Hi, About Java Web Start, it has strict limits what it can do (from http://docs.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/development.html#intro):
- An application must be delivered as a set of JAR files. - All application resources, such as files and images must be stored in JAR files; and they must be referenced using the getResource mechanism in the Java(TM) Platform Standard Edition (see below). - An application that needs unrestricted access to the system will need to be delivered in a set of signed JAR files. All entries in each JAR file must be signed. That means that readme.txt must be packaged into some jar or then OpenJUMP must have some self programmed system for getting it. Compulsory signing makes it tricky to deliver plugins. All that one jnlp file is downloading must be signed with the same certificate. Therefore that who delivers the core OJ should take the plugin jars too and sign them with the same computer. But fortunately there seems to be a way to make this a little bit easier: JNLP file can contain references to other JNLP files. Thus the main JNLP may instruct to download the core through core.jnlp from one site and plugin through plugin.jnlp from another site and that way it is possible that the plugin is signed with another certificate. Hmm, I remember that the certificate must be found from Java keystore. With self-signed jars it is possible to make the living very painful for your users, especially with many plugins and many self-signed jars... Downloadin and installing server sertificates and perhaps also CA certificates into the keystore is not very simple. User must be sure to update the keystore of the same jre that is used by the application, and those added certificates disappear with Java update... I have spent some time in telephone giving advise on this. I did not like at all the play with updating resource files, packing them to jars, signing and putting in the right place for JWS launch. However, when it went OK it was just me who suffered and users did not even notice that there were an update. But if there was by accident one jar unsigned or signed with a wrong certificate then the application did not work for anybody after the update. -Jukka Rahkonen- > -----Alkuperäinen viesti----- > Lähettäjä: Edgar Soldin [mailto:[email protected]] > Lähetetty: 15. toukokuuta 2012 13:14 > Vastaanottaja: OpenJump develop and use > Aihe: Re: [JPP-Devel] Aboutdialog > > On 15.05.2012 00:47, Stefan Steiniger wrote: > > Hi Ede, Michael, Matthias > > > > following also Michaels comment in the other email: > > My suggestion would be a proper (english) error message (= > what you call > > a note). No stack-trace or so. Just a simple one-liner > (plus weblink?) > > (using try/catch/...?) > > could be done. it should be translated then as well of course. > > > Is that possible? Though - I see you did already an RC3. So > at least we > > could change it for 1.5.3. > > absolutely. i don't see a need to hurry with this, as it does > not affect desktop users currently and webstart users see it > for a good reason. > > > Btw: didn't thought about the licence note. And it seems to > me even more > > important if it is webstart. Or is licence anywhere else > noted in webstart? > > probably not. but again it's not only the one OJ license but > also about the other ones not to mention all the contributors > which definitely earned their place in the readme file. > > in conclusion: as stated Matthias should find a way to ship > at least the readme.txt, better yet all license files as > well, maybe we can even only provide a note in readme that > these license files are available in the distribution zip file. > > ..ede > > -------------------------------------------------------------- > ---------------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the > latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Jump-pilot-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Jump-pilot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
