-
Bug
-
Resolution: Incomplete
-
P4
-
None
-
6u14, 6u19
-
x86
-
windows_xp
Getting DownloadException exception with Java Web Start in Java 6 Update19 and 20.
It seems Java Web Start does not like jars (or possibly just jar.pack.gz files)
that contain no class files, e.g. that only contain a manifest.
These occur in cases in the client jar tooling, serving as a Class-Path entry
to reference other jars.
There is a workaround in newer versions of their software to insert a dummy class file
-- as this was needed to make Java 5 clients work with .jar.pack.gz files created
with Java 6 -- but this now appears to be necessary on a much broader basis.
The "trusted library" logic in Java 6 Update 19 and 20 gets completely befuddled
if one of the client jars does not contain a manifest. In this case it raises
the security dialog and the exceptions point to one of the (perfectly fine)
trusted libraries one is using being a problem. Adding a manifest resolves the issue.
It looks like someone is forgetting to consider corner cases:
* Lack of non-manifest (or possibly specifically class files) in a jar now
causes JWS to produce a DownloadException
* Lack of a manifest file in a jar now causes mixed-code cases making use
of trusted libraries to cause an inappropriate and inaccurate security
dialog
* [Back a ways] Java 6 produces .jar.pack.gz files that cannot be read by
Java 5 unless the jar contains at least one class file.
Seems like a trend
It seems Java Web Start does not like jars (or possibly just jar.pack.gz files)
that contain no class files, e.g. that only contain a manifest.
These occur in cases in the client jar tooling, serving as a Class-Path entry
to reference other jars.
There is a workaround in newer versions of their software to insert a dummy class file
-- as this was needed to make Java 5 clients work with .jar.pack.gz files created
with Java 6 -- but this now appears to be necessary on a much broader basis.
The "trusted library" logic in Java 6 Update 19 and 20 gets completely befuddled
if one of the client jars does not contain a manifest. In this case it raises
the security dialog and the exceptions point to one of the (perfectly fine)
trusted libraries one is using being a problem. Adding a manifest resolves the issue.
It looks like someone is forgetting to consider corner cases:
* Lack of non-manifest (or possibly specifically class files) in a jar now
causes JWS to produce a DownloadException
* Lack of a manifest file in a jar now causes mixed-code cases making use
of trusted libraries to cause an inappropriate and inaccurate security
dialog
* [Back a ways] Java 6 produces .jar.pack.gz files that cannot be read by
Java 5 unless the jar contains at least one class file.
Seems like a trend
- duplicates
-
-
- Closed
-