Issues with unsigned commons-httpclient.jar

Questions, answers, tips and ideas on Servoy Client

Issues with unsigned commons-httpclient.jar

Postby alb » Tue Apr 20, 2010 4:16 am

Running smartclient on a PC with JRE 6u15 (ie NOT 6u19 with the security issues).
Also tried on JRE 5u15 and 6u17.

When I try to start the SC I get the following message:

An error occurred while launching/running the application.

Title: Servoy Client - servoy-client
Vendor: Servoy
Category: Security Error

Unsigned application requesting unrestricted access to system
Unsigned resource: https://server.com:443/lib/commons-httpclient.jar


Now as far as I know commons-httpclient.jar is a built-in (servoy) jar file? (please correct me if I am wrong)
I certainly dont recall having installed it separately.
I know about the issues with unsigned jars in later JRE - but why am I seeing this in earlier versions?

Should I follow the 'signing' routines identified in other posts related to 6u19 - or is this a different issue?

Thanks
Al
alb
 
Posts: 148
Joined: Sun Aug 13, 2006 4:40 am

Re: Issues with unsigned commons-httpclient.jar

Postby ptalbot » Tue Apr 20, 2010 5:23 am

The problem is that your client is still using the cached (unsigned) version of the plugin.
To force it to use a new version you will have to open the http.jar.jnlp with a text editor, and change this:
Code: Select all

     <jar href="/lib/commons-httpclient.jar" download="%%loadmethod%%" part="httpclient" version="3.0"/>
      <jar href="/lib/commons-codec.jar" download="%%loadmethod%%" part="codec" version="1.3"/>


by that:
Code: Select all
      <jar href="/lib/commons-httpclient.jar" download="%%loadmethod%%" part="httpclient" version="%%version%%"/>
      <jar href="/lib/commons-codec.jar" download="%%loadmethod%%" part="codec" version="%%version%%"/>


The %%version%% here is important! It will be replaced by Servoy with a new version number, and only then your client will see that there is a new one and will download the signed version instead of using the one he has.

Servoy knows about this issue and they will most certainly correct this in next version.
In the meantime, I will advise everyone to check all the jnlp files and replace any fixed version number with %%version%% to avoid anymore problems with other libs.
Patrick Talbot
Freelance - Open Source - Servoy Valued Professional
https://www.servoyforge.net
Velocity rules! If you don't use it, you don't know what you're missing!
User avatar
ptalbot
 
Posts: 1654
Joined: Wed Mar 11, 2009 5:13 am
Location: Montreal, QC

Re: Issues with unsigned commons-httpclient.jar

Postby Harjo » Tue Apr 20, 2010 10:08 am

Hi Patrick,

in your latest version of the browsersuite we also still see some fixed version numbers...
should't this be fixed/changed than also?
Harjo Kompagnie
ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
Harjo
 
Posts: 4321
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: Issues with unsigned commons-httpclient.jar

Postby jcompagner » Tue Apr 20, 2010 10:33 am

with the next release of 5 this is fixed in servoy itself, for all jnlp files that servoy serves to the client
we will rewrite the jnlp file so that they are correct and updatable.
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8829
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Issues with unsigned commons-httpclient.jar

Postby ptalbot » Tue Apr 20, 2010 2:36 pm

Harjo wrote:Hi Patrick,

in your latest version of the browsersuite we also still see some fixed version numbers...
should't this be fixed/changed than also?

Hi Harjo,
I know, I will update the BrowserSuite and all the plugins and beans I made as soon as I have the trusted certificate that I have requested, expect this within a day or two.
I will also update the number in the jnlp so that you will not have to do that yourself.
Patrick Talbot
Freelance - Open Source - Servoy Valued Professional
https://www.servoyforge.net
Velocity rules! If you don't use it, you don't know what you're missing!
User avatar
ptalbot
 
Posts: 1654
Joined: Wed Mar 11, 2009 5:13 am
Location: Montreal, QC

Re: Issues with unsigned commons-httpclient.jar

Postby chico » Wed Apr 21, 2010 6:36 pm

So what do I do if I'm getting this error on a plugin that does not have a .jnlp file?

We're on 4.1 and Windows 7
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
chico
 
Posts: 271
Joined: Tue Nov 20, 2007 6:34 am

Re: Issues with unsigned commons-httpclient.jar

Postby jcompagner » Wed Apr 21, 2010 10:53 pm

what error do you exactly get?

You just have a signed plugin.jar that doesnt need other jar files so it doesnt have a jnlp?
Then it should work fine, servoy will generate a jnlp for you, but the jar file must be signed.
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8829
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Issues with unsigned commons-httpclient.jar

Postby chico » Wed Apr 21, 2010 11:21 pm

I get the same error...

Unsigned application requesting unrestricted access to system

and then it lists the plugin or bean.

So how do I "sign" a bean?
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
chico
 
Posts: 271
Joined: Tue Nov 20, 2007 6:34 am

Re: Issues with unsigned commons-httpclient.jar

Postby jcompagner » Wed Apr 21, 2010 11:34 pm

Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8829
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Issues with unsigned commons-httpclient.jar

Postby pbakker » Thu Apr 22, 2010 10:20 am

Look here for a comprehensive guide to signing unsigned libraries:
http://wiki.servoy.com/x/SpV7

Paul
pbakker
 
Posts: 2822
Joined: Wed Oct 01, 2003 8:12 pm
Location: Amsterdam, the Netherlands

Re: Issues with unsigned commons-httpclient.jar

Postby chico » Fri Apr 30, 2010 8:37 pm

Hello All,

So we've had quite the day moving our server to 4.1.6 in order to handle the issue with Java's new update. At this point, clearing the user's java cache usually does the trick, but we've come across an issue with a Mac User on 10.4... PowerPC... they can't launch the smart client. They get an error at launch.

See image attached.

java_error.jpg
java_error.jpg (300.39 KiB) Viewed 10568 times


So are we in a touch spot here? Anyone have any ideas to get this client rolling today?

Keep in mind that we have cleared the users Java cache,
We've tried updating to the newest Java (it appears Java 5 is the highest it will go in 10.4)

Thanks,

Chico
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
chico
 
Posts: 271
Joined: Tue Nov 20, 2007 6:34 am

Re: Issues with unsigned commons-httpclient.jar

Postby ptalbot » Fri Apr 30, 2010 9:02 pm

If you go to the 'Launch File' tab, you should see which jnlp is the offender, once you get that, check the codebase attribute of the jnlp node in that file, it seems that it contains 2 "%%serverURL%%" value.
Patrick Talbot
Freelance - Open Source - Servoy Valued Professional
https://www.servoyforge.net
Velocity rules! If you don't use it, you don't know what you're missing!
User avatar
ptalbot
 
Posts: 1654
Joined: Wed Mar 11, 2009 5:13 am
Location: Montreal, QC

Re: Issues with unsigned commons-httpclient.jar

Postby ROCLASI » Fri Apr 30, 2010 9:02 pm

It's not really visible in the screenshot but the error is:
Code: Select all
The field <jnlp>codebase has an invalid value: %%serverURL%%

Which is in the jnlp of the core-common.jar. An component of the IT2Be Data plug-in (2.6-50)

Hope this helps you to get a better answer.


Edit: I guess the error was visible after all, just that when you click on it the scrollbars are gone and not all of the image is visible.
Robert Ivens
SAN Developer / Servoy Valued Professional / Servoy Certified Developer

ROCLASI Software Solutions / JBS Group, Partner
Mastodon: @roclasi
--
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
User avatar
ROCLASI
Servoy Expert
 
Posts: 5438
Joined: Thu Oct 02, 2003 9:49 am
Location: Netherlands/Belgium

Re: Issues with unsigned commons-httpclient.jar

Postby chico » Fri Apr 30, 2010 9:23 pm

So this is an it2be issue? Marcel are you lurking around? :)
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
chico
 
Posts: 271
Joined: Tue Nov 20, 2007 6:34 am

Re: Issues with unsigned commons-httpclient.jar

Postby jcompagner » Mon May 03, 2010 11:11 am

we do replace %%serverURL%% in the jnlp files. You shouldnt really get that one
But it could be that marcel has an extension jnlp file that is targetted like: /plugins/somejardir/some3thpartyjnlp.jnlp

And in those jnlp files we cant replace %%serverURL%% because that doesnt go through our servlet. (its a direct file access from the server)

The url of that jnlp file should be:

/servoy-client/plugins/somejardir/some3thpartyjnlp.jnlp

Then it will be parsed by us

In the next version of servoy (5.1.3) we will generate that all for you so that it will always be corrected on the server side.
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8829
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Next

Return to Servoy Client

Who is online

Users browsing this forum: No registered users and 9 guests