Providing signed Java WebStart client files

The DataCleaner monitor web application features an option to let the user launch the desktop application for editing and testing jobs deployed on the monitor server. To enable this special mode of interoperability, signed JAR files needs to be provided, since otherwise the desktop application will not be allowed to launch by most Java runtime configurations.

Producing the signed JARs

By default DataCleaner monitor will use a public set of DataCleaner JAR files to launch the Java Web Start client (when clicking on "Analyze" buttons on the 'Scheduling' and 'Datastores' pages).

If your server does not have internet access, you can provide your own set of JAR files for the DataCleaner Java Web Start client. The procedure involves signing these JAR files, which may depend on the availability of a certificate. If no certificate is available, you can also self-sign the JARs, but that will cause a warning to pop up before launching the client.

In-depth information about JAR file signing can be found on Oracle's website: http://docs.oracle.com/javase/tutorial/deployment/jar/signing.html

For the purposes of this installation, you will need to create a Java keystore alias, optionally based upon a certificate. If this is new to you, and you just want to have use simple self-signed JAR files, issue the following command:

				keytool -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -genkey -alias my_alias
			

You will be prompted for the keystore password, which is by default "changeit".

After running the command, it will eventually produce an alias in your keystore.

After installing DataCleaner, the installation folder will include either of these executables, depending on operating system:

				sign-jar-files.cmd (on windows systems)
				sign-jar-files.sh (on unix systems)
			

Open the appropriate executable. It will have a top section like this (example from .cmd file. The .sh file does not have the 'set' keyword):

				set ALIAS=my_alias
				set KEYPASS=my_password
				set SIGFILE=
			

Set the KEYPASS variable to the alias password.

Set the ALIAS variable to the alias name.

Optionally set the SIGFILE variable to the name of your signature.

Run the sign-jar-files executable. A folder named signed_jars will be produced in the installation directory.

Configuring DataCleaner monitor to use the signed JARs

In the ${user.home}/.datacleaner/datacleaner-monitor.properties file you can define the ‘jnlp.artifacts.location’ property, which should point to the directory of your signed JAR files. This is the default definition:

				jnlp.artifacts.location=${user.home}/.datacleaner/jnlp-launch-artifacts
			

Restart the DataCleaner monitor after configuring this property.