Name: dfR10049 Date: 11/15/2000



JNLP spec states:

   The following requirements must be satisfied before a JNLP Client can grant
   an application these access rights:

   1. The application is signed.

   2. The user and/or the JNLP Client trusts the certificate that is used to sign
   the application.

But if some requested jars are unsigned or jars are signed with different certificates
JNLP client is running in a trusted environment in spite of this.

Example of .jnlp file where 3 jar files are requested:

allPerm.jar \ signed with different certificates
classes.jar /
unsigned.jar - unsigned jar


<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="0.2+"
  codebase="http://localhost:12345/">
  <information>
    <title>Trusted Environment test</title>
    <vendor>Sun Microsystems, Inc.</vendor>
    <homepage href="index.html"/>
  </information>
  <resources>
    <j2se version="1.3 1.2"/>
    <jar href="allPerm.jar"/>
    <jar href="classes.jar"/>
    <jar href="unsigned.jar"/>
  </resources>
  <security>
    <all-permissions/>
  </security>
  <application-desc main-class="MyClass">
  </application-desc>

</jnlp>

======================================================================