990382 wrote:It depends on what your application is doing, but in the majority of cases the answer is "yes". Certain actions are prohibited for embedded applications unless they specifically request permissions for them, and to do so the application needs to be signed. Examples of these actions are reading and writing to the file system, or some actions with multithreading. Another important example is suppressing access checks in order to manipulate inaccessible (usually private) fields or invoke inaccessible methods by reflection. Injection of FXML-defined objects into a controller relies on being able to do this. So in short, an application that uses FXML will almost always need to be signed.
I have two questions regarding signing of a JavaFX application:
1. In the documentation I read that there is no need to sign an application. But when I try to run a sample application (without any need of special security) in a web browser, I get a runtime error if I don't sign the application before. Is it necessary to sign a JavaFX application if it is intended to run in the browser?
2. I am signing my JavaFX application with the corresponding Ant-Task. So far I created a keystore a self signed certificate and it works.You need to import the commercial certificate into the keystore. I've never needed to do this (at least, not yet), but there is some documentation on how to do so [url http://docs.oracle.com/javase/tutorial/security/toolsign/signer.html]here. The optional step (between steps 3 and 4) is the one of interest to you.
Is it possible to use a commercial certificate I use for an apache webserver and how? I could not find any information concerning this topic.
Thanks in advance!