Details
-
Enhancement
-
Resolution: Fixed
-
P2
-
6u20, 6u21
Description
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
Now that 6u20 mandates a codebase url in the jnlps it is now for us impossible anymore to create a webstart application that will not give you a warning dialog about security issues...
This because webstart complains about jnlp files that are not signed. But how can customers of us now deploy our product on there machines? We have to generate the right codebase into the jnlp's but if we do that then how can we sign it?
Please drop the restriction that jnlp files need to be signed, because thats just impossible to do. Please if you see any other way tell me, but i have no more idea's how to get our application installed without the need for a warning dialog.
A information dialog where users can press on install (like the extension installation information dialog) thats fine. But we just cant have that users get a dialog: The applications digital signature cannot be verified. Do you want to run this application? With a big Warning icon.
First of all every jar in the jnlp file is signed, the signature is trusted and can be verified. So that title is very very misleading.. If you then press on More Information then yes you see that the jnlp file is not signed. But users have no idea what that is so they still think it is not safe, but it it perfectly valid.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
That we get a Information dialog telling use that they are going to install the Servoy application, not a warning dialog with a message that the digital signature cannot be verified.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
I dont see any workaround anymore.
its just impossible for us to use our product in a webstart without getting a security dialog.
SUPPORT :
YES
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
Now that 6u20 mandates a codebase url in the jnlps it is now for us impossible anymore to create a webstart application that will not give you a warning dialog about security issues...
This because webstart complains about jnlp files that are not signed. But how can customers of us now deploy our product on there machines? We have to generate the right codebase into the jnlp's but if we do that then how can we sign it?
Please drop the restriction that jnlp files need to be signed, because thats just impossible to do. Please if you see any other way tell me, but i have no more idea's how to get our application installed without the need for a warning dialog.
A information dialog where users can press on install (like the extension installation information dialog) thats fine. But we just cant have that users get a dialog: The applications digital signature cannot be verified. Do you want to run this application? With a big Warning icon.
First of all every jar in the jnlp file is signed, the signature is trusted and can be verified. So that title is very very misleading.. If you then press on More Information then yes you see that the jnlp file is not signed. But users have no idea what that is so they still think it is not safe, but it it perfectly valid.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
That we get a Information dialog telling use that they are going to install the Servoy application, not a warning dialog with a message that the digital signature cannot be verified.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
I dont see any workaround anymore.
its just impossible for us to use our product in a webstart without getting a security dialog.
SUPPORT :
YES
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Attachments
Issue Links
- duplicates
-
JDK-6959987 JNLP applications should get launched only if proper/valid codebase is specified inside the JNLP
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-