This week's book giveaway is in the Cloud/Virtualizaton forum.
We're giving away four copies of Mesos in Action and have Roger Ignazio on-line!
See this thread for details.
Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Signing jnlp and using $$codebase-variable

 
Marcus Lindblom
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all!

I have a problem which I cannot find a way around (if there is one?).

In our product we have a GUI which we use JWS to run.
The jar-file containing the jnlp-file is signed at package-time and we cannot tell where the product will be installed so we have used the JnlpDownloadServlet to set the $$codebase variable.
The problem is that the signed jnlp-file will always differ from the one JWS wants to start since the signed one will look something like this:


and the user will get this:


Anyone know if there is a solution to the problem?
 
Maneesh Godbole
Saloon Keeper
Posts: 11027
12
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Marcus,

Welcome to the Ranch.
Have you considered generating the JNLP file from a servlet?
 
Jesper Sigården
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you find a solution for this?
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think you're going to get an answer, because Marcus made just this one post and it was over five years ago.

But since you have the same problem, can you explain something I don't understand about the problem? Why does it matter where the product is going to be installed, since that's a client-side thing? Isn't "http://IP:port/productversion" always going to be the same? If not, why not?
 
Jesper Sigården
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul: A short answer, no. ;-)
The long answer is that this that the web start archive is part of a server installation installed on a server belonging to the customer. The IP will be different in each installation, therefore we have a changing jnlp file that needs to be signed.
Why not sign the file on installation?
The keystore is private for the company and can not be included on each installation...


The solution was to use the jnlp servlet that replaces the codebase with the macro $$codebase.
To get it signed, a "template" jnlp has to be stored in the application jar in:
JNLP-INF/APPLICATION_TEMPLATE.JNLP
want some details, look here:
Signed JNLP file

The template is exactly like the launch.jnlp but for this:

launch.jnlp:


APPLICATION_TEMPLATE.JNLP:


The problem I have is that I send properties to the client within where to connect the client.


And tried this:
launch.jnlp:


APPLICATION_TEMPLATE.JNLP:


THIS IS NOT ALLOWED! <-- took me forever to figure out. I am NOT bitter..
Properties can NOT contain any changeable values.

The server ip address is retrieved by including the jnlp.jar in the application.
The jnlp.jar is not included in the JDK/JRE but in the samples: /sample/jnlp/servlet/jnlp.jar.

This jar provides the means to retrieve information from the web start engine.



By using the ServiceManager.lookup the client can be installed and receive the server.address as argument from the start script ( -Dserver.address=<IP-ADDRESS> ) or by looking up the server address from the jnlp launcher.

HTH

/Jeppe
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jesper Sigården wrote:The long answer is that this that the web start archive is part of a server installation installed on a server belonging to the customer. The IP will be different in each installation, therefore we have a changing jnlp file that needs to be signed.
Why not sign the file on installation?
The keystore is private for the company and can not be included on each installation...


Okay. Then why not sign the customer's version of the JNLP file before sending them the server installation?
 
Jesper Sigården
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because the IP might change, DHCP installation.
The IP is not known before hand.

The server is set up in a private network without contact to the internet.

This is the best solution, no hardcoded values anywhere.
No administration process regarding the request for a client.war for a IP number.

HTH

/Jeppe
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic