Java Webstart attempt to sandboxed jar as "Trusted-Library"
You should be able to find answers in Mixing Signed and Unsigned Code. See especially Deploying Signed Applications and Applets Securely Without a Mixed Code Warning.
Note that manifest above has..
..
Trusted-Library: true
X-COMMENT: Main-Class will be added automatically by build
Trusted-Only: true
..
It should be one or the other of Trusted-Library or Trusted-Only (AFAIU). In this case it should be Trusted-Library.
Comments
-
RobotRock almost 2 years
I'm trying to load a signed jar with an unsigned library through Webstart. However I get a "attempt to open sandboxed jar as Trusted-Library" error. I removed the all permissions setting from my jnlp file, if let it there (which I prefer not to), I get a classnotdefined exception for my library. I'm using Netbeans to sign my jar with Trusted Library setting. Would it work if I signed the library (which is not mine, but GPL'ed)?
All is working locally, btw, just not from Webstart. Thanks, Kaj
The manifest file:
Manifest-Version: 1.0 Ant-Version: Apache Ant 1.8.2 Trusted-Library: true X-COMMENT: Main-Class will be added automatically by build Class-Path: lib/tools.jar Created-By: 1.7.0-b147 (Oracle Corporation) Main-Class: customcompile.CustomCompile Name: customcompile/Source.class SHA-256-Digest: WFa1FC4Q07sE3S9XxmUSEpgUKjvjYo81urGSiiLNBYY= Name: customcompile/Output.class SHA-256-Digest: Sc8oRhAcYYrEtWY5iA56bNKx4EuHQHgFfHmXRSYV474= Name: customcompile/CustomCompile.class SHA-256-Digest: WYmy6ny6BU6sYFqJCwxSUPsbTWbpvBuPurYuwnZR5sM= Name: customcompile/MemoryClassLoader.class SHA-256-Digest: 0bUNmC+gI7dkGFzEmDvAqdOv15UmHOQS8dDVi9FxGFU= Name: META-INF/INDEX.LIST SHA-256-Digest: komZP7Un7Uyi8XTq+HvpbZtNF5cfPC8TmGiPBfcO3qk= Name: customcompile/MemoryFileManager.class SHA-256-Digest: GorTXt3N3GZ2kUHry7qBfAOgUuYvhWHE3S+SGEjzR7k=I found some info on the subject as well ( http://download.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html ): at the bottom one finds a Q&A about mixed code, suggesting setting a lazy mode on the library, which did not do anything for me.
-
RobotRock over 12 yearsCan I simply remove the Trusted-Only line from the manifest.mf file? Note that I simply told Netbeans to use the Trusted-Library mode at Properties > Webstart > Customize.
-
RobotRock over 12 yearsI changed to Trusted-Library (I had to clean and build for this), and this changed the error to attempt to sandboxed jar CustomCompile.jar as "Trusted-Library"
-
jefflunt over 12 yearsWhat if you take out both lines? Does it just completely break?
-
RobotRock over 12 yearsIt works if I run the webstart jnlp locally, but not from the url: kalpha.com/test/launch.jnlp. I must note as well, I'm creating a classloader, which seems to cause trouble with Webstart I read. However this happens in the signed jar.
-
RobotRock over 12 yearsI forgot I signed the library, trying an unsigned on now.
-
RobotRock over 12 yearsAnd that works! Great! Dont know why I didnt come across it myself.
-
RobotRock over 12 yearsI got the classnotdefined error maybe because I did not reupload the library, even though I used the exact same library, it is being picky on this point.
