tags:

views:

504

answers:

2
+4  Q: 

How to suppress the keystore password prompt when using Java Webstart with client auth?

Is there a way to suppress the password prompt when using Java Webstart with a https server that uses client authentication? I would like to do this, because the webstarted app runs on a touch screen device that got no keyboard and runs in a kiosk mode. Therefore it would be sufficient to either remove the password from the keystore or to store it somewhere, maybe in the desktop shortcut that starts the app.

I already tried to attach a JVM Parameter to the shortcut like this, but it doesn't work:

javaws -J-Djavax.net.ssl.keyStorePassword=mypass https://...

I also found out, when I activate the "use browser keystore"-option in the Java Control Panel and add the certificate to it, I can cancel the password prompt and still connect successfully. It seems like only the Java-Keystore asks for a password and Internet-Explorer's doesn't.

+1  A: 

Hi,

You try to use a custom KeystoreProvider implementation. It is not that hard to create and I assume that you could override the need for the password. You will need to customize the security.properties of the JRE that is used to launch the webstart application.

Although in your case ... is there a reason why you don't want to use the browser keystore ? In that case you don't have a problem.

David

David Nouls  2009-11-27 19:47:51
I'll definitely take a look at the custom KeystoreProvide, thanks. The reason, why the browser's keystore doesn't solve my problem is this: When I use the browser's keystore, I still have to cancel the password dialog for the JVM Keystore. Beside this, the clients may be Linux installations and I haven't figured out, how the browser's keystore works there.
Tim Büthe  2009-11-30 10:08:45
We used to use client authentication in our HTTPS commmunication but it seems that SUN is introducing new bugs with every release that we decide to stop using it. The latest 1.6 releases have a complete new Java Plugin (well you can even chose the version) with brand new regression bugs. It looks like client authentication is not very high on the list at SUN.
David Nouls  2009-12-01 08:02:36
A: 

I think the issue is with the Certificate Authority (CA)! If your webstart app is signed with a certificate approved by a CA already part of the JVM list of CA (Verisign, Thawte, ...) no password needed to add the app key to the local keystore.
So, if you want you can store manually in the Java default keystore your own Certificate Authority (will require a password once), and then sign you jars with a certificate issued from this private CA.
I don't know which JVM you use on your device (I had some issue with IBM JDK doing the above trick), but it should work!

Fred Simon  2009-12-06 17:30:24
I think you got that wrong. We talk about client authentication here. The server tells the javaws client, that a certificate is needed to authenticate. Then, the client wants to access the keystore, to look for a cert, that can be used for the server.
Tim Büthe  2009-12-07 09:27:16
Ha OK! It's a two way cert needed, sorry.
Fred Simon  2009-12-16 10:32:05

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java