We have a webstart application that downloads jars in 2 parts: 1) Jars are downloaded as part of webstart framework 2) Additional jars are downloaded when jnlp runs the main class of the application
We decided to download the jars over HTTPS. I changed the jnlp to download the jars over HTTPS and this triggers webstart framework that checks the server certificate. If the certificate is self-signed it pops up a warning to the user to approve or decline the connection. If the user declines the connection, the jars won't download but if they were downloaded before and appear in the java cache, then the application will be run from the cache. I am having a problem with part 2), where we download jars NOT as part of the webstart framework. At this point, I don't know if the user approved the certificate or declined.
The best behavior that I would like to get is that if user declines the connection, I would like the application to not run at all or to fail at the second phase.
How can I achieve that? Is there a way to determine if the user accepted the certificate or declined it?
I could see in the webstart tutorial link that there is a way to customized SSLSocketFactory and HostnameVerifiter by installing your own https handler. Did anyone had experience in that?