On Mac OS X 10.9 signed Java Web Start applications are blocked by default with the message: 'application.jnlp' can't be opened because it is from an unidentified developer. I know it's possible to weaken the security checks to allow any application to run, but that requires a manual intervention of the end user.
I am writing a java webstart application to deploy from website so users can click and run my software. I need to have a kind of unique machine identification to avoid abusing the accessing of the files. I would like to use the client's MAC address as a unique key so that the server can ensure that no client.
Is it possible to 'sign' a Java Web Start application such that it is recognized as originating from an identified developer? Thank you 8,888 1 10 21 asked Nov 4 '13 at 12:05 6,778 2 29 63| 5 Answers 5 ---Accepted---Accepted---Accepted--- Apple does appear to support signing of webstart -- but not directly. You have to bundle it in an archive.
See the note at the bottom of page: You can use the codesign utility to sign the JNLP file, which will attach the code signature to the JNLP file as extended attributes. To preserve these attributes, package the JNLP file in a ZIP, XIP, or DMG file. Be careful using the ZIP format, as some third-party tools might not capture the required extended attributes correctly. Also note that XIP isn't supported for non-Apple developers: Important: Starting with macOS Sierra, only XIP archives signed by Apple will be expanded. Developers who have been using XIP archives will need to move to using signed installer packages or disk images. Answered Nov 3 '16 at 13:42 1,682 1 14 23 Thanks, I've eventually resorted to creating a proper app bundle that invokes javaws If the jnlp file can no longer be executed automatically upon download there is no point keeping it, even if it's zipped with its code signing attributes.
Icc profiles flexi. Flexi family program designed for the preparation and manufacture of various types of advertising on cutting plotters and printers.
An app bundle has some benefits over the zipped jnlp: 1. It's more familiar to Mac users, 2. It displays the application icon, and 3. There is no need to re-sign it when the jnlp file evolves. – Nov 3 '16 at 16:22| In the latest OSX releases, Apple has changed it's security model to only support applications from the Mac App Store and identified developers. In most cases, this prohibits jnlp/java-web-start applications from launching.
If this is a trusted application, you may override these settings by updating your system settings as follows: System Preferences -> Security & Privacy -> (Unlock Window) -> Allow apps downloaded from: (Select Anywhere) In some cases you may need to update your Java Security preferences too System Preferences -> Java -> Security -> (Select Medium) Be careful when adjusting these. These settings will open you up to popular attack vectors where an attacker can exploit vulnerabilities within the java runtime (Java 0 days).
Answered Jan 4 '14 at 14:26 8,888 1 10 21| Here is a related post. It doesn't appear to be possible to bypass the security, Allow All, workaround. From Apple Tech Support in the post above. Unidentified developer' means a source other than the Mac App Store or a Developer ID-identified developer.
Note that Java applets cannot participate in the Developer ID program. I am considering building a native app and use a custom web protocol instead similar to skype where you see skype:// in the URI. It doesn't seem like Apple will change their stance on java applets in the near future. It will most likely become more restricted and eventually just disabled like flash on iOS. Answered Nov 5 '13 at 14:28 59 2 Thank you for the link, I wasn't aware of the issue with applets. – Nov 5 '13 at 20:17 It is possible to bypass it in 10.10 (see my answer). – Feb 13 '15 at 0:58| The answers to address this question, just ignore the 'dynamic' aspect.