-
Bug
-
Resolution: Not an Issue
-
P3
-
7u51
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
A DESCRIPTION OF THE PROBLEM :
We have a large applet based application with a current client-side minimum jar download size of ~4MB. If we put ALL of our class files into jars, that size will probably double. Most users only use a small portion of the class files for their particular tasks. Having ALL users download ALL the classes, compressed in jars, is extremely time consuming and a major problem after application updates due to the large number of users and the network load it would cause. So after downloading some basic jars other needed individual class files are downloaded as and when requested by user.
For signing applet, applet class files are moved to jar and this jar is signed with following attributes in manifest.
Jar file manifest:
Permissions: all-permissions
Codebase: *
Application-Name: XYZ
Application-Library-Allowable-Codebase: *
Trusted-Library: true
When applet is invoked from browser with JRE 1.7.51, there is a security blocked exception for individual files which are accessed from the signed applet jar.
Applet is launched wih foll. code in html:
<PARAM NAME = CODE VALUE = "XYZ.class">
<PARAM NAME = WIDTH VALUE = "0">
<PARAM NAME = HEIGHT VALUE = "0">
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.5">
<PARAM NAME="scriptable" VALUE="false">
<PARAM NAME = CODEBASE VALUE = "2320">
<PARAM NAME = ARCHIVE VALUE = "Main.jar">
<PARAM NAME = "java_arguments" VALUE = "-Djnlp.packEnabled=true">
<PARAM NAME = "Debug" VALUE = "true">
Main.jar has the XYZ.class. XYZ.class is the applet class and requires abc.class which is not in Main.jar. When tried to access and create a object of abc.class, it throws foll. exception:
com.sun.deploy.security.BlockedException: Your security settings have blocked an untrusted application from running.
REGRESSION. Last worked in version 7u45
REPRODUCIBILITY :
This bug can be reproduced always.
SUPPORT :
YES
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
A DESCRIPTION OF THE PROBLEM :
We have a large applet based application with a current client-side minimum jar download size of ~4MB. If we put ALL of our class files into jars, that size will probably double. Most users only use a small portion of the class files for their particular tasks. Having ALL users download ALL the classes, compressed in jars, is extremely time consuming and a major problem after application updates due to the large number of users and the network load it would cause. So after downloading some basic jars other needed individual class files are downloaded as and when requested by user.
For signing applet, applet class files are moved to jar and this jar is signed with following attributes in manifest.
Jar file manifest:
Permissions: all-permissions
Codebase: *
Application-Name: XYZ
Application-Library-Allowable-Codebase: *
Trusted-Library: true
When applet is invoked from browser with JRE 1.7.51, there is a security blocked exception for individual files which are accessed from the signed applet jar.
Applet is launched wih foll. code in html:
<PARAM NAME = CODE VALUE = "XYZ.class">
<PARAM NAME = WIDTH VALUE = "0">
<PARAM NAME = HEIGHT VALUE = "0">
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.5">
<PARAM NAME="scriptable" VALUE="false">
<PARAM NAME = CODEBASE VALUE = "2320">
<PARAM NAME = ARCHIVE VALUE = "Main.jar">
<PARAM NAME = "java_arguments" VALUE = "-Djnlp.packEnabled=true">
<PARAM NAME = "Debug" VALUE = "true">
Main.jar has the XYZ.class. XYZ.class is the applet class and requires abc.class which is not in Main.jar. When tried to access and create a object of abc.class, it throws foll. exception:
com.sun.deploy.security.BlockedException: Your security settings have blocked an untrusted application from running.
REGRESSION. Last worked in version 7u45
REPRODUCIBILITY :
This bug can be reproduced always.
SUPPORT :
YES