JOGL & Java Web Start without certificates

[c_lilian]

Hi,

I've just tested an unsigned JWS JOGL application and (surprise...) it works !

Well, may be I'm the only one to be surprised, but if there are others like me, here's what i've done :

my JNLP file :
 - <security/> (no permissions)
 - external jnlp file (https://jogl....) for JOGL extension.
 - my jars (sandboxed)

And on the start, Java Web Start just asked me if I trusted the JOGL certificate issued by a valid provider - Java Game Technology - without the ugly warning message ("we urge you not to accept this certificate...").

That means we can distribute JOGL applications without the need of a certificate !!

==> one more thing  : if we had a hook in jogl.jar to set a fullscreen window, that would be perfect (this is the only major thing missing in this context, as we cannot do that from our untrusted jar).  

What do you think of it ?

Lilian

[Ken Russell]

Glad it's working -- Java Web Start and the extension mechanism was designed to make this work. The JOGL demos are themselves unsigned and use the signed JOGL jars as an extension.

I don't know about putting in full-screen hooks, though. There must be a reason there are security checks around those APIs, probably to prevent rogue applications from popping up something that looks like a login screen.