Skip to Main Content
Forums

Oracle Forms

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Webutil - Jacob.jar blocked when using webstart

db12345Feb 9 2018 — edited Feb 21 2018

Hi,

I've setup a new Windows Server 2016 with Weblogic Server + Forms 12.2.1.3.0. Everything is working except for jacob.jar

Have downloaded jacob-1.18-M2.zip and followed all the instructions for setting it up and signing it using a private certificate.

(https://oracle-base.com/articles/12c/oracle-forms-and-reports-12c-configuration-notes#webutil-config)

It works fine when running the application as Applet in HTML and Standalone mode, but using webstart its blocked and prevents the application from starting.

Client PC is a Windows 7 Desktop running JRE 7.51 with the server added to the exception list.

Below are the logs from the Java console after launching webstart with trace level 5.

javaws "http://servername:9001/forms/frmservlet?config=dev_webstart"

calling downloadEagerorAll

Trace level set to 5: all ... completed.preloader: Stop progressCheck thread

security: User has granted the privileges to the code for this session only

security: Saving certificates in Deployment session certificate store

security: Saved certificates in Deployment session certificate store

cache: Cancel delay cleanup: URL: http://servername:9001/forms/java/extensions.jnlp | C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\1f10ab3a-4a5dd19d.idx

cache: Cancel delay cleanup: URL: http://servername:9001/forms/java/jacob.jar | C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\80da6be-10f51a39.idx

security: Trust for: http://servername:9001/forms/java/jacob.jar has ended: Thu Jan 01 01:00:00 GMT 1970

security: Trust for: http://servername:9001/forms/java/jacob.jar has ended: Thu Jan 01 01:00:00 GMT 1970

security: Validating cached jar url=http://servername:9001/forms/java/jacob.jar ffile=C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\80da6be-10f51a39 com.sun.deploy.cache.CachedJarFile@82e4d6

security: Found unsigned entry: META-INF/JacobVersion.properties

preloader: Delivering: ErrorEvent[url=null label=Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar cause=Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar

basic: exception: Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar.

ExitException[ 3]com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar

at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)

at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Ignored exception: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar

preloader: Start progressCheck thread

preloader: Preloader shutdown after ErrorEvent

preloader: Stop progressCheck thread

ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key OK

ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key OK

ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key More Information...

cache: MemoryCache: removed entry http://servername:9001/forms/java/frmall.jar

cache: MemoryCache: removed entry http://servername:9001/forms/java/jacob.jar

cache: MemoryCache: removed entry http://servername:9001/forms/java/frmall.jarjnlp

preloader: Added pending event 1: ErrorEvent[url=null label=Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar cause=Found unsigned entry in resource: http://servername:9001/forms/java/jacob.

Details shown when displaying more info on the blocked jar file:

com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://servername:9001/forms/java/jacob.jar

at com.sun.javaws.security.SigningInfo.getCommonCodeSignersForJar(Unknown Source)

at com.sun.javaws.security.SigningInfo.check(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)

at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)

at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

The verification results for the jar file being used is:

C:\Oracle\Middleware\Oracle_Home\forms\java>jarsigner -verify -verbose jacob.jar

s       3663 Fri Feb 09 12:31:12 GMT 2018 META-INF/MANIFEST.MF

        3496 Fri Feb 09 12:31:14 GMT 2018 META-INF/LE-90D5F.SF

        3742 Fri Feb 09 12:31:14 GMT 2018 META-INF/LE-90D5F.RSA

           0 Tue May 27 23:49:50 BST 2014 META-INF/

           0 Tue May 27 21:54:34 BST 2014 com/

           0 Tue May 27 21:54:34 BST 2014 com/jacob/

           0 Tue May 27 21:54:34 BST 2014 com/jacob/activeX/

           0 Tue May 27 21:54:34 BST 2014 com/jacob/com/

sm       108 Tue May 27 23:49:50 BST 2014 META-INF/JacobVersion.properties

sm      6745 Tue May 27 21:54:34 BST 2014 com/jacob/activeX/ActiveXComponent.class

sm      1268 Tue May 27 21:54:34 BST 2014 com/jacob/activeX/ActiveXDispatchEvents.class

sm      3908 Tue May 27 21:54:34 BST 2014 com/jacob/activeX/ActiveXInvocationProxy.class

sm      1555 Tue May 27 21:54:34 BST 2014 com/jacob/com/ComException.class

sm      1153 Tue May 27 21:54:34 BST 2014 com/jacob/com/ComFailException.class

sm      2393 Tue May 27 21:54:34 BST 2014 com/jacob/com/ComThread.class

sm      1655 Tue May 27 21:54:34 BST 2014 com/jacob/com/Currency.class

sm      1472 Tue May 27 21:54:34 BST 2014 com/jacob/com/DateUtilities.class

sm      9667 Tue May 27 21:54:34 BST 2014 com/jacob/com/Dispatch.class

sm      2613 Tue May 27 21:54:34 BST 2014 com/jacob/com/DispatchEvents.class

sm      3124 Tue May 27 21:54:34 BST 2014 com/jacob/com/DispatchIdentifier.class

sm      1172 Tue May 27 21:54:34 BST 2014 com/jacob/com/DispatchNullProgramId.class

sm      1343 Tue May 27 21:54:34 BST 2014 com/jacob/com/DispatchProxy.class

sm      2707 Tue May 27 21:54:34 BST 2014 com/jacob/com/EnumVariant.class

sm      1452 Tue May 27 21:54:34 BST 2014 com/jacob/com/InvocationProxy.class

sm      3054 Tue May 27 21:54:34 BST 2014 com/jacob/com/InvocationProxyAllVariants.class

sm       531 Tue May 27 21:54:34 BST 2014 com/jacob/com/JacobException.class

sm      1831 Tue May 27 21:54:34 BST 2014 com/jacob/com/JacobObject.class

sm      2240 Tue May 27 21:54:34 BST 2014 com/jacob/com/JacobReleaseInfo.class

sm      3444 Tue May 27 21:54:34 BST 2014 com/jacob/com/LibraryLoader.class

sm       275 Tue May 27 21:54:34 BST 2014 com/jacob/com/MainSTA.class

sm       466 Tue May 27 21:54:34 BST 2014 com/jacob/com/NotImplementedException.class

sm      4718 Tue May 27 21:54:34 BST 2014 com/jacob/com/ROT.class

sm       933 Tue May 27 21:54:34 BST 2014 com/jacob/com/STA.class

sm      5945 Tue May 27 21:54:34 BST 2014 com/jacob/com/SafeArray.class

sm     22506 Tue May 27 21:54:34 BST 2014 com/jacob/com/Variant.class

sm     10170 Tue May 27 21:54:34 BST 2014 com/jacob/com/VariantUtilities.class

sm       307 Tue May 27 21:54:34 BST 2014 com/jacob/com/VariantViaEvent.class

sm       546 Tue May 27 21:54:34 BST 2014 com/jacob/com/WrongThreadException.class

  s = signature was verified

  m = entry is listed in manifest

  k = at least one certificate was found in keystore

  i = at least one certificate was found in identity scope

- Signed by "CN=dev.REDACTED.com, OU=DEG, O=Time UK, L=London, ST=London, C=GB"

    Digest algorithm: SHA-256

    Signature algorithm: SHA256withRSA, 2048-bit key

  Timestamped by "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB" on Fri Feb 09 12:31:16 UTC 2018

    Timestamp digest algorithm: SHA-256

    Timestamp signature algorithm: SHA256withRSA, 2048-bit key

jar verified.

Warning:

This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.

This jar contains entries whose certificate chain is not validated.

Re-run with the -verbose and -certs options for more details.

The jar file is being signed by following the these instructions:

https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/1004/0/export-certificates-windows

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1207/23/how-to-sign-java-jar-files

The webstart webutil forms config is:

[dev_webstart]

# Forms applet archive setting for other clients (Java Plugin, Appletviewer, etc)

archive=frmall.jar,Images.jar

# Forms runtime argument: which form module to run

form=logon.fmx

# Forms runtime argument: database connection details

userid=@dev.world

# System parameter: file setting environment variables for the Forms runtime processes

envFile=dev.env

basejnlp=webutil.jnlp

webstart=enabled

WebUtilArchive=jacob.jar,frmwebutil.jar

WebUtilLogging=off

WebUtilLoggingDetail=normal

WebUtilErrorMode=Alert

WebUtilDispatchMonitorInterval=5

WebUtilTrustInternal=true

WebUtilMaxTransferSize=16384

Is there a step that I'm missing or a configuration that needs to be changed.

Thanks

Daniel

This post has been answered by Michael Ferrante-Oracle on Feb 9 2018
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 13 2018
Added on Feb 9 2018
#forms, #moved-from-devops
2 comments
4,093 views