问题
I am getting the following error while loading a java applet on JRE 1.7u45.
java.lang.SecurityException: com.sun.deploy.net.JARSigningException:
Found unsigned entry in resource #name of the applet#
at com.sun.deploy.cache.CacheEntry.getJarFile(Unknown Source)
at com.sun.deploy.model.ResourceProvider.getCachedJarFile(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
This applet indeed contains one unsigned entry. However I cannot get this entry signed immediately because of third party technical issues.
The same applet worked fine on JRE 1.7u40, but apparently there has been some change in JRE 1.7u45 adding some additional security features.
I tried to reduce the security level in Java to medium. This works on MAC but unfortunately does not work on windows.
Any suggestions/workaround to get the applet to work would be greatly appreciated!
回答1:
You have to disable the java temporary files
In windows:
- control panel
- java
- General Tab
- Temporary Internet File
- Settings button
- List item
- New Dialog : Temporary Files Settings dialog
- disable the option : keep temporary files on my computer.
回答2:
To work around this, I just disabled Java cache on endpoint machine and the applet started working fine.
回答3:
If you are using libraries that are already compiled and packaged into JARs, and signed by the author, you do not have to worry about signing them. But say, you've used someone else's source code (open source hopefully) and have compiled it on your own machine, you must remove the existing signature and re-sign that package. If you are using Java applets, they must be signed now, unless you enjoy a mountain of pain.
Now, this also applies to the packaged libraries within your packaged jar. If they have already been signed, leave them alone. But if you must sign them, make sure you remove any existing certificates from the JAR file before you do so, the same way as your main applet.
Additional information that may help: Your MANIFEST.mf file in all JARs must contain entries for the the properties, as shown in the example below:
Application-Library-Allowable-Codebase: *
Permissions: all-permissions
Caller-Allowable-Codebase: *
Codebase: *
Application-Name: POSInterface
TIP
If you're deploying a bunch of applets to a web application, I like to automate this whole process of modifying the manifest and code-signing with a batch file and text file containing the above properties that need to be in the manifest.mf file, named addToManifest.txt. Here is an example of how it's done:
@ECHO off
ECHO Changing manifest files for all...
jar ufm Applet_RFID.jar addToManifest.txt
jar ufm FingerPrintReader.jar addToManifest.txt
jar ufm jzebra.jar addToManifest.txt
jar ufm POSInterface.jar addToManifest.txt
jar ufm lib\access-bridge-32.jar addToManifest.txt
jar ufm lib\addToManifest.txt addToManifest.txt
jar ufm lib\dnsns.jar addToManifest.txt
jar ufm lib\dpuareu.jar addToManifest.txt
jar ufm lib\epsonupos.admin.jar addToManifest.txt
jar ufm lib\epsonupos.core.v1.13.0001.jar addToManifest.txt
jar ufm lib\epsonupos.H2000.jar addToManifest.txt
jar ufm lib\epsonupos.H6000IV.jar addToManifest.txt
jar ufm lib\epsonupos.jar addToManifest.txt
jar ufm lib\epsonupos.T20.jar addToManifest.txt
jar ufm lib\epsonupos.T81.jar addToManifest.txt
jar ufm lib\epsonupos.T81II.jar addToManifest.txt
jar ufm lib\epsonupos.T82.jar addToManifest.txt
jar ufm lib\epsonupos.T88V.jar addToManifest.txt
jar ufm lib\epsonupos.trace.jar addToManifest.txt
jar ufm lib\HWHydraSO.jar addToManifest.txt
jar ufm lib\jaccess.jar addToManifest.txt
jar ufm lib\jcl_editor.jar addToManifest.txt
jar ufm lib\jpos113-controls.jar addToManifest.txt
jar ufm lib\jpos113.jar addToManifest.txt
jar ufm lib\jssc_qz.jar addToManifest.txt
jar ufm lib\localedata.jar addToManifest.txt
jar ufm lib\plugin.jar addToManifest.txt
jar ufm lib\pos.jar addToManifest.txt
jar ufm lib\pos.v3.0001.jar addToManifest.txt
jar ufm lib\stario.jar addToManifest.txt
jar ufm lib\starjavapos.jar addToManifest.txt
jar ufm lib\sunec.jar addToManifest.txt
jar ufm lib\sunjce_provider.jar addToManifest.txt
jar ufm lib\sunmscapi.jar addToManifest.txt
jar ufm lib\sunpkcs11.jar addToManifest.txt
jar ufm lib\Symbol.RFID.API3.jar addToManifest.txt
jar ufm lib\uposcommon.core.v1.13.0001.jar addToManifest.txt
jar ufm lib\uposcommon.jar addToManifest.txt
jar ufm lib\xercesImpl.jar addToManifest.txt
jar ufm lib\xml-apis.jar addToManifest.txt
jar ufm lib\zipfs.jar addToManifest.txt
ECHO All JAR manifest have been altered.
PAUSE
ECHO Signing all Applets...
jarsigner Applet_RFID.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner FingerPrintReader.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner jzebra.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner POSInterface.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\access-bridge-32.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\-keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\dnsns.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\dpuareu.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.admin.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.core.v1.13.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.H2000.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.H6000IV.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T20.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T81.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T81II.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T82.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T88V.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.trace.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\HWHydraSO.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jaccess.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jcl_editor.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jpos113-controls.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jpos113.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jssc_qz.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\localedata.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\plugin.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\pos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\pos.v3.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\stario.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\starjavapos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunec.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunjce_provider.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunmscapi.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunpkcs11.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\Symbol.RFID.API3.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\uposcommon.core.v1.13.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\uposcommon.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\xercesImpl.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\xml-apis.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\zipfs.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
ECHO All JAR files have been signed.
PAUSE
回答4:
I had a problem with Java Web Start, where some JAR files contained unsigned resources. I had to delete the unsigned resources from the JAR and then resign the JAR.
回答5:
I had to uninstall all versions of Java, reinstall the latest version, clear the prompts, then add the website it was having as a trusted site. After that, the Java app loaded fine.
回答6:
there is a simple solution that have just worked for me - unsign all jars.
Not the most elegant solution, since Oracle is trying to insist on signed code.
来源:https://stackoverflow.com/questions/19440841/jre-1-7u45-unable-to-load-an-applet-containing-some-unsigned-entries