-
Bug
-
Resolution: Fixed
-
P3
-
6u10, 6u14
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2198767 | 7 | Dennis Gu | P3 | Resolved | Fixed | b104 |
FULL PRODUCT VERSION :
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 5.2.3790]
I confirm I'm using Windows XP x64 Edition, but I reproduced the problem with JRE 1.6.0_u14 32-bit version, starting the Java Web Start 32-bit client on a JNLP downloaded with a 32-bit browser (Firefox 2).
Anyway, I just checked that the same problem occurs even if I use the Java Web Start client of the 64-bit 1.6.0_u14 JRE release.
A DESCRIPTION OF THE PROBLEM :
When you try to launch an application through JNLP and the JNLP files requests an eager download of a JAR which does not contain anything (just META-INF with the signing information), Java Web Start fails and the application is not started.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Please see steps to repro of bug #6533653
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The application should start. The empty JAR is signed and should not give any problem to the Java Web Start client.
This DID work with Java 6_u13, 6_u12, 6_u10, 6_u5...
ACTUAL -
The application is not started and an error dialog is shown by the Java Web Start Client.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
In the Java console I read:
#### Java Web Start Error:
#### Un'applicazione non firmata ha richiesto l'accesso illimitato al sistema
Risorsa non firmata: http://sun2.ost.lan:8080/cardinis-ost/applet/conf.jar
(translated: an unsigned application has requested unlimited access to the system. Unsigned resource: http://sun2.ost.lan:8080/cardinis-ost/applet/conf.jar)
Please note that conf.jar is actually signed!
In the details of the error dialog shown by Java Web Start client I read:
JNLPException[category: Errore di protezione : Exception: null : LaunchDesc:
<jnlp spec="1.5+" codebase="http://<server>:8080/path/to/codebase" version="1.0">
<information>
<title>App Name</title>
<vendor>Vendor Name</vendor>
<homepage href="Vendor home page"/>
<description kind="short">App Description</description>
<icon href="http://<server>:8080/path/to/icon.gif" kind="default"/>
</information>
<security>
<all-permissions/>
</security>
<update check="always" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.6.0_14"/>
<!-- CUT other JARs defined -->
<jar href="http://<server>:8080/cardinis-ost/applet/conf.jar" download="eager" main="false"/>
<property name="swing.defaultlaf" value="javax.swing.plaf.metal.MetalLookAndFeel"/>
<!-- CUT other JARs defined -->
</resources>
<applet-desc name="App Name" main-class="com.package.AppletMainClass" width="400" height="200">
<!-- CUT params definition -->
</applet-desc>
</jnlp> ]
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Remove the empty JAR from the JAR list declared in the JNLP file.
Release Regression From : 6u13
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 5.2.3790]
I confirm I'm using Windows XP x64 Edition, but I reproduced the problem with JRE 1.6.0_u14 32-bit version, starting the Java Web Start 32-bit client on a JNLP downloaded with a 32-bit browser (Firefox 2).
Anyway, I just checked that the same problem occurs even if I use the Java Web Start client of the 64-bit 1.6.0_u14 JRE release.
A DESCRIPTION OF THE PROBLEM :
When you try to launch an application through JNLP and the JNLP files requests an eager download of a JAR which does not contain anything (just META-INF with the signing information), Java Web Start fails and the application is not started.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Please see steps to repro of bug #6533653
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The application should start. The empty JAR is signed and should not give any problem to the Java Web Start client.
This DID work with Java 6_u13, 6_u12, 6_u10, 6_u5...
ACTUAL -
The application is not started and an error dialog is shown by the Java Web Start Client.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
In the Java console I read:
#### Java Web Start Error:
#### Un'applicazione non firmata ha richiesto l'accesso illimitato al sistema
Risorsa non firmata: http://sun2.ost.lan:8080/cardinis-ost/applet/conf.jar
(translated: an unsigned application has requested unlimited access to the system. Unsigned resource: http://sun2.ost.lan:8080/cardinis-ost/applet/conf.jar)
Please note that conf.jar is actually signed!
In the details of the error dialog shown by Java Web Start client I read:
JNLPException[category: Errore di protezione : Exception: null : LaunchDesc:
<jnlp spec="1.5+" codebase="http://<server>:8080/path/to/codebase" version="1.0">
<information>
<title>App Name</title>
<vendor>Vendor Name</vendor>
<homepage href="Vendor home page"/>
<description kind="short">App Description</description>
<icon href="http://<server>:8080/path/to/icon.gif" kind="default"/>
</information>
<security>
<all-permissions/>
</security>
<update check="always" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.6.0_14"/>
<!-- CUT other JARs defined -->
<jar href="http://<server>:8080/cardinis-ost/applet/conf.jar" download="eager" main="false"/>
<property name="swing.defaultlaf" value="javax.swing.plaf.metal.MetalLookAndFeel"/>
<!-- CUT other JARs defined -->
</resources>
<applet-desc name="App Name" main-class="com.package.AppletMainClass" width="400" height="200">
<!-- CUT params definition -->
</applet-desc>
</jnlp> ]
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Remove the empty JAR from the JAR list declared in the JNLP file.
Release Regression From : 6u13
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- backported by
-
JDK-2198767 [REGRESSION] Bug #6533653 is back in Java 6u14
-
- Resolved
-
- relates to
-
-
- Closed
-