File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JNLP and Web Start and the fly likes Signing jnlp and using $$codebase-variable Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "Signing jnlp and using $$codebase-variable" Watch "Signing jnlp and using $$codebase-variable" New topic
Author

Signing jnlp and using $$codebase-variable

Marcus Lindblom
Greenhorn

Joined: Jun 30, 2009
Posts: 1
Hello all!

I have a problem which I cannot find a way around (if there is one?).

In our product we have a GUI which we use JWS to run.
The jar-file containing the jnlp-file is signed at package-time and we cannot tell where the product will be installed so we have used the JnlpDownloadServlet to set the $$codebase variable.
The problem is that the signed jnlp-file will always differ from the one JWS wants to start since the signed one will look something like this:


and the user will get this:


Anyone know if there is a solution to the problem?
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10523
    
    9

Marcus,

Welcome to the Ranch.
Have you considered generating the JNLP file from a servlet?


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Jesper Sigården
Greenhorn

Joined: Nov 20, 2014
Posts: 3
Did you find a solution for this?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18909
    
    8

I don't think you're going to get an answer, because Marcus made just this one post and it was over five years ago.

But since you have the same problem, can you explain something I don't understand about the problem? Why does it matter where the product is going to be installed, since that's a client-side thing? Isn't "http://IP:port/productversion" always going to be the same? If not, why not?
Jesper Sigården
Greenhorn

Joined: Nov 20, 2014
Posts: 3
Paul: A short answer, no. ;-)
The long answer is that this that the web start archive is part of a server installation installed on a server belonging to the customer. The IP will be different in each installation, therefore we have a changing jnlp file that needs to be signed.
Why not sign the file on installation?
The keystore is private for the company and can not be included on each installation...


The solution was to use the jnlp servlet that replaces the codebase with the macro $$codebase.
To get it signed, a "template" jnlp has to be stored in the application jar in:
JNLP-INF/APPLICATION_TEMPLATE.JNLP
want some details, look here:
Signed JNLP file

The template is exactly like the launch.jnlp but for this:

launch.jnlp:


APPLICATION_TEMPLATE.JNLP:


The problem I have is that I send properties to the client within where to connect the client.


And tried this:
launch.jnlp:


APPLICATION_TEMPLATE.JNLP:


THIS IS NOT ALLOWED! <-- took me forever to figure out. I am NOT bitter..
Properties can NOT contain any changeable values.

The server ip address is retrieved by including the jnlp.jar in the application.
The jnlp.jar is not included in the JDK/JRE but in the samples: /sample/jnlp/servlet/jnlp.jar.

This jar provides the means to retrieve information from the web start engine.



By using the ServiceManager.lookup the client can be installed and receive the server.address as argument from the start script ( -Dserver.address=<IP-ADDRESS> ) or by looking up the server address from the jnlp launcher.

HTH

/Jeppe
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18909
    
    8

Jesper Sigården wrote:The long answer is that this that the web start archive is part of a server installation installed on a server belonging to the customer. The IP will be different in each installation, therefore we have a changing jnlp file that needs to be signed.
Why not sign the file on installation?
The keystore is private for the company and can not be included on each installation...


Okay. Then why not sign the customer's version of the JNLP file before sending them the server installation?
Jesper Sigården
Greenhorn

Joined: Nov 20, 2014
Posts: 3
Because the IP might change, DHCP installation.
The IP is not known before hand.

The server is set up in a private network without contact to the internet.

This is the best solution, no hardcoded values anywhere.
No administration process regarding the request for a client.war for a IP number.

HTH

/Jeppe
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Signing jnlp and using $$codebase-variable