问题
How to create totally security proof jnlp. I created one jnlp and uploaded on my online server. It is not working at all, but in my local, it is working fine.
My online JNLP is opening GUI, only when, i decrease the java security level to medium( i think it is not secure at all) and it is not working (none of the functionality is working)
I googled it about it, but could not find anything useful. Edited Can you please verify the JNLP file...find at link..This application is running perfectly fine in my local..it is not working..what could be the reason?
回答1:
Basically do or read the following:
- Sign your app and all your jars with an official certificate
- Also "sign" your JNLP file (meaning put a copy of your jnlp file into JNLP-INF folder as described here.
- Set the permissions right (e.g. all
<security><all-permissions/></security>) - Set the trusted-library | trusted-only attributes (More infos here)
- [optional] Set the 7u25 introduced permissions and codebase attributes in the JAR Manifest File(s) (More infos here)
For more information also look:
Jar signing
7u21 release notes
And if you have trouble with your jnlp file verify it with JaNeLA.
回答2:
Especially if you are using a self-signed certificate, you should review Java Applet & Web Start—Code Signing and the new security prompts introduced in Java version 7u21.
来源:https://stackoverflow.com/questions/18145619/security-issue-with-jnlp-jar-for-java-swing