views:

786

answers:

6

Some phones only prompt the user for permission the first time a connection is made. Others pop up the permission prompt whenever the MIDlet attempts to make a HTTP connection! What are the options if we want to suppress the prompt?

Can we sign the JAR using only one CA (Certificate Authority) and have it work on all devices? Do we have to pay for a signature on every release?

Is it an option to create our own CA certificate and tell our customers to install it on there device?

Alternatively, it seems that plain socket connections do not suffer so. Is there a free implementation of HTTP on top of TCP for J2ME?

A: 

To suppress the HTTP connection prompt, signing an app is the only option. Another would be to get preload on a pre-market phone, but even the handset manufacturers require signed jad/jars.

Making a set of jad/jar work on different devices is not dependent on signing but how you design an app. If you can address this then yes, you can have one signed jad/jar work on multiple devices.

I do not know about creating our own certs and asking customers to install them. I dont think it works as I dont think it is possible.

HTTP over TCP is a fairly easy implementation, provided you know what you are doing, but I dont know of any free implementations of it.

omermuhammed
+3  A: 

Some phones allow you to change the setting manually to set once per session. Or try adding

MIDlet-Permissions: javax.microedition.io.connector.http

to the jad file.

Yes, if the build is signed with the root certificate that is available on most devices, Verisign Class 3 certificate, for example

As a security measure, devices don't allow you to install your own certificates, even if it is obtained from a CA.

Plain socket connections may add overhead in processing of the data in the client side. Also some security issues are also involved.

Ram
Thanks for the suggestion. I tried the permission, no luck. Maybe one day the iPhone will have more than 5% market share and we don't have to worry about this J2ME nonsense anymore.
Hans Malherbe
+1  A: 

Signing the JAR is not guaranteed to suppress these prompts on all handsets and all networks. It may work on some. AFAIK you usually need to sign per build; so if you use the same build on many handsets, you need to sign only once.

You could write your own implementation of HTTP over sockets, but beware that Socket implementations do not allow access to ports 80 and 8080 (again AFAIK).

Your best option when experiencing multiple prompts for HTTP is to direct the user to the MIDlet permissions setting in their handset menu; this should be changed to "ask once".

HTH, funkybro

funkybro
A: 

Get it Java Verified and you will find that on all networks and phones - the user will get prompted only once each time they start the app to authorise a connection.

Grouchal
+1  A: 

Java Verifieds UTI root certificate is not on all handsets/network combinations, the same is true for other domains in the trusted third party such as Verisign and Thawte (for these bodies in particular Motorola devices)

It is fair to say that the UTI certificate is probably the one to choose to give you the most coverage across handsets

kgutteridge
+1  A: 

Following link may of some help:1

Kacim Ali Khawaja
Good link, it's about signing and it's for dummies. I'll try it out.
Hans Malherbe