Solution for using the <all-permissions/> label in the. JNLP File
When Java Web Start is used to publish a program, the following labels are used in the. JNLP file:
<Security>
<All-permissions/>
</Security>
All released jar files must be marked (Signed); otherwise, the following exception occurs:
Jnlpexception [Category: security error: exception: NULL: launchdesc: <br/> ......... <br/> ......... <br/> </JNLP>] <br/> at com. sun. javaws. launchdownload. checksignedresourceshelper (unknown source) <br/> at com. sun. javaws. launchdownload. checksignedresources (unknown source) <br/> at com. sun. javaws. launcher. preparelaunchfile (unknown source) <br/> at com. sun. javaws. launcher. preparetolaunch (unknown source) <br/> at com. sun. javaws. launcher. launch (unknown source) <br/> at com. sun. javaws. main. launchapp (unknown source) <br/> at com. sun. javaws. main. continueinsecurethread (unknown source) <br/> at com. sun. javaws. main $ 1.run( unknown source) <br/> at java. lang. thread. run (unknown source) <br/>
The solution is as follows (you can also refer to the JDK help documentation ):
Run the toolkey tool in the following ways:
Keytool-genkey-alias testapplet-validity 365
This statement generates a key certificate named testapplet, which is stored in your. keystore file. Validity indicates the key's validity period. The default value is 180. However, it takes one year, so we set it to 365. Run this statement in the Windows Command Prompt line window. You will get a lot of short questions to be answered from keytool, as shown in:
You may have understood that the most important thing is the password. You can use your own password, but do not forget it. As I mentioned earlier, creating a trusted applet is a simple operation, but you need to understand each step. Here, we have almost completed its operations, but we still need to say a few words for keytool. I suggest you pay more attention to it. It is necessary to read the keytool manual to understand the usage of each parameter. It is helpful for you to deeply understand its features. Now that we have our own keys, let's make a simple operation: just use our keys to design our applet. Use the following command line (change the current directory to the directory where testapplet. jar is stored ):
Jarsigner testapplet. Jar testapplet
The first parameter is our JAR file, and the second is the key alias (Key alias) just created above ). The jarsigner command is not user-friendly, so you will not see any information.
Congratulations, you have successfully created your first real signature applet! I think you may wish to try its functions right away. I can't find any reason not to let you do it. Upload the JAR file you signed to the directory where testapplet.html and testapplet. jar are stored first, and then overwrite the testapplet. jar file. View testapplet.html in the browser.
Then your applet will load and display a window, as shown below:
It asks whether you accept or reject the signature applet. Click "no" to display the applet with the old unsigned version, so it is still in the "sandbox" and has many constraints on "outside world. Click "yes" to get more freedom from your applet.