Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028417

Different dialogs will show when specified different(bad/valid) property inside JNLP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P3 P3
    • 7u51
    • 7u51, 8
    • deploy
    • win7/x86/jre8#728

      Background:
          With latest jre8, when run ca-signed apps that passing bad vmargs/property to vm, the warning dialog is with title "Security Warning" and in more information dialog, it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......"
          For example, when run the following ca-signed app that trying to pass bad property <property name=javapi.user0" value=testquote /> to vm, a warning dialog with title "Security Warning" will show up.

      Steps to reproduce:
          1 Install latest jre8 nightly build#728
          2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
          3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyquote.jnlp
             It try to pass bad property <property name=javapi.user0" value=testquote /> to vm
             The JNLP file is not signed and only jar file is signed.
          4) If a security warning dialog with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached security-warning.png and security-warning-moreinfo.png.

      But for apps that pass valid property to vm, the title of warning dialog is "Security Information".

      Steps to reproduce:
          1) Install latest jre8 nightly build#728
          2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
          3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyTest1.jnlp
             It try to pass valid property <property name="http.keepAlive" value="VALUE"/> to vm
             The JNLP file is also not signed and only jar file is signed.
          4) A security warning dialog with title "Security Information" will show up. See attached security-info.png

        1. security-warning-moreinfo.png
          30 kB
          Crystal Yang
        2. security-warning.png
          35 kB
          Crystal Yang
        3. security-info.png
          21 kB
          Crystal Yang

            mhowe Mark Howe (Inactive)
            wenjyang Crystal Yang (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: