This discussion is archived
6 Replies Latest reply: Aug 15, 2013 8:22 PM by Les RSS

baseHtml from Jar

Les Newbie
Currently Being Moderated

We have a basehtml file referencing a javascript file to provide forms javascript integration capabilities.

 

In order to sign this javascript file, i believe we will have to put both the javascript file and the baseHtml file into a JAR file and sign the jar.

 

How would i reference the baseHtml in a jar file through the webforms.cfg?

 

Is this possible? What actually reads the baseHTML property in the webforms.cfg file?

  • 1. Re: baseHtml from Jar
    Christian Erlinger Guru
    Currently Being Moderated
    In order to sign this javascript file, i believe we will have to put both the javascript file and the baseHtml file into a JAR file and sign the jar.

    Signing a javascript file? I guess you are confusing Java with JavaScript. You have to sign your custom Jar files or the webutil jars, but I am not aware that you have to sign your JavaScript files...or do you mean running your forms application over SSL?

     

    cheers

  • 2. Re: baseHtml from Jar
    Les Newbie
    Currently Being Moderated

    The Oracle Forms Javascript API allows calls out to javascript functions referenced in the baseHTML files. When one of these function calls occurs, you receive a mixed code warning from Java 1.7.

     

    We are trying to determine how we can sign the javascript code (in an external file) so we don't receive these warnings.

     

    We cannot put a javascript file into an existing signed jar file, because it looks as though referencing a javascript file using the <SCRIPT ARCHIVE="x.jar" SRC="x.js" has been desupported in most browsers.

     

    The only option i have come across is to put both the baseHtml and the javascript file into the same jar and have it signed???

     

    Any ideas?

  • 3. Re: baseHtml from Jar
    Christian Erlinger Guru
    Currently Being Moderated

    Quoting from  Mixing Privileged Code and Sandbox Code

     

    As of Java SE 7 update 21, JavaScript code that calls code within a privileged applet is treated as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library attribute.

    Trusted-Library:

    Mixing Privileged Code and Sandbox Code

     

    As the callout to JavaScript is done via the Forms Applet you'd need to mark frmall.jar as Trusted Library. This might require resigning it.

     

    cheers

  • 4. Re: baseHtml from Jar
    Les Newbie
    Currently Being Moderated

    Thanks for the reply Christian.

     

    From what i can gather, marking the frmall.jar file as a trusted library would open up the applet to security vunerabilities. This is why i was investigating methods of signing the javascript code, so only this code trusted, and not any code that runs against the applet.

  • 5. Re: baseHtml from Jar
    Christian Erlinger Guru
    Currently Being Moderated

    I guess you could try running your HTTP Server via SSL with a certificate which also has been created with the same root certificate you use to sign your code (I'd use a self signed certificate for that); this also will require to resign the frmall.jar with your certificate. But this is pure speculation.

     

    cheers

  • 6. Re: baseHtml from Jar
    Les Newbie
    Currently Being Moderated


    We are investigating marking the frmall.jar as a trusted-library and resigning it.

     

    Since this jar is signed and verified by oracle, will it cause any problems self signing this jar with the new atriibute?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points