Re: WebStart API development - bypass security

for free code signing certificate check out http://www.cacert.org/

I believe for testing, you can sign your own applications, which
results in a request for full system access when the code is first run.
The screen that appears says something like, "we dont trust this
person, so neither should you, but if you are foolish then click ok to
allow them to give you a virus and destroy your your computer"

done with jarsigner of course.

Signing your code locally (by yourself, the untrusted source), will
allow you to accept the hideous certificate mentioned above. But I
dont think that there is a way to test it without signing your code in
some way. Ant would be the way to go in my mind, if you felt up to it.
But you could always just leave a command prompt open with all your
build calls.

good luck


Andrew Thompson wrote:
Have any of you done any amount of development using
the webstart API?
<http://java.sun.com/products/javawebstart/1.0.1/javadoc/index.html>
(The FileService, ClipboardService, PersistenceService..)

I have found the development cycle to be a PITA, and am
looking for shortcuts.

The basic problem is that in order to access any of the
services, you cannot simply 'run your classes' in Java from
the command line - even if you add the JWS jar to the classpath,
the ServiceManager is not properly initialised, and
ServiceManager.getServiceNames()* returns a 0 length array.

*
<http://java.sun.com/products/javawebstart/1.0.1/javadoc/javax/jnlp/ServiceManager.html#getServiceNames()>

When launching via webstart itself, the application/applet
needs to be jar'd, and requires a JNLP file.

Fortunately, you can then test it from the command
line and local filesystem (avoiding the entire hassle of
uploading it to a server configured to send the correct
mime-type) by using the -codebase option on launch..
<http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/javaws.html#options>

But.. I find that even using the sand-boxed (no need to sign the code)
methods in one part of an application, I often need other parts of the
application to have 'full access' (libraries and native libs etc.).

To add code signing to that development test cycle is a killer,
is there is any way to tell the javaws launcher (either via options,
system configuration, or voodoo) to 'ignore all restrictions'
and simply run test code as 'trusted'?

Or is this a case of
"(slap the OP) Use an advanced IDE with ANT and this is all easy"?

Andrew T.

.

Relevant Pages