“Don’t bury the lede”
A working HP ProCurve Java WebUI screenshot to showing that I got it working.
My earlier post HP ProCurve 2800 initial setup discussed an initial configuration of a network switch and mentioned in passing that I got the ProCurve Java WebUI working in a relatively safe manner. Here is how I put that together on a modern machine running Windows 10 Professional 64-bit.
WARNING: It should go without saying that you should not use the FireFox Web Browser from January 2017 that we are setting up here for the very old Java Web App supported on hardware released in 2004 and EOL in 2013 on the public internet. You will be hacked without a doubt in seconds. These are completely unpatched versions of two very very very old pieces of software. You have been duly warned.
Summary
Back in the day, the HP ProCurve switches had a convenient web interface that used Java Webstart in a browser to give you an interactive method to look at your switch status and update minor settings. This WebUI was never as powerful as the full console CLI but just a nice feature when debugging a network issue. It was also very useful to hand out to support folks for a quick and easy way to verify a switch or port on a switch was functional. I like quick and easy so I wanted this functionality back.
Honestly, my first thoughts were to build a Virtual Machine using a Microsoft Windows 7 installation with that era of web-browser and java installed and use it to access the switches. After some consideration that seemed like a lot of work, was resource intensive and probably prone to issues cropping up with an incredibly old and unsupported OS. Thus entered the idea to use PortableApps to run an older isolated web browser and Java.
History (optional)
So now for some quick related history as to why we have this problem. You can safely skip down to the Download Software section to avoid learning about it without any issues.
Back in the early Internet there were a limited number of web-browsers. Netscape which later became FireFox was one the major players. They had a plugin system for their web-browser called Netscape Plugin Application Programming Interface (NPAPI) that you could use to enable things like Macromedia Flash, Sun Java (before Oracle), Microsoft Silverlight and other such extensions to the browser. This NPAPI capability was in most web-browsers until around 2015-2017 when it was removed due to security concerns. Other methods to handle support for custom content types evolved and became broadly supported. Thus the NPAPI was depreciated leaving folks with their java apps abandoned.
The idea behind JWS (Java Web Start) and JNLP (Java Network Launching Protocol) was to use your web browser to download a small JNLP text file and it passes the contents of the file as argument to the locally installed Java Web Start (JWS) executable. The JWS would use those JNLP file contents, download the java application along with any dependencies and fire it up. This could fire up the java application as an Applet in the web browser or as a stand alone Java Desktop Client GUI Application. For our ProCurve case, this would be the Java Applet in the web browser.
JWS initially just launched Java GUI Applications on your local machine using a local Java Runtime. Later it added support for launching java applets in web browsers. This caused lots of confusion as to what JWS was in play at any given point. More insanity ensures when you add certificate signing and MD5 signatures to various pieces of this hodge-podge.
Early versions of JWS allowed for self-signed certificates to sign your application. This was later removed and code signing certificates which costed serious money (a couple hundred USD) became a requirements for JWS. This was not a SSL/TLS certificate for your website but a code signing certificate. Those are completely separate certificates. So you Java Applet and your Java Application would both need to be signed. For fun, read up on JKS (Java Key Stores) if you have a chunk of free time. I was an expert at this at one time and blessedly no longer need to know it unless supporting very old software.
HP ProCurve switches implemented a WebUI using Java Webstart that requires the Java Runtime Engine installed in the web-browser. This is the Java Webstart requirement that led me down this rabbit hole of an older web-browser and older Java Runtime that supports these switches WebUI. I picked FireFox as the web-browser due to familiarity with it and the JRE version is dictated by what supports FireFox and Java Web Start. I want the last version of each piece of software that had support to run the WebUI.
Download Software
You will need to download two pieces of software. A specific version of Firefox Portable Edition with NPAPI support and Java Portable that is supported in that web-browser. I have pulled copies locally and have links to where I pulled them for your inspection.
Here is the link to Java Portable general download website. You will need the 32-bit version and not the 64-bit version. To match the era with support for JNLP (Java Webstart) I picked “Java 8 Update 121”. Also there is an issue with MD5 signing issues with later versions of Java to contend with which also impacts the 64-bit versions.
Here is the link to Mozilla Firefox, Portable Ed. general download website and they are bundled for both 32-bit and 64-bit. The last version that supports JNLP (Java Webstart) are either Firefox 51.0 or 51.0.1. I have tested with 51.0 and 51.0.1 and both seem to work fine. You must enable 32-bit only or this will fail to work.
For the directly links to the versions you need:
Pull down copies of these two files to your local system someplace you can find them to install in the next steps.
Note: There is something called the “Extended Support Release (ESR)” of Firefox that claimed to maintain support for plugins thru “Firefox-ESR 52.7.3 (32-bit)” along with “Oracle Java Version 8 Update 231” version that might also be supportable but I have not tested them.
Install Software
Install the Firefox web browser first then follow with the Java Portable installation. Doing this in that order configures everything correctly. The other way you will encounter issues.
Firefox install
Using the above downloaded files, install the “Mozilla Firefox, Portable Ed. version 51.0.1” on your local Windows system. I used all defaults.
Notice that I changed my default install location from "C:\Users\<username>\Downloads\Firefox_51.0.1_Portable" to "C:\PortableApps\FirefoxPortable". This is helpful later.
This is the installed Firefox that I have setup at this point.
Java Portable install
Using the above downloaded files, install the “Java Portable 32-bit version 8 update 121” on your local Windows system. I used all defaults which picked up the FireFox install location.
Default if you used above will be C:\PortableApps\CommonFiles\Java.
These are now installed but not a fully configured useful Java at this point.
Note: In my testing, using the 64-bit versions did not work for something related to MD5 signed Java deployments. Use the 32-bit configuration and versions to reproduce my results.
You should have two installed PortableApps for Firefox and JPortable(Java) in sub-folders: CommonFiles/Java and Firefox. The next two sections will describe what we are doing to each and then a detailed set of steps for each.
Before going to the configuration, we will confirm they are installed appropriately.
Firefox install confirmation
To confirm the Firefox installation you should see something that looks like below.
We will be adding the file C:\PortableApps\FirefoxPortable\Other\Source\FirefoxPortable.ini to the location C:\PortableApps\FirefoxPortable\ next to the FirefoxPortable.exe file and modifying it to run only in 32-bit mode and allow multiple instances of Firefox to run.
Java install confirmation
To confirm the Portable Java installation you should see something like this below.
You will run the Java Control Panel to configure for enabling java in the web browser and the website or IP address of switch allowed to run java applications.
FirefoxPortable Configuration
If your install mirrors mine with a root of C:\PortableApps then you can find the original file shown above in C:\PortableApps\FirefoxPortable\Other\Source\FirefoxPortable.ini. You will copy this file to C:\PortableApps\FirefoxPortable next to the FirefoxPortable.exe file and modify it with three changes. On lines 10 and 15, 16 modify the file to match entries to comment out #AllowMultipleInstances=false and add the two lines for AllowMultipleInstances=true and AlwaysUse32Bit=true.
Click to see the INI file as text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| [FirefoxPortable]
FirefoxDirectory=App\firefox
ProfileDirectory=Data\profile
SettingsDirectory=Data\settings
PluginsDirectory=Data\plugins
FirefoxExecutable=firefox.exe
AdditionalParameters=
LocalHomepage=
DisableSplashScreen=false
# AllowMultipleInstances=false
DisableIntelligentStart=false
SkipCompregFix=false
RunLocally=false
AllowMultipleInstances=true
AlwaysUse32Bit=true
# The above options are explained in the included readme.txt
# This INI file is an example only and is not used unless it is placed as described in the included readme.txt
|
Java Portable Configuration
Again, if your installation of Firefox and JPortable mirrors what I did above with a root of C:\PortableApps then you will find the Java Control Panel in C:\PortableApps\CommonFiles\Java\bin and you will open the file javacpl.exe.
Open the javacpl.exe, Java Control Panel, so you can configure it as follows. At the top of the dialog, check the “Enable Java content in the browser” box in the “Security” tab of the Java Control Panel.
Next, you need to add the complete URL of you network switch to the “Exception Site List” found at the bottom of the dialog. For my testing, I’ve only tried this with the non-security HTTP to my switch with the entry “http://10.10.10.10” address entered. This worked for me successfully. Some people with similar setups, mentioned they also I needed to have the port number along with the URL in the Exception Site List with something like “http://10.10.10.10:80” for it to work. For my test, I did not encounter this issue.
For people that want to dive deeper, those exception list settings are stored in a text file at C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites if you need to populate it with a longer list of IP Addresses. The star (*) syntax and format is untested shown in the dialog is an untested option I found in the documentation.
Other thoughts
Try a modern or open source JWS called OpenWebStart. I just dodged this entirely as I could see it being a time sink. Somebody else might want to try this.
Using a Virtual Machine with an older OS and Web Browser of that era. Plenty of folks have done this in other places for applications. Heck I used this method to support a plasma injection molding system at a manufacturing job several years back. Definitely an option but more weight than I wanted.
I could also have tried using the Firefox ESR (Extended Support Release) that kept the NSAPI support longer and kept it patched up longer. As I wasn’t sure of when that release dumped NSAPI support, I just avoided it in this first test.
I could have automated the JPortable setup further but this is just a quick side project to get those switches up easily with a WebUI.
References
This list of articles and posts were instrumental in getting this working.
Final Thoughts and Working Interface
|
 |
| Java WebGUI |
Serial Console |
Pick your poison, I just happen to like having both options available. The serial console has all the options and is easy to repeat the steps with code. The WebUI gives you a quick visual of what is happening and for some operations a quick way to make changes. I hope this helps somebody else trying to keep some older equipment out of a land-fill and working fully.