java - How to sign multiple JNLP application using Maven -


we use jnlp application business. actual use requires manual signing jars each release. leads having different certificates, expired certificates , on ..

we poc'ed maven automatically sign application maven jarsigner plugin.

now, best approach industrialize such process ? i'd have certificate shared among applications instead of recreating 1 everytime.

in particular:

  • is correct have certificate bunch of corporate applications, or shall consider having 1 per application ?

  • can imagine store certificate(s) dependencies (under business repo) , have both dev , release certificates fetched uppon build ? dev cert local build , release certificate release.

  • what flaws of such use ?

  • is there other/better solution ?

thanks answers.

there many ways solve problem, can share thoughts on subject.

a) assume different releases on different branches, in essence deal 1 release version @ time

b) assume per version, have different certificates per environment. per environment part can handled using maven profiles (http://maven.apache.org/guides/introduction/introduction-to-profiles.html), so...

whether have multiple or single certificate matter of preference. since provides level of trust between given user , given app judgment of risk versus maintainability. risk, in multiple apps same certificate gives higher exposure, malign exposure, , breach of 1 breach of all. may important certificates guard.. maintainability in apps follow same update cycle, , change 1 means change all.

so, coupling bit higher, risk harder , maintenance simpler.. if global enterprise acme inc risk higher if local enterprise icme inc. , other peoples data or money invite safest option available.

i see no reason why certificates cannot stored. either in repository or other safe repo or lying around. more interesting may private keys, can specify properties , have dev ones bound dev profile , release ones omitted, have provide them on command line.

assuming use maven jarsigner plugin, have ${my.keypass} , ${my.keystore}, , dev profile both properties set, , release profile keystore set.

last time used certificates in similar manner had: - set of individual components - in single repository - build single complete entity.

so sharing certificates easy takeaway. certificates except final prod in sourcecode repository certificate releases on secure server, had batch process few had access to.

as security compromises.. don't think ever encountered one, prepared :)


Comments

Post a Comment

Popular posts from this blog

authentication - Mongodb revoke acccess to connect test database -

i have ec2 instance mongodb 3.2.0 installed. have user admin access. can connect user , perform operation remotely. 1 can connect database test remote if knows ip mongo 11.11.11.11. although not able make operations, want restrict access user credentials can connect server. first need create users , grant roles users, example: use admin db.createuser( { user: "myuseradmin", pwd: "abc123", roles: [ { role: "useradminanydatabase", db: "admin" } ] } ) then need start server --auth parameter mongod --auth more information here
Read more

r - Update two sets of radiobuttons reactively - shiny -

i have read ( how make choices in radiobuttons reactive in shiny? ) shows me how update radiobutton s in reactive way. however, when try , update 2 sets of buttons same data, 1 set renders. example: server: # create example data wafer <- rep(c(1:3), each=3) length <- c(1,1,2,1,1,1,3,5,1) width <- c(3,1,6,1,1,1,1,1,6) dd <- data.frame(wafer, length, width) shinyserver(function(input, output, session){ # create reactive dataframe store data values <- reactivevalues() values$df <- data.frame() # lengths , widths of wafer user input <- eventreactive(input$do, { subset(dd, wafer %in% input$wafer, select = length:width) }) # update reactive data frame lengths , widths have been selected user input observe({ if(!is.null(a())) { values$df <- rbind(isolate(values$df), a()) } }) output$wl <- renderdatatable({ a() }) # update radio buttons unique length , widths stored in values$df # ever "observe" put first in co...
Read more

ios - Realm over CoreData should I use NSFetchedResultController or a Dictionary? -

i'm working on app using core data , nsfetchedresultcontroller many reasons switch use realm. saw there "realm version" of nsfetchedresultcontroller on github wouldn't compatible current code using core data. the view controller displaying list of people same school, address book. list sublist of people studied in same city. so thinking make 1 unique request database retrieve list of people , filter locally list within 1 dictionary per school [string: anyobject] string section name within tableview , anyobject array of people. first solution, make nsfetchedresultcontroller each school predicate filtering location. delete actions etc.. handled delegates -> not compatible realm create dictionaries , update them each actions... -> works realm it's annoying code. any better solution? edit: i need clarify request: i'd write class inherit uitableviewcontroller. this class has list of people sorted in alphabetical order the tableview has ...
Read more