问题
I have a JNLP file which is generated by a servlet dynamically . The JNLP generated is:
<jnlp spec="6.0+" href="launch?param1=Hooolas">
<information>
<title>JSGD</title>
<vendor>evconsul</vendor>
<homepage href=""/>
<description>JSGD</description>
<description kind="short">JSGD</description>
<offline-allowed/>
</information>
<update check="background"/>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.8+"/>
<jar href="http://192.168.0.17:8080/Secu/huella/JSGD.jar" main="true"/>
</resources>
<application-desc main-class="jsgd.JSGD">
<argument>Hooolas</argument>
</application-desc>
</jnlp>
The error in a client machine:
java.lang.NullPointerException
at com.sun.javaws.JnlpxArgs.execProgram(Unknown Source)
at com.sun.javaws.Launcher.relaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Missing Application-Name manifest attribute for: http://192.168.0.17:8080/Secu/huella/JSGD.jar
#### Java Web Start Error:
#### null
I have packed all libraries in one jar called JSGD.jar its struct is:
JSGD.jar
-jsgd
-META-INF
-org
-SecugenLib
The URL of my jar is: http://192.168.0.17:8080/Secu/huella/JSGD.jar
I have packed my app via on Netbeans 8.1 Files->/buil.xml right click Run Target->Other Targets->package-for-store. This generates a jar inside in Store folder. This jar has the struct described above.
In my machine runs ok(when codebase attribute is: codebase="http://localhost:8080/Secu/" of course! ). What would be the problem? JRE version 1.7.0_79-b15(Client Machine) I use Netbeans 8.1
DETAILS:
I have overwritten build.xml adding the next lines; to pack all classes in one jar:
<target name="package-for-store" depends="jar">
<!-- Cambien el valor de esta propiedad para dar el nombre al JAR,
sin la extensión .jar. No debe tener espacios.
<property name="store.jar.name" value="NombreDelJar"/>
-->
<property name="store.jar.name" value="JSGD"/>
<!-- No editar nada después de esta línea -->
<property name="store.dir" value="store"/>
<property name="store.jar" value="${store.dir}/${store.jar.name}.jar"/>
<echo message="Packaging ${application.title} into a single JAR at ${store.jar}"/>
<delete dir="${store.dir}"/>
<mkdir dir="${store.dir}"/>
<jar destfile="${store.dir}/temp_final.jar" filesetmanifest="skip">
<zipgroupfileset dir="dist" includes="*.jar"/>
<zipgroupfileset dir="dist/lib" includes="*.jar"/>
<manifest>
<attribute name="Main-Class" value="${main.class}"/>
<attribute name="Application-Name" value="JSGD"/>
<attribute name="Trusted-Only" value="true"/>
<attribute name="Permissions" value="sandbox"/>
<attribute name="Codebase"
value="http://192.168.0.17 http://localhost"/>
</manifest>
</jar>
<zip destfile="${store.jar}">
<zipfileset src="${store.dir}/temp_final.jar"
excludes="META-INF/*.SF, META-INF/*.DSA, META-INF/*.RSA"/>
</zip>
<delete file="${store.dir}/temp_final.jar"/>
</target>
Update
Following the advices from @mosquito-x, seems the thing goes better, but Java 7(I'm trying in jre-8u91 too) block it. The message is:
Application Blocked by Java Security.
Name: JSGD
From: http://192.168.0.17
Reason: The Java Security Settings have this application from running. You may change this behavior in Java Control Panel.
In Java control panel Site list. I have added these sites:
http://192.168.0.17:8080
http://192.168.0.17:8080/Secu
http://192.168.0.17:8080/Secu/huella
http://192.168.0.17:8080/Secu/launch
Thanks in advance!
回答1:
The JNLP :
a hardcodedcodebase="http://192.168.0.17:8080/Secu/"
will only work on localhostcause java blocked
CAUSE
java blocked
Java has further enhanced security to make the user system less vulnerable to external exploits.
Starting with Java 7 Update 51, Java does not allow users to run applications that are not signed (unsigned), self-signed (not signed by trusted authority) or that are missing permission attributes.
Risks involved in running applications
Unsigned application
An application without a certificate (i.e. unsigned apps), or missing application Name and Publisher information are blocked by default. Running this kind of application is potentially unsafe and present higher level of risk. Self-signed application (Certificate not from trusted authority)
An application with self-signed certificate is blocked ............
Application-Name Attribute
Application-Name
The Application-Name attribute is used in security prompts to provide a title for your signed RIA. Use of this attribute is recommended to help users make the decision to trust and run the RIA. The value can be any valid string, for example:
Application-Name: Hello World
If the Application-Name attribute is not present in the JAR file manifest ............
Modifying a Manifest File
Modifying a Manifest File
You use the m command-line option to add custom information to the manifest during creation of a JAR file. This section describes the m option.
The Jar tool automatically puts a default manifest with the pathname META-INF/MANIFEST.MF into any JAR file you create. You can enable special JAR file functionality, such as package sealing, by modifying the default manifest. Typically, modifying the default manifest involves adding special-purpose headers to the manifest that allow the JAR file to perform a particular desired function.
To modify the manifest, you must first prepare a text file containing the information you wish to add to the manifest. You then use the Jar tool's m option to add the information in your file to the manifest. Warning: The text file from which you are creating the manifest must end with a new line or carriage return. The last line will not be parsed properly if it does not end with a new line or carriage return.
The basic command has this format:
jar cfm jar-file manifest-addition input-file(s)
Let's look at the options and arguments used in this command:
The c option indicates that you want to create a JAR file. The m option indicates that you want to merge information from an existing file ... The f option indicates that you want the output to go to a file (the JAR file) ... manifest-addition is the name (or path and name) of the existing text file .... jar-file is the name that you want the resulting JAR file to have. The input-file(s) argument is a space-separated list of one or more files ....
example one of mine
MANIFEST.MF
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.3
Main-Class: DataSummaryApplet
Class-Path: lib/plugin.jar
Application-Name: appJSN
Trusted-Only: true
Permissions: sandbox
Created-By: 1.7.0_51-b13 (Oracle Corporation)
Codebase: http://www.asitexx.com http://localhost
EDIT:
1.)
Most IDE's who creates the jar file, uses a build.xml.
The bad thing this file is always new created if you change something in the project.
You can test if you change :
<manifest>
<attribute name="Main-Class" value="${main.class}"/>
</manifest>
with (change to your needs)
<manifest>
<attribute name="Main-Class" value="${main.class}"/>
<attribute name="Application-Name" value="whatever"/>
<attribute name="Trusted-Only" value="true"/>
<attribute name="Permissions" value="sandbox"/>
<attribute name="Codebase" value="http://www.asitexx.com http://localhost"/>
</manifest>
you can add domains to the codebase seperated by a blank
2.) Remove the code base from JNLP file it's not needed anymore
<jnlp spec="6.0+" codebase="http://192.168.0.17:8080/Secu/" href="launch?param1=Hooolas">
to
<jnlp spec="6.0+" href="launch?param1=Hooolas">
Hope it helps,
Thomas
Update from comments
You think that I should sign with a certificate?? and How do that?
that is not that easy and you have to be careful to do everything in the correct sequence.
Be careful:
Only pure .jar file use, that has all libs and even your self created MANIFEST.FM in it.
Test this, open the jar file must contain only except the libs plain text.
No SHA-256-Digest
or other parts like 7fnH8YhS5mkYtZoJqiWEI2bfSXSYd2alrKCEdvieyEk
etc.
Then you can with the next steps proceed.
only two links of many that may help you.
To Generate a Certificate by Using keytool
Signing JAR Files
来源:https://stackoverflow.com/questions/38356087/java-web-star-java-lang-nullpointerexception-jnlpxargs-execprogram