I have a Java applet which is using the Apache commons.net API for FTP. I initially ran the applet without signing it, and it threw a
SocketException : Software caused connection abort
I looked this up online and found that my firewall was blocking my applet. So, to confirm this, I disabled my firewall and ran the applet. It worked fine.
Then, I followed the instructions given in another site to self-sign the applet using nnetbeans:
Project Properties -> Enable Web start -> Self-sign using generated key
Still, the same error persists. I can't find anything that explains this particular error.
Related
I'm now stuck with a HTTPS/SSL issue. I'm developing on Windows 10 / Java 8 v121 on Codename One.
When I tried to call a HTTP (without SSL) connection, I get rejected with a reference to [https://www.codenameone.com/blog/ios-http-urls.html]. I don't think the call even hit the server. I tried to include the "build hint" in my codenameone_settings.properties file but to no avail.
Next, I tried to use self-signed certificate and it generated a "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" exception. So, I thought the error was caused because my certificate was self-signed, but it wasn't...
Then I got a free certificate from [https://www.sslforfree.com/] and it is still causing the SAME exception message. However, this cerficate works fine with my Firefox browser. I'm also using Simple DNS Plus (for Windows) for the signed certificate domain name tested to work correctly in my Firefox browser (ie. correctly hit the server with no Insecure Connection message).
I'd like to understand how to:-
Get the "build hint" to work for iOS (in the Codename One simulator) so it calls http (without ssl) connections.
How to resolve the Java exception.
Thanks!
Just use http URL during the development stage and when you are ready to publish, buy a genuine SSL certificate and change the http to https. It's for your own good, as unencrypted Webservice call will make your app vulnerable to a man-in-middle attack.
To make your http work on iOS during dev stage, add this build hint:
ios.plistInject=<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict><key>CFBundleURLTypes</key><array><dict><key>CFBundleURLName</key><string>com.mycompany.myapp</string></dict><dict><key>CFBundleURLSchemes</key><array><string>MyApp</string></array></dict></array>
There was a similar question previously which I answered here.
We are upgrading to Oracle Forms 11gR2. After the upgrade when I open my application in Development its giving me the security warning:
"Do you want to Run this application". Publisher : Unknown.
I explored and found we have to get a signed Certificate from CA (which I believe will cost money). I tried a self-signed certificate but still it's showing the warning message. Can anybody share the steps to get and import self-signed certificate for my Application?
I know only the Development URL and having admin rights. I don't have any source code for JAR.
Java checks from a certain version (I think 1.7 u21) if everything it needs to run that is not local is secure. This mean it needs a valid certificate and not a self signed version.
If however you still want to run your java applet without the signing or a self signed version you can make exceptions in the java control panel in the security tab, there you've got a button edit site list...
If you add here the url you start fe: http://localhost:8888/forms/frmservlet?config=webutil then you can start the forms. You still need to say everything is ok to run it and not block it. But it will work.
If you're using self-signed certificate, then you can import the certificate to java and that would solve the issue.
another way is to change the java.policy file.
I am working in bigbluebutton 0.8.1. I had setup the development environment in my local(ubuntu 10.04) and desktop sharing is working fine.
Later i created new bbb-desktop-applet jar, using the url https://code.google.com/p/bigbluebutton/wiki/081DevelopingBigBlueButton#Developing_Deskshare. And then moved the newly created jar to this location var/www/bigbluebutton/client in ubuntu machine and then restarted the server. I can able to create and join the room, but not able to share my desktop, getting below error. Already I added the url in exception site list in java control panel but still it is not working.i stuck up with this issue.
I'm one of the developers of BigBlueButton.
You need to sign the modified desktop sharing jar file with a valid code signing certificate (not a self-signed certificate); otherwise, the browser will give you a very strong warning (such as the above) that warns the user they are trying to run an untrusted applet.
This is not a security issue with BigBlueButton; rather, it's the absence of a valid certificate signature with your modified desktop sharing applet.
Regards,... Fred
Hope you are doing well.I know there are many answers alike to the issue that i am going to ask but still no one seems to help.
Please help!!!
Issue:-
I am trying to connect to a secure website(HTTPS) using WebScarab, so that i can capture the traffic.Http is working fine for me.
For this i am using WebScarab as a proxy.
'client.getHostConfiguration().setProxy("127.0.0.1", 8008);'
but everytime i gets an exception (
SunCertPathBuilderException
) as stated above.
I have tried adding the website certificate to the Java using Keytool utility also.
I then added a proxy (reverse) entry in WebScarab (127.0.0.1 , 443) and changed the program to use it as a proxy server.
'client.getHostConfiguration().setProxy("127.0.0.1", 443);'
Then i got the following exception :-
org.apache.commons.httpclient.ProtocolException: The server stbeehive.oracle.com failed to respond with a valid HTTP response.
I also tried creating a .p12 certificate (for the website which i want to connect to) and importing it to WebScarab.
But inspite of all these methods i am not able to get the proper response.
I am using WebScarab as a proxy for firefox to capture its traffic and it is working fine (for both http and https).
Please help me as i have run out of ideas now :(
Are you using WebScarab or WebScarab-NG?
Please try WebScarab "classic", rather than the -NG variant. NG was a failed experiment, and no real effort was put into validating the client-side certificate functionality.
Also, what version of Java are you using, what operating system, 32 bit or 64-bit, etc, etc
Regards,
Rogan
I have an applet running in jnlp. My single jar file is signed. I accept the permissions prompt each time the JNLP client is launched. I can obtain the BasicService but it still throws a url permission denied exception when I try to follow a URI:
file:///D:\temp\test.txt
The file is present on all the Windows client machines I've tried and there are no security issues with opening it.
The issue happens when using a 32 or 64-bit JRE on the client. The server is 32-bit but I would think this irrelevant. The only clue (or red-herring perhaps) is that I get no security exception when the client and server are on the same host. If I use a remote client then I get the exception.
Whilst I needed to include the jnlp.jar file to compile the code, I assume it is not needed on the client if run using Java WebStart.
What else might you need to know? What else should I try?
Later that day...
Now this may or may not be a bug, it may be something wrong with the parameters in my jnlp file but I suspect that I'm using the wrong approach. Just to reitterate I'm trying to open a file:// url.
Here is what I am now doing:
I assumed that the Desktop facilities were only available in a Desktop Application - not an applet. I was wrong (and the documentation is scant - even on this hallowed site the only reference tells me to use JNLP Services for an Applet and Desktop for an Application) - Wrong (thankfully)
So you can use Desktop (having first checked that Desktop.isDesktopSupported() of course) in an applet - as long as you are running through WebStart not embedded as an applet.
I would propose the following approach to anyone.
See if Desktop is supported and use that.
Desktop.getDesktop().open(file);
If not then see if you can get the Basic JNLP Service.
BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
and if that is available the use it with boolean openedOK = bs.showDocument(url);
Finally resort to the applet API.
AppletContext context = applet.getAppletContext();
context.showDocument(url, targetFrame);