【发布时间】:2013-12-27 23:22:11
【问题描述】:
由于我的 JDK 版本现在升级到 u45,我收到有关缺少安全信息的警告。所以我使用以下安全更新作为使用 webstart-maven-plugin 进行 webstart 签名的一部分
<plugin>
<groupId> org.codehaus.mojo</groupId>
<artifactId>webstart-maven-plugin</artifactId>
<version>1.0-beta-4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jnlp-inline</goal>
<!-- use jnlp, jnlp-inline or jnlp-single as appropriate -->
</goals>
</execution>
</executions>
<configuration>
<!--outputDirectory></outputDirectory -->
<!-- not required?? -->
<!-- Set to true to exclude all transitive dependencies. Default is
false. -->
<excludeTransitive>false</excludeTransitive>
<!-- The path where the libraries are stored within the jnlp structure.
not required. by default the libraries are within the working directory -->
<libPath>lib</libPath>
<!-- resourcesDirectory>${project.basedir}/src/main/jnlp/resources</resourcesDirectory -->
<!-- default value -->
<!-- JNLP generation -->
<jnlp>
<!-- default values -->
<!-- inputTemplateResourcePath>${project.basedir}</inputTemplateResourcePath -->
<!--inputTemplate>src/main/jnlp/template.vm</inputTemplate -->
<!-- relative to inputTemplateResourcePath -->
<outputFile>xxxx.template</outputFile>
<!-- defaults to launch.jnlp -->
<!-- used to automatically identify the jar containing the main class. -->
<!-- this is perhaps going to change -->
<mainClass>XXXXXX</mainClass>
</jnlp>
<!-- SIGNING -->
<!-- defining this will automatically sign the jar and its dependencies,
if necessary -->
<sign>
..................
</sign>
<!-- BUILDING PROCESS -->
<pack200>
<enabled>false</enabled>
</pack200>
<gzip>true</gzip>
<!-- default force when pack200 false, true when pack200 selected
?? -->
<!-- causes a version attribute to be output in each jar resource
element, optional, default is false -->
<outputJarVersions>true</outputJarVersions>
<!--install>false</install -->
<!-- not yet supported -->
<verbose>true</verbose>
<updateManifestEntries>
<Application-Name>cccccc</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Permissions>all-permissions</Permissions>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only>
</updateManifestEntries>
</configuration>
这里
<updateManifestEntries>
<Application-Name>cccccc</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Permissions>all-permissions</Permissions>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only>
</updateManifestEntries>
在启动时破坏应用程序。没有发生依赖注入。即使是与 Spring 相关的 jar,我也必须添加更新的清单信息。
我试着做同样的事情
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
但似乎不起作用。
感谢您的即时回复,因为我自上周以来一直在尝试此操作
问题在于 webstart-maven-plugin (1.0-beta-4),其
<updateManifestEntries>
<!-- <Permissions>all-permissions</Permissions>
<Application-Name>catsvision</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only> -->
</updateManifestEntries>
没有按预期工作。
当我尝试对
做同样的事情时<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<archive>
<addMavenDescriptor>false</addMavenDescriptor>
<manifestFile>
src/main/resources/META-INF/MANIFEST.MF
</manifestFile>
<manifest>
<addDefaultImplementationEntries>false</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
其中 MANIFEST.MF 有以下条目
Permissions: all-permissions
Application-Name: CATS Vision
Codebase: *
Trusted-Library: true
Trusted-Only: true
为我工作。但它是针对特定 JAR 的。如何更新 JAR 包的清单条目(我的意思是我的 webstart 包)?除了 maven-webstart-plugin 之外还有其他插件吗
【问题讨论】:
-
当我用 maven-jar-plugin 尝试这个时,权限问题解决了。
无效 - 添加此条目后 JAR 损坏,并且应用程序无法按预期工作,即使它已启动 all-permissions权限> 有效 无效
标签: java jnlp jar-signing maven-jar-plugin maven-webstart-plugin