2015-02-02

JAVA 7u51 不允許無簽章或自我簽章(self-signed certificate)的應用程式問題

java自7u51版本開始,預設是不接受自我簽章跟無簽章的applets跟web start application執行,連提示「是否執行」的視窗都拿掉了,一般使用者哪會知道如何手動加入列外網站清單或降低安全性設定呢?還是要逼開發者花錢買應用程式簽章(一年$NT.16K)?這種做法有夠欠揍....Oracle sucks.



這次有個用java讀健保卡的網站程式,只要java更新成7u51後,就變成沒辦法直接按允許執行了,而網站使用者大多也是電腦白痴不會設定(寫step by step設定教學對使用者跟開發者也是很annoying),我們又不想花錢當潘仔買簽章,因此折衷的辦法就是寫了個批次檔,使用者只要下載執行就會把網站自動加入例外清單不再直接封鎖執行了。再補一句,Oracle sucks.

WIN XP, VISTA, 7, 8:

IF EXIST %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security SET EXCEPTION_FILE=%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites
IF EXIST %USERPROFILE%\Application Data\Sun\Java\Deployment\security SET EXCEPTION_FILE=%USERPROFILE%\Application Data\Sun\Java\Deployment\security\exception.sites
GOTO APPEND_SITES

:APPEND_SITES
>nul find "https://MYHOST.COM/" %EXCEPTION_FILE% && (
  echo "https://MYHOST.COM/" exists, ignored.
) || (
  echo https://MYHOST.COM/>> %EXCEPTION_FILE%
)

>nul find "http://MYHOST.COM/" %EXCEPTION_FILE% && (
  echo "http://MYHOST.COM/" exists, ignored.
) || (
  echo http://MYHOST.COM/>> %EXCEPTION_FILE%
)

MAC:

#!/bin/bash
FILE=~/Library/Application\ Support/Oracle/Java/Deployment/security/exception.sites
if [ ! -f "$FILE" ]; then
 echo "exception.sites not found, create one."
 touch "${FILE}"
else
 echo "exception.sites exists."
fi

if grep -q "http://MYHOST.COM" "${FILE}"; then
 echo "http://MYHOST.COM found, ignored."
else
 echo "http://MYHOST.COM not found, add exception."
 echo "http://MYHOST.COM" >> "${FILE}"
fi

if grep -q "https://MYHOST.COM" "${FILE}"; then
        echo "https://MYHOST.COM found, ignored."
else
        echo "https://MYHOST.COM not found, add exception."
        echo "https://MYHOST.COM" >> "${FILE}"
fi

UNIX & LINUX (沒試過,應該可以):

#!/bin/bash
FILE=~/.java/deployment/security/exception.sites
if [ ! -f "$FILE" ]; then
 echo "exception.sites not found, create one."
 touch "${FILE}"
else
 echo "exception.sites exists."
fi

if grep -q "http://MYHOST.COM" "${FILE}"; then
 echo "http://MYHOST.COM found, ignored."
else
 echo "http://MYHOST.COM not found, add exception."
 echo "http://MYHOST.COM" >> "${FILE}"
fi

if grep -q "https://MYHOST.COM" "${FILE}"; then
        echo "https://MYHOST.COM found, ignored."
else
        echo "https://MYHOST.COM not found, add exception."
        echo "https://MYHOST.COM" >> "${FILE}"
fi

references:
http://stackoverflow.com/questions/19481826/java-7u51-will-not-accept-jnlp-with-self-signed-certificate
https://blogs.oracle.com/java-platform-group/entry/upcoming_exception_site_list_in
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
張貼者:
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)