P2 Description
There is a fatal regression with Java Web Start 1.6.0_14.
With Java Web Start 1.6.0_13 all is working. The method getClass().getProtectionDomain().getCodeSource().getCodeSigners() return
null for a signed jar file with Java Web Start 1.6.0_14.
The same code in an applet is working with Java 1.6.0_14.
The attached signed sample jar file use the follow lines:
ProtectionDomain domain = getClass().getProtectionDomain();
System.err.println(domain);
System.err.println(domain.getCodeSource());
System.err.println(domain.getCodeSource().getCodeSigners());
And it print the follow output:
ProtectionDomain (http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)
com.sun.jnlp.JNLPClassLoader@1dfafd1
<no principals>
java.security.Permissions@ca0115 (
(java.net.SocketPermission dell28 connect,accept,resolve)
(java.io.FilePermission C:\Users\Volker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4de16a24-296b297c read)
(java.security.AllPermission <all permissions> <all actions>)
)
(http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)
null
You can see all permsision are granted which means the certificate was detected.
But there is no certificate. Their application need the certificate to verify the
access rights of self loaded jar files.
The problem seems more critical, if a jnlp application has more as one signed jar file
then it also does not run. See the log output below. They only have one certificat,
so be sure the certificate is identical.
logfile:
Java Web Start 1.6.0_14
Using JRE version 1.6.0_14-b08 Java HotSpot(TM) Client VM
User home directory = C:\Dokumente und Einstellungen\Administrator
----------------------------------------------------
c:?? clear console window
f:?? finalize objects on finalization queue
g:?? garbage collect
h:?? display this help message
m:?? print memory usage
o:?? trigger logging
p:?? reload proxy configuration
q:?? hide console
r:?? reload policy configuration
s:?? dump system and deployment properties
t:?? dump thread list
v:?? dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
Reading certificates from 121972 http://bln/HelpDesk7/classes/Dialog.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52\49060774-6f46d447.idx
Reading certificates from 31344 http://bln/HelpDesk7/classes/CC-Viewer.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\ac1d2f7-1ffaf060.idx
#### Java Web Start Error:
#### JAR resources in JNLP file are not signed by same certificate
With Java Web Start 1.6.0_13 all is working. The method getClass().getProtectionDomain().getCodeSource().getCodeSigners() return
null for a signed jar file with Java Web Start 1.6.0_14.
The same code in an applet is working with Java 1.6.0_14.
The attached signed sample jar file use the follow lines:
ProtectionDomain domain = getClass().getProtectionDomain();
System.err.println(domain);
System.err.println(domain.getCodeSource());
System.err.println(domain.getCodeSource().getCodeSigners());
And it print the follow output:
ProtectionDomain (http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)
com.sun.jnlp.JNLPClassLoader@1dfafd1
<no principals>
java.security.Permissions@ca0115 (
(java.net.SocketPermission dell28 connect,accept,resolve)
(java.io.FilePermission C:\Users\Volker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4de16a24-296b297c read)
(java.security.AllPermission <all permissions> <all actions>)
)
(http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)
null
You can see all permsision are granted which means the certificate was detected.
But there is no certificate. Their application need the certificate to verify the
access rights of self loaded jar files.
The problem seems more critical, if a jnlp application has more as one signed jar file
then it also does not run. See the log output below. They only have one certificat,
so be sure the certificate is identical.
logfile:
Java Web Start 1.6.0_14
Using JRE version 1.6.0_14-b08 Java HotSpot(TM) Client VM
User home directory = C:\Dokumente und Einstellungen\Administrator
----------------------------------------------------
c:?? clear console window
f:?? finalize objects on finalization queue
g:?? garbage collect
h:?? display this help message
m:?? print memory usage
o:?? trigger logging
p:?? reload proxy configuration
q:?? hide console
r:?? reload policy configuration
s:?? dump system and deployment properties
t:?? dump thread list
v:?? dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
Reading certificates from 121972 http://bln/HelpDesk7/classes/Dialog.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52\49060774-6f46d447.idx
Reading certificates from 31344 http://bln/HelpDesk7/classes/CC-Viewer.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\ac1d2f7-1ffaf060.idx
#### Java Web Start Error:
#### JAR resources in JNLP file are not signed by same certificate