Difference between revisions of "JASigning Platform Issues"

From Virtual Humans
Jump to navigation Jump to search
(Clarify that GateKeeper is recent in Mac OS 10.8.)
(More security notes. Changed http to https.)
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Main Page]] >> [[JASigning]]
+
[[Main Page|Home]] >> [[JASigning]]
 
----
 
----
== Code Signing ==
 
  
JASigning components are digitally signed using a Code Signing Certificate issues by [http://www.globalsign.com/code-signing/ GlobalSign] to [http://www.sys-consulting.co.uk/ SYS Consulting Limited]. When installing applications or applets, users will be asked to confirm that they trust the publisher. Users can choose to trust the publisher permanently to avoid future confirmation requests.
+
= Core Software : JavaScript =
 +
 
 +
== CWA Signing Avatars ==
 +
The core [[CWA Signing Avatars]] software is implemented in JavaScript for HTML5 web pages using WebGL. It functions on most platforms. See [[CWASA Platform Issues]] for details.
 +
 
 +
= Legacy Software : Java =
 +
 
 +
A Java Runtime Environment (JRE) must be installed. In the Security settings of the Java Control Panel you may need to add https://vhg.cmp.uea.ac.uk to the Exception Site List.
  
 
== Java Web Start ==
 
== Java Web Start ==
  
JASigning applications and applets are launched using [http://en.wikipedia.org/wiki/Java_Web_Start Java Web Start] through Java Network Launching Protocol (JNLP) files, which have extension <code>.jnlp</code>.  
+
JASigning applications and applets are launched using [https://en.wikipedia.org/wiki/Java_Web_Start Java Web Start] through Java Network Launching Protocol (JNLP) files, which have extension <code>.jnlp</code>. Web pages using the more recent JASigning implementation for HTML5 using JavaScript and WebGL is not dependent on JNLP.
 +
 
 +
The use of JNLP files for applets is deprecated in modern browsers. Where it is supported, it is fairly seamless, but changes to the Java security regime mean that some messages will be seen for the latest release of JASigning with older Java versions.
 +
 
 +
For applications, launching of Java Web Start is sometimes automatic, but sometimes requires further action. Apple makes it increasingly difficult to deploy components using JNLP so for recent versions of OS X it is necessary to override the default protection regime even though the components are correctly signed. See below for notes on using particular browsers.
  
On modern browsers, the use of JNLP files for applets is mostly seamless.
+
== Code Signing ==
  
For applications, launching of Java Web Start is sometimes automatic, but sometimes requires further action. Apple makes it increasingly difficult to deploy components using JNLP so for recent versions of Mac OS X it is necessary to override the default protection regime even though the components are correctly signed. See below for notes on using particular browsers.
+
JASigning components are digitally signed using a Code Signing Certificate issues by [https://www.globalsign.com/code-signing/ GlobalSign] to [https://www.uea.ac.uk/business/consultancy UEA Consulting Ltd]. Before 2014, certificates were issued to [http://www.sys-consulting.co.uk/ SYS Consulting Limited]. When installing applications or applets, users will be asked to confirm that they trust the publisher. Users can choose to trust the publisher permanently to avoid future confirmation requests.
  
== Platforms ==
+
The certificates have a limited lifetime and have now expired. Unfortunately, it is therefore necessary to ignore security warnings to use the software. Components can still be used if https://vhg.cmp.uea.ac.uk is added to the Exception Site List via the Security tab on the Java control panel.
  
The [http://vhg.cmp.uea.ac.uk/tech/jas/std/ current version of JASigning] is intended to run on Windows (XP, Vista, 7) and on the latest releases of Mac OS X 10.5 and later.  JASigning is ''not'' supported on Linux at present. It is preferable to run JASigning with an up-to-date Java 6 run-time (JRE), although it should run with the latest versions of Java 5.
+
== Legacy Standalone Applications : Java ==
 +
The security constraints on running Java-based applications mean that the [[CWA Signing Avatars]] applications are strongly preferred. At present, however, some functionality is only available in the Java software.
 +
 +
Java-based applications for the [https://vhg.cmp.uea.ac.uk/tech/jas/std/ current version of JASigning] are intended to run on Windows (XP, Vista, 7, 10) and on the latest releases of OS X 10.5 and later.  Java-based JASigning apps are ''not'' supported on Linux. It is preferable to run JASigning with an up-to-date Java 8 run-time (JRE), although it should run with Java 7 and later versions of Java 6.
  
On the supported platforms, that is, Windows and Mac OS X, JASigning supports both 32-bit and 64-bit operation.  Which of this modes it actually runs in on any given occasion depends on several factors:
+
On the supported platforms, that is, Windows and OS X, JASigning supports both 32-bit and 64-bit operation.  Which of this modes it actually runs in on any given occasion depends on several factors:
  
 
* Whether or not the processor supports 64-bit operation.
 
* Whether or not the processor supports 64-bit operation.
 
* Whether or not the operating system supports 64-bit operation.
 
* Whether or not the operating system supports 64-bit operation.
* Whether the system has a 32-bit or a 64-bit Java installation (or both) -- and what options are set in the Java Control Panel (Windows) or Java Preferences app (Mac OS X).
+
* Whether the system has a 32-bit or a 64-bit Java installation (or both) -- and what options are set in the Java Control Panel (Windows) or Java Preferences app (OS X).
 
* For a JASigning applet: whether the browser is running in 32-bit or 64-bit mode.
 
* For a JASigning applet: whether the browser is running in 32-bit or 64-bit mode.
  
 
==== Windows ====
 
==== Windows ====
[[JASigning]] applications and applets
+
[[JASigning|Home]] applications and applets
 
(apart from the SiGML Service Client) on Windows may require the appropriate
 
(apart from the SiGML Service Client) on Windows may require the appropriate
 
<em>Microsoft Visual Studio C++ 2010 Redistributable Package</em>
 
<em>Microsoft Visual Studio C++ 2010 Redistributable Package</em>
Line 38: Line 51:
 
a web browser.
 
a web browser.
  
There is a 32-bit ([http://www.microsoft.com/en-us/download/details.aspx?id=5555 x86]) and a 64-bit ([http://www.microsoft.com/en-us/download/details.aspx?id=14632 x64])
+
There is a 32-bit ([https://www.microsoft.com/en-us/download/details.aspx?id=5555 x86]) and a 64-bit ([https://www.microsoft.com/en-us/download/details.aspx?id=14632 x64])
 
version of the Redistributable package.
 
version of the Redistributable package.
 
One or both of these should be installed, to match the system's
 
One or both of these should be installed, to match the system's
 
JRE (Java Runtime Environment) installation(s).
 
JRE (Java Runtime Environment) installation(s).
  
==== Mac OS X ====
+
==== OS X ====
  
 
Before installing and running JASigning applications, the corresponding JNLP file must be downloaded. The application is then launched using Java Web Start. The user will be warned that the application (its JNLP file) has been downloaded from the Internet. The user will also be asked to confirm that they trust the publisher.
 
Before installing and running JASigning applications, the corresponding JNLP file must be downloaded. The application is then launched using Java Web Start. The user will be warned that the application (its JNLP file) has been downloaded from the Internet. The user will also be asked to confirm that they trust the publisher.
  
On Mac OS X 10.8 Mountain Lion with GateKeeper, applications are blocked from running unless they come from the App Store or a registered developer. To run blocked applications it is necessary to locate the JNLP file, typically in the Downloads folder, and open it by double-clicking with the control-key down or by right-clicking and choosing Open.
+
Under the default settings for GateKeeper on OS X 10.7.5 Lion and onwards, JASigning applications are blocked from running because they do not come from the App Store or an identified developer. To run blocked applications it is necessary to locate the JNLP file, typically in the Downloads folder, and open it by double-clicking with the control-key down or by right-clicking and choosing ''Open''. On some versions, GateKeeper can be disabled using the General tab of Security & Privacy in the System Preferences.
  
As documented in  [[JASigning Release Notes]], on Mac OS X 10.6 Snow Leopard some rendering artefacts can appear with the freestanding SiGML URL Player and SiGML Service Player. This seems to be related to use of Java 6 so can occur with MacOS 10.7 Lion and 10.8 Mountain Lion as initially installed.
+
As documented in  [[JASigning Release Notes]], on OS X 10.6 Snow Leopard and later some rendering artefacts can appear with the freestanding SiGML URL Player and SiGML Service Player.
  
== Browsers ==
+
== Legacy Web Applications : Java Applets ==
Firefox is generally the easiest browser to use for running JASigning applets and launching JASigning applications.
+
Support for Java Applets is now minimal and the HTML5 approach should be used wherever possible.
  
 
JASigning applets may work with browsers other than those mentioned below, but our testing in such cases is at best limited. Let us know!  
 
JASigning applets may work with browsers other than those mentioned below, but our testing in such cases is at best limited. Let us know!  
  
 
==== Windows ====
 
==== Windows ====
JASigning web applets should work with Safari, Firefox, Opera, Chrome, and Internet Explorer.
+
JASigning web applets should work with '''Internet Explorer'''. The 32-bit (x86) release of Java should be installed.
 
 
==== Mac OS X ====
 
JASigning web applets should work with Firefox and Safari. Recent versions of MacOS X require applets from [http://vhg.cmp.uea.ac.uk/tech/jas/095j/ JASigning 095j] or [http://vhg.cmp.uea.ac.uk/tech/jas/095l/ JASigning 095l]. JASigning applets from older releases should work with Firefox 3.6.28 (which is no longer supported).  
 
  
Safari will block applets by default but clicking on the avatar display area will allow the applet plug-in to be enabled.  
+
==== OS X ====
 +
JASigning web applets should work with '''Safari'''.
  
Chrome does not support Java 7 on the Mac so can only be used to run JASigning applets on MacOS 10.6 Snow Leopard or on later systems with Java 6 installed.  
+
'''Safari''' will block applets by default but clicking on the avatar display area will allow the applet plug-in to be enabled.  '''Safari 7''' and later impose a ''safe'' mode which blocks access to the local disk even though requested by the Java security settings. JASigning will operate in safe mode but will operate more slowly and will not work so well offline as a local cache will be disabled. The Safari Security preferences can be used to disable safe mode for JASigning applets, allowing the local cache to be used.
  
On Mac OS X 10.8 Mountain Lion: GateKeeper prevents direct launching of applications via Java Web Start so JNLP files must be located in the Finder and launched from there
+
If GateKeeper is active, launching of applications will be blocked. See the Platforms section above. Even if GateKeeper is disabled: Safari does not consider Java Web Start to be safe so JNLP files may be downloaded to a temporary area and can only be launched by clicking on the icon for the downloaded file in the Downloads window; JNLP files for applications can be downloaded and launched from '''Chrome''' but a warning suggests that JNLP files can be harmful.
by double-clicking with the control-key down or by right-clicking and choosing Open.
 
  
On MacOS 10.7 Lion and Mac OS X 10.6 Snow Leopard: Safari does not consider Java Web Start to be safe so JNLP files may be downloaded to a temporary area and can only be launched by clicking on the icon for the downloaded file in the Downloads window; JNLP files for applications can be downloaded and launched from Chrome but a warning suggests that JNLP files can be harmful.
 
  
 
----
 
----
 
[[Main Page]] >> [[JASigning]]
 
[[Main Page]] >> [[JASigning]]

Latest revision as of 15:09, 29 April 2024

Home >> JASigning


Core Software : JavaScript

CWA Signing Avatars

The core CWA Signing Avatars software is implemented in JavaScript for HTML5 web pages using WebGL. It functions on most platforms. See CWASA Platform Issues for details.

Legacy Software : Java

A Java Runtime Environment (JRE) must be installed. In the Security settings of the Java Control Panel you may need to add https://vhg.cmp.uea.ac.uk to the Exception Site List.

Java Web Start

JASigning applications and applets are launched using Java Web Start through Java Network Launching Protocol (JNLP) files, which have extension .jnlp. Web pages using the more recent JASigning implementation for HTML5 using JavaScript and WebGL is not dependent on JNLP.

The use of JNLP files for applets is deprecated in modern browsers. Where it is supported, it is fairly seamless, but changes to the Java security regime mean that some messages will be seen for the latest release of JASigning with older Java versions.

For applications, launching of Java Web Start is sometimes automatic, but sometimes requires further action. Apple makes it increasingly difficult to deploy components using JNLP so for recent versions of OS X it is necessary to override the default protection regime even though the components are correctly signed. See below for notes on using particular browsers.

Code Signing

JASigning components are digitally signed using a Code Signing Certificate issues by GlobalSign to UEA Consulting Ltd. Before 2014, certificates were issued to SYS Consulting Limited. When installing applications or applets, users will be asked to confirm that they trust the publisher. Users can choose to trust the publisher permanently to avoid future confirmation requests.

The certificates have a limited lifetime and have now expired. Unfortunately, it is therefore necessary to ignore security warnings to use the software. Components can still be used if https://vhg.cmp.uea.ac.uk is added to the Exception Site List via the Security tab on the Java control panel.

Legacy Standalone Applications : Java

The security constraints on running Java-based applications mean that the CWA Signing Avatars applications are strongly preferred. At present, however, some functionality is only available in the Java software.

Java-based applications for the current version of JASigning are intended to run on Windows (XP, Vista, 7, 10) and on the latest releases of OS X 10.5 and later. Java-based JASigning apps are not supported on Linux. It is preferable to run JASigning with an up-to-date Java 8 run-time (JRE), although it should run with Java 7 and later versions of Java 6.

On the supported platforms, that is, Windows and OS X, JASigning supports both 32-bit and 64-bit operation. Which of this modes it actually runs in on any given occasion depends on several factors:

  • Whether or not the processor supports 64-bit operation.
  • Whether or not the operating system supports 64-bit operation.
  • Whether the system has a 32-bit or a 64-bit Java installation (or both) -- and what options are set in the Java Control Panel (Windows) or Java Preferences app (OS X).
  • For a JASigning applet: whether the browser is running in 32-bit or 64-bit mode.

Windows

Home applications and applets (apart from the SiGML Service Client) on Windows may require the appropriate Microsoft Visual Studio C++ 2010 Redistributable Package to be installed on the system.

On many Windows systems the required Redistributable package will already have been installed. But if not, each JASigning application and applet will display a message at launch time giving the URLs from which the package can easily be downloaded and installed. These URLs can be copied from the Java console and pasted into a web browser.

There is a 32-bit (x86) and a 64-bit (x64) version of the Redistributable package. One or both of these should be installed, to match the system's JRE (Java Runtime Environment) installation(s).

OS X

Before installing and running JASigning applications, the corresponding JNLP file must be downloaded. The application is then launched using Java Web Start. The user will be warned that the application (its JNLP file) has been downloaded from the Internet. The user will also be asked to confirm that they trust the publisher.

Under the default settings for GateKeeper on OS X 10.7.5 Lion and onwards, JASigning applications are blocked from running because they do not come from the App Store or an identified developer. To run blocked applications it is necessary to locate the JNLP file, typically in the Downloads folder, and open it by double-clicking with the control-key down or by right-clicking and choosing Open. On some versions, GateKeeper can be disabled using the General tab of Security & Privacy in the System Preferences.

As documented in JASigning Release Notes, on OS X 10.6 Snow Leopard and later some rendering artefacts can appear with the freestanding SiGML URL Player and SiGML Service Player.

Legacy Web Applications : Java Applets

Support for Java Applets is now minimal and the HTML5 approach should be used wherever possible.

JASigning applets may work with browsers other than those mentioned below, but our testing in such cases is at best limited. Let us know!

Windows

JASigning web applets should work with Internet Explorer. The 32-bit (x86) release of Java should be installed.

OS X

JASigning web applets should work with Safari.

Safari will block applets by default but clicking on the avatar display area will allow the applet plug-in to be enabled. Safari 7 and later impose a safe mode which blocks access to the local disk even though requested by the Java security settings. JASigning will operate in safe mode but will operate more slowly and will not work so well offline as a local cache will be disabled. The Safari Security preferences can be used to disable safe mode for JASigning applets, allowing the local cache to be used.

If GateKeeper is active, launching of applications will be blocked. See the Platforms section above. Even if GateKeeper is disabled: Safari does not consider Java Web Start to be safe so JNLP files may be downloaded to a temporary area and can only be launched by clicking on the icon for the downloaded file in the Downloads window; JNLP files for applications can be downloaded and launched from Chrome but a warning suggests that JNLP files can be harmful.



Main Page >> JASigning