Java Web Star java.lang.NullPointerException (JnlpxArgs.execProgram)

泄露秘密 提交于 2020-01-16 08:48:13

问题


I have a JNLP file which is generated by a servlet dynamically . The JNLP generated is:

<jnlp spec="6.0+"  href="launch?param1=Hooolas">
      <information>
        <title>JSGD</title>
        <vendor>evconsul</vendor>
        <homepage href=""/>
        <description>JSGD</description>
        <description kind="short">JSGD</description>
        <offline-allowed/>
      </information>
      <update check="background"/>
      <security>
        <all-permissions/>
      </security>
      <resources>
        <j2se version="1.8+"/>
        <jar href="http://192.168.0.17:8080/Secu/huella/JSGD.jar" main="true"/>
      </resources>
      <application-desc main-class="jsgd.JSGD">
        <argument>Hooolas</argument>
      </application-desc>
    </jnlp>

The error in a client machine:

java.lang.NullPointerException
    at com.sun.javaws.JnlpxArgs.execProgram(Unknown Source)
    at com.sun.javaws.Launcher.relaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Missing Application-Name manifest attribute for: http://192.168.0.17:8080/Secu/huella/JSGD.jar
#### Java Web Start Error:
#### null

I have packed all libraries in one jar called JSGD.jar its struct is:

JSGD.jar
        -jsgd
        -META-INF
        -org
        -SecugenLib

The URL of my jar is: http://192.168.0.17:8080/Secu/huella/JSGD.jar

I have packed my app via on Netbeans 8.1 Files->/buil.xml right click Run Target->Other Targets->package-for-store. This generates a jar inside in Store folder. This jar has the struct described above.

In my machine runs ok(when codebase attribute is: codebase="http://localhost:8080/Secu/" of course! ). What would be the problem? JRE version 1.7.0_79-b15(Client Machine) I use Netbeans 8.1

DETAILS:

I have overwritten build.xml adding the next lines; to pack all classes in one jar:

    <target name="package-for-store" depends="jar">  
         <!-- Cambien el valor de esta propiedad para dar el nombre al JAR,  
            sin la extensión .jar. No debe tener espacios.  
            <property name="store.jar.name" value="NombreDelJar"/>  
         -->  
         <property name="store.jar.name" value="JSGD"/>  
         <!-- No editar nada después de esta línea -->  
         <property name="store.dir" value="store"/>  
         <property name="store.jar" value="${store.dir}/${store.jar.name}.jar"/>  
         <echo message="Packaging ${application.title} into a single JAR at ${store.jar}"/>  
         <delete dir="${store.dir}"/>  
         <mkdir dir="${store.dir}"/>  
         <jar destfile="${store.dir}/temp_final.jar" filesetmanifest="skip">  
           <zipgroupfileset dir="dist" includes="*.jar"/>  
           <zipgroupfileset dir="dist/lib" includes="*.jar"/>  
 <manifest>  
         <attribute name="Main-Class" value="${main.class}"/>
         <attribute name="Application-Name" value="JSGD"/>
         <attribute name="Trusted-Only" value="true"/>
         <attribute name="Permissions" value="sandbox"/>
         <attribute name="Codebase" 
         value="http://192.168.0.17 http://localhost"/>
      </manifest>  
         </jar>  
         <zip destfile="${store.jar}">  
           <zipfileset src="${store.dir}/temp_final.jar"  
           excludes="META-INF/*.SF, META-INF/*.DSA, META-INF/*.RSA"/>  
         </zip>  
         <delete file="${store.dir}/temp_final.jar"/>  
       </target>

Update

Following the advices from @mosquito-x, seems the thing goes better, but Java 7(I'm trying in jre-8u91 too) block it. The message is:

 Application Blocked by Java Security.
    Name: JSGD
    From: http://192.168.0.17
    Reason: The Java Security Settings have this application from running. You may  change this behavior in Java Control Panel.

In Java control panel Site list. I have added these sites:

http://192.168.0.17:8080
http://192.168.0.17:8080/Secu
http://192.168.0.17:8080/Secu/huella
http://192.168.0.17:8080/Secu/launch

Thanks in advance!


回答1:


  • The JNLP :
    a hardcoded codebase="http://192.168.0.17:8080/Secu/"
    will only work on localhost

  • cause java blocked

CAUSE

java blocked

Java has further enhanced security to make the user system less vulnerable to external exploits.
Starting with Java 7 Update 51, Java does not allow users to run applications that are not signed (unsigned), self-signed (not signed by trusted authority) or that are missing permission attributes. Risks involved in running applications Unsigned application

An application without a certificate (i.e. unsigned apps), or missing application Name and Publisher information are blocked by default. Running this kind of application is potentially unsafe and present higher level of risk. Self-signed application (Certificate not from trusted authority)

An application with self-signed certificate is blocked ............

Application-Name Attribute

Application-Name

The Application-Name attribute is used in security prompts to provide a title for your signed RIA. Use of this attribute is recommended to help users make the decision to trust and run the RIA. The value can be any valid string, for example:

Application-Name: Hello World

If the Application-Name attribute is not present in the JAR file manifest ............

Modifying a Manifest File

Modifying a Manifest File

You use the m command-line option to add custom information to the manifest during creation of a JAR file. This section describes the m option.

The Jar tool automatically puts a default manifest with the pathname META-INF/MANIFEST.MF into any JAR file you create. You can enable special JAR file functionality, such as package sealing, by modifying the default manifest. Typically, modifying the default manifest involves adding special-purpose headers to the manifest that allow the JAR file to perform a particular desired function.

To modify the manifest, you must first prepare a text file containing the information you wish to add to the manifest. You then use the Jar tool's m option to add the information in your file to the manifest. Warning: The text file from which you are creating the manifest must end with a new line or carriage return. The last line will not be parsed properly if it does not end with a new line or carriage return.

The basic command has this format:

jar cfm jar-file manifest-addition input-file(s)

Let's look at the options and arguments used in this command:

The c option indicates that you want to create a JAR file.
The m option indicates that you want to merge information from an existing file ...
The f option indicates that you want the output to go to a file (the JAR file) ...
manifest-addition is the name (or path and name) of the existing text file ....
jar-file is the name that you want the resulting JAR file to have.
The input-file(s) argument is a space-separated list of one or more files ....

example one of mine
MANIFEST.MF

Manifest-Version: 1.0 Ant-Version: Apache Ant 1.8.3 Main-Class: DataSummaryApplet Class-Path: lib/plugin.jar Application-Name: appJSN Trusted-Only: true Permissions: sandbox Created-By: 1.7.0_51-b13 (Oracle Corporation) Codebase: http://www.asitexx.com http://localhost

EDIT:
1.) Most IDE's who creates the jar file, uses a build.xml. The bad thing this file is always new created if you change something in the project.

You can test if you change :

<manifest>  
         <attribute name="Main-Class" value="${main.class}"/>  
</manifest>   

with (change to your needs)

<manifest>  
         <attribute name="Main-Class" value="${main.class}"/>
         <attribute name="Application-Name" value="whatever"/>
         <attribute name="Trusted-Only" value="true"/>
         <attribute name="Permissions" value="sandbox"/>
         <attribute name="Codebase" value="http://www.asitexx.com http://localhost"/>
</manifest>  

you can add domains to the codebase seperated by a blank

2.) Remove the code base from JNLP file it's not needed anymore

<jnlp spec="6.0+" codebase="http://192.168.0.17:8080/Secu/" href="launch?param1=Hooolas">

to

<jnlp spec="6.0+" href="launch?param1=Hooolas">

Hope it helps,
Thomas

Update from comments

You think that I should sign with a certificate?? and How do that?

that is not that easy and you have to be careful to do everything in the correct sequence.
Be careful:

Only pure .jar file use, that has all libs and even your self created MANIFEST.FM in it.

Test this, open the jar file must contain only except the libs plain text. No SHA-256-Digest or other parts like 7fnH8YhS5mkYtZoJqiWEI2bfSXSYd2alrKCEdvieyEketc.

Then you can with the next steps proceed.

only two links of many that may help you.

To Generate a Certificate by Using keytool

Signing JAR Files



来源:https://stackoverflow.com/questions/38356087/java-web-star-java-lang-nullpointerexception-jnlpxargs-execprogram

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!