This discussion is archived
5 Replies Latest reply: Mar 15, 2012 8:34 AM by 877434 RSS

In need of opinion - desktop shortcut, security warning.

877434 Newbie
Currently Being Moderated
I have gone through tons of stuff from igor, nancy, jsmith, weaver, jasper, giles, etc..
I'm just a designer on my team but we had just started using javafx 1.3 last year when 2.0 came out.
We have our app running javafx2 in the browser or by web start link, but from a user experience I really want the drag app to drop on the desktop, close browser to create a desktop shortcut action back.
We had it in fx 1.3 but the programmers tell me that it just isn't available in fx 2.0.
Is that true? I can't get a shortcut created any more? or are there maybe an alternative work around they haven't thought of?

Also since I have attention, we always get the security warning popup "The application's digital signature cannot be verified" on start up.
I would love to get rid of that. If I read correctly, even if we pay for a certificate it still pops just with our name.
We persist application info like the users theme and we allow paste in textboxes, but that's it.
I read that we can't run in sandbox if we are using "local filesystem" or "system clipboard", but I want to be sure that's why we are getting the warning.

Thoughts?
  • 1. Re: In need of opinion - desktop shortcut, security warning.
    805536 Journeyer
    Currently Being Moderated
    This probably isn't compatible since it was based on the AWT plugin while JavaFX uses an all new one, but you could try testing the parameter described here for draggable applets: http://java.sun.com/developer/technicalArticles/javase/6u10_applets/

    If it doesn't work, your best bet would be to file a Request For Enhancement here: http://javafx-jira.kenai.com/
  • 2. Re: In need of opinion - desktop shortcut, security warning.
    jsmith Guru
    Currently Being Moderated
    Thanks for your questions Gecko.
    I can't get a shortcut created any more? or are there maybe an alternative work around they haven't thought of?
    WebStart can create a desktop shortcut.
    See the reference document here and search it for shortcut:
    http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/syntax.html

    The drag an applet out of a browser on to the desktop to install it feature from 1.3 is not in 2.0.
    However if you create an appropriate jnlp file, you can still get an install of the app (via webstart) and creation of a desktop shortcut.
    The user experience is that the user clicks on the link to your jnlp file, the jnlp is downloaded and installed in the Java WebStart cache and the user is prompted whether or not they want to create a desktop shortcut icon.
    "The application's digital signature cannot be verified"
    In you need one, you can buy a Java code signing certificate from a certificate authority and sign the application.

    The instructions in this thread can be used to sign the application: Signed Jars

    Appropriate code signing certificates can be purchased from:
    https://www.thawte.com/code-signing/content-signing-certificates/sun-java/index.html
    If I read correctly, even if we pay for a certificate it still pops just with our name.
    You are correct. Even if you sign your application, you will still get a pop-up and the user will be asked if they want to trust the publisher, it just won't say your "application's digital signature cannot be verified", instead it will say, that the signature has been verified and provide a checkbox so that the user can always trust the publisher (you) and never receive the popup again for any software you publish.
    I read that we can't run in sandbox if we are using "local filesystem" or "system clipboard", but I want to be sure that's why we are getting the warning.
    I don't think that is quite correct. Usage, of these services http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/examples.html (e.g. FileService and ClipboardService) do not require your application to be signed. They will still prompt the user for permissions, but only at the time the service is used (e.g. when you try to persist data to the disk) rather than when the application is first used. They were originally created for Swing and JavaSE. I haven't tried them with JavaFX, but they may work just fine. You should try them out if you want to avoid signing your application but still want to persist stuff to the local disk or use the system clipboard.
  • 3. Re: In need of opinion - desktop shortcut, security warning.
    877434 Newbie
    Currently Being Moderated
    All good information.
    We have the web start link and it works correctly (minus the shortcut).
    I reviewed the jnlp page and it looks like we have things setup correctly
    <information>
    <title>ToolBox</title>
    <vendor>us</vendor>
    <description>ToolBox</description>
    <shortcut online="true" ><desktop/></shortcut>
    </information>
    but the user doesn't get any shortcut or a prompt for one. I thought it was in the javafx but from what you are saying I need to look at the webstart (jnlp).
    I downloaded & reviewed the jnlp-6_0_10-mrel2-spec.zip and it looks like it is just saying the <desktop/> needs to be there, without any value.
  • 4. Re: In need of opinion - desktop shortcut, security warning.
    jsmith Guru
    Currently Being Moderated
    Creating a shortcut worked for me JavaFX 2.1b16, JDK7u4ea

    I generated a jnlp and a html file for a project from NetBeans 7.1.
    NetBeans placed the shortcut element in the wrong place in the jnlp so I moved it into the under the information element.
    I also set the update policy and check both to always rather than background to assist in testing.
    <?xml version="1.0" encoding="utf-8"?>
    <jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="ShortcutTest.jnlp">
      <information>
        <title>ShortcutTest</title>
        <vendor>John_Smith</vendor>
        <description>Sample JavaFX 2.0 application.</description>
        <offline-allowed/>
        <shortcut online="false"><desktop/></shortcut>
      </information>
      <resources>
        <jfx:javafx-runtime version="2.0+" href="http://javadl.sun.com/webapps/download/GetFile/javafx-latest/windows-i586/javafx2.jnlp"/>
      </resources>
      <resources>
        <j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se"/>
        <jar href="ShortcutTest.jar" size="139392" download="eager" />
      </resources>
      <security>
        <all-permissions/>
      </security>
      <applet-desc  width="800" height="600" main-class="com.javafx.main.NoJavaFXFallback"  name="ShortcutTest" >
        <param name="requiredFXVersion" value="2.0+"/>
      </applet>
      <jfx:javafx-desc  width="800" height="600" main-class="test.ShortcutTest"  name="ShortcutTest" />
      <update policy="always" check="always"/>
    </jnlp>
    I modified the html file generated from NetBeans to comment out the embedded jnlp file so that my changes would be picked up:
    <html><head>
      <SCRIPT src="./web-files/dtjava.js"></SCRIPT>
    <script>
        function launchApplication(jnlpfile) {
            dtjava.launch(            {
                    url : 'ShortcutTest.jnlp'//,
    //                jnlp_content : 'PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0i....4NCg=='
                },
                {
                    javafx : '2.0+'
                },
                {}
            );
            return false;
        }
    </script>
    
    <script>
        function javafxEmbed() {
            dtjava.embed(
                {
                    url : 'ShortcutTest.jnlp',
                    placeholder : 'javafx-app-placeholder',
                    width : 800,
                    height : 600//,
    //                jnlp_content : 'PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0i....4NCg=='
                },
                {
                    javafx : '2.0+'
                },
                {}
            );
        }
        <!-- Embed FX application into web page once page is loaded -->
        dtjava.addOnloadCallback(javafxEmbed);
    </script>
    
    </head><body>
    <h2>Test page for <b>ShortcutTest</b></h2>
      <b>Webstart:</b> <a href='ShortcutTest.jnlp' onclick="return launchApplication('ShortcutTest.jnlp');">click to launch this app as webstart</a><br><hr><br>
    
      <!-- Applet will be inserted here -->
      <div id='javafx-app-placeholder'></div>
    </body></html>
    User experience was:
    1. A security warning dialog box was displayed.
    2. Clicking on the More Information... hyperlink in the security dialog shows a dialog box and in the dialog box there is a little blue info icon and a message: "The application will add a shortcut to the desktop."
    3. Closing the info box, clicking Run in response to the security dialog, and the application runs and dialog box is added to the user's desktop.

    Edited by: jsmith on Mar 14, 2012 4:05 PM
  • 5. Re: In need of opinion - desktop shortcut, security warning.
    877434 Newbie
    Currently Being Moderated
    You are completely correct - it does work and I also found why ours wasn't working.
    Call it what ever (bug/feature/etc), I found that if I had deleted the shortcut from my desktop previously that I had to enter the java control panel to view "Temporary Internet Files" and remove the application (found old build versions there too). Then the next time I opened the application it created a desktop shortcut.
    Perfect - Thanks for all of your help - it allowed me to verify a few things as well as get a different perspective of the issue.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points