unsigend webstart and applet does not work with latest java version 1.7.51

[GoogleCodeExporter]

Tried this:
http://rapla.sourceforge.net/demo

Problems found:
Java 7u45 says that future versions of java will refuse to run unsigned applets.
Java 7u60 (beta) says that the security settings do not allow this untrusted 
application.

More info:
Java 1.7.60 will be released in two days. It fixes a lot of severe security 
vulnerabilities, so everybody should update immediately.
Java 7.45 has an expiration date in February.

Do you have a version of Rapla that works with Java 7.60?

Original issue reported on code.google.com by hartn...@uni-freiburg.de on 13 Jan 2014 at 8:52

[GoogleCodeExporter]

The demo is still version 1.2, but the same also happens in version 1.7.6

It is possible to run Rapla, by starting Java Control Panel and lowering the 
security setting there, but I don't like this solution. It seems to be required 
to sign the applet with a digital certificate.

Is there a chance that a future version of Rapla will work without Java plugin 
on the client?

Original comment by hartn...@uni-freiburg.de on 13 Jan 2014 at 9:49

[GoogleCodeExporter]

Issue 388 has been merged into this issue.

Original comment by christop...@gmail.com on 16 Jan 2014 at 12:00

[GoogleCodeExporter]

Verified

instead of fixing the sandbox security issues, oracle decided to require 
certification for every webstart application. Hoped they waited for this step 
until the javascript client of rapla is released. 

The only way, you can fix it now, is with a certified signed certificate (self 
signed won't work). I try to get one for the official releases (donations are 
welcome), but if you already have one you can contact me and i explain you how 
to sign.

As workaround you copy the rapla-distribution to every client and uncomment
-Dorg.rapla.serverUrl 
in raplaclient.l4j.ini and replace localhost with the servername or ip running 
rapla. Then you can use raplaclient.exe instead of webstart or applet.

Original comment by christop...@gmail.com on 16 Jan 2014 at 12:21

• Changed state: Accepted
• Added labels: Priority-Critical

[GoogleCodeExporter]

Another tested workaround: The user can downgrade the java security settings in 
the java console under system/java from high to medium.

Original comment by christop...@gmail.com on 16 Jan 2014 at 12:35

[GoogleCodeExporter]

instead of downgreading the securtiy settings, it is possible to add exeptions 
to java to not check a special website for certificates. (via java control 
panel)

Original comment by Matthias...@googlemail.com on 17 Jan 2014 at 12:25

[GoogleCodeExporter]

Original comment by christop...@gmail.com on 17 Jan 2014 at 4:03

• Changed title: unsigend webstart and applet does not work with latest java version 1.7.51

[GoogleCodeExporter]

The first mentioned workaround (editing ini and running exe) does not work.
It aborts after entering the password with this error message:
"Unable to provide implementation for org.rapla.storage.dbrm.RemoteServer"

Original comment by hartn...@uni-freiburg.de on 20 Jan 2014 at 12:30

[GoogleCodeExporter]

Fixed with 1.7.7

Original comment by christop...@gmail.com on 10 Feb 2014 at 5:02

• Changed state: Verified
• Added labels: Milestone-1.7.7