aplicada
>>>>>> Santa Maria, RS - (55) 3286 4010
>>>>>> http://animati.com.br
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> atenciosamente,
>>>>> Cesar Souza
>>>>>
>>>>> Animati Computação Aplicada
>>>>> Santa Maria, RS - (55) 3286 4010
>>>>> http://animati.com.br
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>
>>>>>
>>>>
>>>> --
>>>> Karl Pauls
>>>> karlpauls@gmail.com
>>>> http://twitter.com/karlpauls
>>>> http://www.linkedin.com/in/karlpauls
>>>> https://profiles.google.com/karlpauls
>>>>
>>>
>>>
>>> --
>>> Karl Pauls
>>> karlpauls@gmail.com
>>> http://twitter.com/karlpauls
>>> http://www.linkedin.com/in/karlpauls
>>> https://profiles.google.com/karlpauls
>>
>>
>>
>
> --
>
>
> Ascert - Taking systems to the edge
> robw@ascert.com
> +27 21 300 2028 ext 5119
> www.ascert.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>



-- 
atenciosamente,
Cesar Souza

Animati Computação Aplicada
Santa Maria, RS - (55) 3286 4010
http://animati.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message