tags:

views:

786

answers:

6
+2  Q: 

J2ME's extra annoying HTTP permission prompt

Some phones only prompt the user for permission the first time a connection is made. Others pop up the permission prompt whenever the MIDlet attempts to make a HTTP connection! What are the options if we want to suppress the prompt?

Can we sign the JAR using only one CA (Certificate Authority) and have it work on all devices? Do we have to pay for a signature on every release?

Is it an option to create our own CA certificate and tell our customers to install it on there device?

Alternatively, it seems that plain socket connections do not suffer so. Is there a free implementation of HTTP on top of TCP for J2ME?

A: 

To suppress the HTTP connection prompt, signing an app is the only option. Another would be to get preload on a pre-market phone, but even the handset manufacturers require signed jad/jars.

Making a set of jad/jar work on different devices is not dependent on signing but how you design an app. If you can address this then yes, you can have one signed jad/jar work on multiple devices.

I do not know about creating our own certs and asking customers to install them. I dont think it works as I dont think it is possible.

HTTP over TCP is a fairly easy implementation, provided you know what you are doing, but I dont know of any free implementations of it.

omermuhammed  2009-06-21 00:22:50
+3  A: 

Some phones allow you to change the setting manually to set once per session. Or try adding

MIDlet-Permissions: javax.microedition.io.connector.http

to the jad file.

Yes, if the build is signed with the root certificate that is available on most devices, Verisign Class 3 certificate, for example

As a security measure, devices don't allow you to install your own certificates, even if it is obtained from a CA.

Plain socket connections may add overhead in processing of the data in the client side. Also some security issues are also involved.

Ram  2009-06-22 06:41:15
Thanks for the suggestion. I tried the permission, no luck. Maybe one day the iPhone will have more than 5% market share and we don't have to worry about this J2ME nonsense anymore.
Hans Malherbe  2009-06-22 18:31:21
+1  A: 

Signing the JAR is not guaranteed to suppress these prompts on all handsets and all networks. It may work on some. AFAIK you usually need to sign per build; so if you use the same build on many handsets, you need to sign only once.

You could write your own implementation of HTTP over sockets, but beware that Socket implementations do not allow access to ports 80 and 8080 (again AFAIK).

Your best option when experiencing multiple prompts for HTTP is to direct the user to the MIDlet permissions setting in their handset menu; this should be changed to "ask once".

HTH, funkybro

funkybro  2009-06-22 12:42:10
A: 

Get it Java Verified and you will find that on all networks and phones - the user will get prompted only once each time they start the app to authorise a connection.

Grouchal  2009-06-24 19:37:14
+1  A: 

Java Verifieds UTI root certificate is not on all handsets/network combinations, the same is true for other domains in the trusted third party such as Verisign and Thawte (for these bodies in particular Motorola devices)

It is fair to say that the UTI certificate is probably the one to choose to give you the most coverage across handsets

kgutteridge  2009-07-03 16:21:12
+1  A: 

Following link may of some help:1

Kacim Ali Khawaja  2010-05-30 18:28:00
Good link, it's about signing and it's for dummies. I'll try it out.
Hans Malherbe  2010-06-06 04:23:46

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.