JASigning Platform Issues
CWA Signing Avatars
Legacy Software : Java
Java Web Start
JASigning applications and applets are launched using Java Web Start through Java Network Launching Protocol (JNLP) files, which have extension
The use of JNLP files for applets is deprecated in modern browsers. Where it is supported, it is fairly seamless, but changes to the Java security regime mean that some messages will be seen for the latest release of JASigning with older Java versions.
For applications, launching of Java Web Start is sometimes automatic, but sometimes requires further action. Apple makes it increasingly difficult to deploy components using JNLP so for recent versions of OS X it is necessary to override the default protection regime even though the components are correctly signed. See below for notes on using particular browsers.
JASigning components are digitally signed using a Code Signing Certificate issues by GlobalSign to UEA Consulting Ltd. Before 2014, certificates were issued to SYS Consulting Limited. When installing applications or applets, users will be asked to confirm that they trust the publisher. Users can choose to trust the publisher permanently to avoid future confirmation requests.
The certificates have a limited lifetime and have now expired. Unfortunately, it is therefore necessary to ignore security warnings to use the software. Components can still be used if http://vhg.cmp.uea.ac.uk is added to the Exception Site List via the Security tab on the Java control panel.
Legacy Web Applications : Java Applets
Support for Java Applets is now minimal and the HTML5 approach should be used wherever possible.
JASigning applets may work with browsers other than those mentioned below, but our testing in such cases is at best limited. Let us know!
JASigning web applets should work with Internet Explorer. The 32-bit (x86) release of Java should be installed.
JASigning web applets should work with Safari.
Safari will block applets by default but clicking on the avatar display area will allow the applet plug-in to be enabled. Safari 7 and later impose a safe mode which blocks access to the local disk even though requested by the Java security settings. JASigning will operate in safe mode but will operate more slowly and will not work so well offline as a local cache will be disabled. The Safari Security preferences can be used to disable safe mode for JASigning applets, allowing the local cache to be used.
If GateKeeper is active, launching of applications will be blocked. See the Platforms section above. Even if GateKeeper is disabled: Safari does not consider Java Web Start to be safe so JNLP files may be downloaded to a temporary area and can only be launched by clicking on the icon for the downloaded file in the Downloads window; JNLP files for applications can be downloaded and launched from Chrome but a warning suggests that JNLP files can be harmful.
Legacy Standalone Applications : Java
The security constraints on running Java-based applications mean that the CWA Signing Avatars applications are strongly preferred. At present, however, some functionality is only available in the Java software.
Java-based applications for the current version of JASigning are intended to run on Windows (XP, Vista, 7) and on the latest releases of OS X 10.5 and later. Java-based JASigning apps are not supported on Linux. It is preferable to run JASigning with an up-to-date Java 8 run-time (JRE), although it should run with Java 7 and later versions of Java 6.
On the supported platforms, that is, Windows and OS X, JASigning supports both 32-bit and 64-bit operation. Which of this modes it actually runs in on any given occasion depends on several factors:
- Whether or not the processor supports 64-bit operation.
- Whether or not the operating system supports 64-bit operation.
- Whether the system has a 32-bit or a 64-bit Java installation (or both) -- and what options are set in the Java Control Panel (Windows) or Java Preferences app (OS X).
- For a JASigning applet: whether the browser is running in 32-bit or 64-bit mode.
Home applications and applets (apart from the SiGML Service Client) on Windows may require the appropriate Microsoft Visual Studio C++ 2010 Redistributable Package to be installed on the system.
On many Windows systems the required Redistributable package will already have been installed. But if not, each JASigning application and applet will display a message at launch time giving the URLs from which the package can easily be downloaded and installed. These URLs can be copied from the Java console and pasted into a web browser.
Before installing and running JASigning applications, the corresponding JNLP file must be downloaded. The application is then launched using Java Web Start. The user will be warned that the application (its JNLP file) has been downloaded from the Internet. The user will also be asked to confirm that they trust the publisher.
Under the default settings for GateKeeper on OS X 10.7.5 Lion and onwards, JASigning applications are blocked from running because they do not come from the App Store or an identified developer. To run blocked applications it is necessary to locate the JNLP file, typically in the Downloads folder, and open it by double-clicking with the control-key down or by right-clicking and choosing Open. On some versions, GateKeeper can be disabled using the General tab of Security & Privacy in the System Preferences.
As documented in JASigning Release Notes, on OS X 10.6 Snow Leopard and later some rendering artefacts can appear with the freestanding SiGML URL Player and SiGML Service Player.