users@glassfish.java.net

RE: [Java Web Start] GFv3+Eclipse : Build problems

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Tue, 18 May 2010 14:36:03 -0400

it seems your alias is incorrect so if you list aliases for your keystore file
keytool -list -keystore *.crt -storepass my-keystore-password


then correct alias attributes of the provider to the alias listed by keytool

1)determine the referred provider in domain.xml..here is mine for example
          <provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
            <request-policy auth-source="content" />
            <response-policy auth-source="content" />
            <property name="encryption.key.alias" value="fubar" />
            <property name="signature.key.alias" value="fubar" />
            <property name="dynamic.username.password" value="false" />
            <property name="debug" value="false" />
            <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" />
          </provider-config>

//and the listing for security.config would contain:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
    <xwss:Timestamp/>
    <xwss:Encrypt>
        <xwss:X509Token certificateAlias="fubar"/>
        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
    </xwss:Encrypt>

--confirm the keystore algorithm is correct is the same as the supplied alias from the security.config property file

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




> Date: Tue, 18 May 2010 10:56:50 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: [Java Web Start] GFv3+Eclipse : Build problems
>
> Oops, out of bounds... Here is the last part of my previous post :
>
> ONFIDENTIAL. Use is subject to license terms.
> --&gt;
> &lt;!--
> This client side config file pairs with wss-server-config-1.0.xml on the server
> and supports the following UseCases:
> Usecase 1: Authentication by Protected UsernameToken
> Usecase 3: Encrypted UsernameToken and MessageBody
> Usecase 4: Response Encryption Key Learnt from Incoming Message
>
> Certificate Alias Information :
> 1. A certificateAlias under the &lt;xwss:Encrypt&gt; element signifies the certificate
> of the recipient of the message.
> 2. A certificateAlias under the &lt;xwss:Sign&gt; element signifies the certificate of the
> sender.
>
> NOTE:
>
> 1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
> 2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
> RequireEncryption elements. Which of them would be actually used at runtime will depend on
> the AuthPolicy passed to the module.
>
> For Example : if Auth-Source=Sender then only the &lt;xwss:UsernameToken&gt; elements will be used
> and none of the &lt;xwss:Sign&gt; elements will be used.
> If Auth-Source=Content then the &lt;xwss:Sign&gt; element will be used
>
> 3. The different variations of &lt;xwss:Encrypt&gt; elements in this configuration file are to accomodate
> default encryption of the UsernameToken.
>
> 4. The actual certificate alias to be used for any Signature operation can be modified during AuthModule
> initialization by setting the alias as the value of &quot;signature.key.alias&quot; property in the Module Options Map.
> 5. The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
> initialization by settin
> jnlp file truncated after 10K
>
> ----------
> Exception :
> com.sun.deploy.net.JARSigningException: Détection d'une entrée non signée dans la ressource : file:/D:/gf301b18/glassfishv3/glassfish/domains/domain1/generated/xml/OnlyWebStart/OnlyWebStartClient_jar/OnlyWebStartClient.jar
> at com.sun.javaws.security.SigningInfo.getCommonCodeSignersForJar(Unknown Source)
> at com.sun.javaws.security.SigningInfo.check(Unknown Source)
> at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
> at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
> at com.sun.javaws.Launcher.prepareResources(Unknown Source)
> at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
> at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
> at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
> at com.sun.javaws.Launcher.launch(Unknown Source)
> at com.sun.javaws.Main.launchApp(Unknown Source)
> at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
> at com.sun.javaws.Main$1.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
>
>
> ----------
> Console :
> #### Java Web Start Error:
> #### Détection d'une entrée non signée dans la ressource : file:/D:/gf301b18/glassfishv3/glassfish/domains/domain1/generated/xml/OnlyWebStart/OnlyWebStartClient_jar/OnlyWebStartClient.jar
>
> (translation : unsigned content)
>
> So I'm absolutely unable to start the Main.
>
> I've tried to clear javaws cache (javaws -uninstall), but nothing different occured.
>
> Thanks a lot
> [Message sent by forum member 'laps']
>
> http://forums.java.net/jive/thread.jspa?messageID=470316
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
                                               
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.