-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
7u51
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) Client VM (build 24.51-b03, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
A DESCRIPTION OF THE PROBLEM :
Signed Java Web Start app of the <applet-desc> type and specifying <all-permissions> security fails to launch with a ClassNotFoundException on the main class when the Java configuration network settings specify the use of an automatic proxy configuration script (either directly or inherited from the browser). If the Java network settings are modified to specify a proxy server explicitly, or use a direct connection, the same app launches as expected.
REGRESSION. Last worked in version 7u45
ADDITIONAL REGRESSION INFORMATION:
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) Client VM (build 24.45-b08, mixed mode, sharing)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Applet jar with manifest entry
Permissions: all-permissions
signed.
Launch (over HTTP/HTTPS) using Web Start directly from JNLP.
JNLP includes
<security><all-permissions/></security>
and an <applet-desc> element.
In Java control panel, general tab, network settings, select "Use automatic proxy configuration script" and specify the (HTTP/HTTPS) URL of a proxy script. I don't believe it matters what's in the script as long as it's appropriately valid for your network.
Launch the applet via the JNLP; to avoid complications, use javaws directly,
javaws http://.../...jnlp
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet launches
ACTUAL -
Application Error dialog
General Exception
Name: HelloWorld
ClassNotFoundException: HelloWorld
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
User home directory = C:\Users\bar
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
JNLP2Viewer args[0] = -codebase
JNLP2Viewer args[1] = http://foo/HelloWorld/
JNLP2Viewer args[2] = -documentbase
JNLP2Viewer args[3] = http://foo/HelloWorld/
JNLP2Viewer args[4] = C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4912acc8-55f24163
Initializing Applet2Environment
JNLP Codebase (absolute): http://foo/HelloWorld/
basic: new JNLP2Manager: http://foo/HelloWorld/HelloWorld.jnlp, codebase: http://foo/HelloWorld/, documentBase: http://foo/HelloWorld/
basic: JNLP2ClassLoader: cstr ...
basic: JNLP2ClassLoader: cstr ...
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7
network: Created version ID: 2.2.51
temp: new XMLParser with source:
temp: <?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
temp:
returning ROOT as follows:
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" width="150" height="150"/>
</jnlp>
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="http://foo/HelloWorld/" href="http://foo/HelloWorld/HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="timeout" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.7+"/>
<jar href="http://foo/HelloWorld/HelloWorld.jar" download="eager" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" documentbase="http://foo/HelloWorld/" width="150" height="150"/>
</jnlp>
temp: new XMLParser with source:
temp: <?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
temp:
returning ROOT as follows:
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" width="150" height="150"/>
</jnlp>
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="http://foo/HelloWorld/" href="http://foo/HelloWorld/HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="timeout" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.7+"/>
<jar href="http://foo/HelloWorld/HelloWorld.jar" download="eager" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" documentbase="http://foo/HelloWorld/" width="150" height="150"/>
</jnlp>
JNLP Ref (absolute): http://foo/HelloWorld/HelloWorld.jnlp
Starting applet (150x150) with parameters:
============= Dump AppletParameters [lowercase=5] [raw=5]
key=[height] value=[150]
key=[__applet_relaunched] value=[false]
key=[java_arguments] value=[]
key=[width] value=[150]
key=[code] value=[HelloWorld]
-----------
key=[height] value=[150]
key=[__applet_relaunched] value=[false]
key=[java_arguments] value=[]
key=[width] value=[150]
key=[code] value=[HelloWorld]
=============== Dump done
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
basic: JNLP2ClassLoader: initialize ...
basic: JNLP2ClassLoader: initialize ...
cache: JNLPPreverifyClassLoader.initialize: FAILED: http://foo/HelloWorld/HelloWorld.jar
basic: addURL: http://foo/HelloWorld/HelloWorld.jar
basic: Plugin2ClassLoader.addURL2 called for http://foo/HelloWorld/HelloWorld.jar
basic: JNLP2ClassLoader: initialize done
basic: Plugin2ClassLoader.drainPendingURLs addURL called for http://foo/HelloWorld/HelloWorld.jar
basic: JNLP2Manager.downloadResources(): updateCache true, allInCache false, doDownload true
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
calling downloadEagerorAll
network: LaunchDownload: concurrent downloads from LD: 4
network: Total size to download: -1
security: Security check for progress jars: allSigned=true
security: Staring warmup validation
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1392313326073
security: blacklist: hasBeenModifiedSince 1392313670363 (we have 1392313326073)
security: Trusted libraries list check is enabled
network: Cache entry found [url: http://foo/HelloWorld/HelloWorld.jar, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://foo/HelloWorld/HelloWorld.jar
cache: Resource http://foo/HelloWorld/HelloWorld.jar has expired.
network: Connecting http://foo/HelloWorld/HelloWorld.jar with proxy=DIRECT
network: ResponseCode for http://foo/HelloWorld/HelloWorld.jar : 304
network: Encoding for http://foo/HelloWorld/HelloWorld.jar : null
network: Disconnect connection to http://foo/HelloWorld/HelloWorld.jar
network: Download Progress: jarsDone: 1
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7
network: Created version ID: 2.2.51
basic: LaunchDesc.selectJRE(false, false) returning selected jre: JREInfo for index 0:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: true
basic: LaunchDesc location: http://foo/HelloWorld/HelloWorld.jnlp
cache: Started cleanup timer (60000 ms) for: http://foo/HelloWorld/HelloWorld.jar
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
basic:
isRelaunch: false
Offline mode: false
forceUpdate: false
needUpdate: false
bgrUpdCheck: false
bgrUpdThread: false
Running JREInfo: JREInfo for index 2:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: false
JREMatcher:
JREDesc: JREDesc[version 1.7+, versionType=0, secure=false, heap=-1--1, args=null, href=http://java.sun.com/products/autodl/j2se, sel=true, null, null]
JREInfo: JREInfo for index 0:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: true
Init Heap: -1
Max Heap: 268435456
Satisfying: true, true
SatisfyingVersion: true
SatisfyingJVMArgs: true, true
SatisfyingSecure: true
Selected JVMParam: [JVMParameters: isSecure: true, args: ]
Running JVMParam: [JVMParameters: isSecure: true, args: "-Xbootclasspath/a:C:\Program Files (x86)\Java\jre7\lib\javaws.jar;C:\Program Files (x86)\Java\jre7\lib\deploy.jar;C:\Program Files (x86)\Java\jre7\lib\plugin.jar"]
network: Created version ID: 1.0+
network: Created version ID: 7.0
basic: Checking current JVM health: { healthy: true, ageSeconds: 0, availableHeapKB: 249935, appletThreads: 3 }
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
cache: Cancel delay cleanup: URL: http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Validating signatures for http://foo/HelloWorld/HelloWorld.jnlp http://foo/HelloWorld/HelloWorld.jnlp
security: TrustedSet null
security: Empty trusted set for [http://foo/HelloWorld/HelloWorld.jnlp]
security: Round 1 (0 out of 1):http://foo/HelloWorld/HelloWorld.jar
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
security: Entry [http://foo/HelloWorld/HelloWorld.jar] is not prevalidated. Revert to full validation of this JAR.
security: Round 2 (0 out of 1):http://foo/HelloWorld/HelloWorld.jar
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
cache: Read manifest for http://foo/HelloWorld/HelloWorld.jar: read=232 full=232
security: Validating cached jar url=http://foo/HelloWorld/HelloWorld.jar ffile=C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4 com.sun.deploy.cache.CachedJarFile@334c25
cache: Reading Signers from 5052 http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
cache: Done readSigners(http://foo/HelloWorld/HelloWorld.jar)
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Istrusted: http://foo/HelloWorld/HelloWorld.jnlp false
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Loading Deployment certificates from C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
cache: Started cleanup timer (60000 ms) for: http://foo/HelloWorld/HelloWorld.jar
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Loading blacklisted.certs file: C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: CAB2559E16AC5F8D98686ED704974A117F9B207491E0984449E46F17AE8E68B7
security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: The OCSP support is enabled
security: The CRL support is enabled
Opening jar http://foo/HelloWorld/HelloWorld.jar
cache: Cancel delay cleanup: URL: http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Validate the certificate chain using CertPath API
security: SHA-256Certificate finger print: CAB2559E16AC5F8D98686ED704974A117F9B207491E0984449E46F17AE8E68B7
security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: The OCSP support is enabled
security: The CRL support is enabled
Opening jar http://foo/HelloWorld/HelloWorld.jar
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
network: Connecting socket://ocsp.verisign.com:80 with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
Missing Application-Name manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: User has granted the privileges to the code for this session only
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
Missing Application-Name manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: User has granted the privileges to the code for this session only
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
security: Mark trusted: http://foo/HelloWorld/HelloWorld.jnlp
basic: LD - All JAR files signed: http://foo/HelloWorld/HelloWorld.jnlp
basic: passing security checks; secureArgs:true, allSigned:false
security: --- parseCommandLine converted :
into:
[]
basic: continuing launch in this VM
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
java.lang.ClassNotFoundException: HelloWorld
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: load: class HelloWorld not found.
java.lang.ClassNotFoundException: HelloWorld
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.ClassNotFoundException: HelloWorld
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
JNLP
=================================
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
=================================
Manifest used during jar
=================================
Permissions: all-permissions
=================================
PAC
=================================
function FindProxyForURL(url, host)
{
return "DIRECT";
}
=================================
Applet source is http://docs.oracle.com/javase/tutorial/deployment/applet/getStarted.html
=================================
import javax.swing.JApplet;
import javax.swing.SwingUtilities;
import javax.swing.JLabel;
public class HelloWorld extends JApplet {
//Called when this applet is loaded into the browser.
public void init() {
//Execute a job on the event-dispatching thread; creating this applet's GUI.
try {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
JLabel lbl = new JLabel("Hello World");
add(lbl);
}
});
} catch (Exception e) {
System.err.println("createGUI didn't complete successfully");
}
}
}
=================================
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't specify a proxy configuration script.
Run as applet (Java plug-in) rather than via Web Start
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) Client VM (build 24.51-b03, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
A DESCRIPTION OF THE PROBLEM :
Signed Java Web Start app of the <applet-desc> type and specifying <all-permissions> security fails to launch with a ClassNotFoundException on the main class when the Java configuration network settings specify the use of an automatic proxy configuration script (either directly or inherited from the browser). If the Java network settings are modified to specify a proxy server explicitly, or use a direct connection, the same app launches as expected.
REGRESSION. Last worked in version 7u45
ADDITIONAL REGRESSION INFORMATION:
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) Client VM (build 24.45-b08, mixed mode, sharing)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Applet jar with manifest entry
Permissions: all-permissions
signed.
Launch (over HTTP/HTTPS) using Web Start directly from JNLP.
JNLP includes
<security><all-permissions/></security>
and an <applet-desc> element.
In Java control panel, general tab, network settings, select "Use automatic proxy configuration script" and specify the (HTTP/HTTPS) URL of a proxy script. I don't believe it matters what's in the script as long as it's appropriately valid for your network.
Launch the applet via the JNLP; to avoid complications, use javaws directly,
javaws http://.../...jnlp
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet launches
ACTUAL -
Application Error dialog
General Exception
Name: HelloWorld
ClassNotFoundException: HelloWorld
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
User home directory = C:\Users\bar
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
JNLP2Viewer args[0] = -codebase
JNLP2Viewer args[1] = http://foo/HelloWorld/
JNLP2Viewer args[2] = -documentbase
JNLP2Viewer args[3] = http://foo/HelloWorld/
JNLP2Viewer args[4] = C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4912acc8-55f24163
Initializing Applet2Environment
JNLP Codebase (absolute): http://foo/HelloWorld/
basic: new JNLP2Manager: http://foo/HelloWorld/HelloWorld.jnlp, codebase: http://foo/HelloWorld/, documentBase: http://foo/HelloWorld/
basic: JNLP2ClassLoader: cstr ...
basic: JNLP2ClassLoader: cstr ...
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7
network: Created version ID: 2.2.51
temp: new XMLParser with source:
temp: <?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
temp:
returning ROOT as follows:
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" width="150" height="150"/>
</jnlp>
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="http://foo/HelloWorld/" href="http://foo/HelloWorld/HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="timeout" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.7+"/>
<jar href="http://foo/HelloWorld/HelloWorld.jar" download="eager" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" documentbase="http://foo/HelloWorld/" width="150" height="150"/>
</jnlp>
temp: new XMLParser with source:
temp: <?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
temp:
returning ROOT as follows:
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" width="150" height="150"/>
</jnlp>
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="http://foo/HelloWorld/" href="http://foo/HelloWorld/HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="timeout" policy="always"/>
<resources>
<java href="http://java.sun.com/products/autodl/j2se" version="1.7+"/>
<jar href="http://foo/HelloWorld/HelloWorld.jar" download="eager" main="true"/>
</resources>
<applet-desc name="Hello World" main-class="HelloWorld" documentbase="http://foo/HelloWorld/" width="150" height="150"/>
</jnlp>
JNLP Ref (absolute): http://foo/HelloWorld/HelloWorld.jnlp
Starting applet (150x150) with parameters:
============= Dump AppletParameters [lowercase=5] [raw=5]
key=[height] value=[150]
key=[__applet_relaunched] value=[false]
key=[java_arguments] value=[]
key=[width] value=[150]
key=[code] value=[HelloWorld]
-----------
key=[height] value=[150]
key=[__applet_relaunched] value=[false]
key=[java_arguments] value=[]
key=[width] value=[150]
key=[code] value=[HelloWorld]
=============== Dump done
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
basic: JNLP2ClassLoader: initialize ...
basic: JNLP2ClassLoader: initialize ...
cache: JNLPPreverifyClassLoader.initialize: FAILED: http://foo/HelloWorld/HelloWorld.jar
basic: addURL: http://foo/HelloWorld/HelloWorld.jar
basic: Plugin2ClassLoader.addURL2 called for http://foo/HelloWorld/HelloWorld.jar
basic: JNLP2ClassLoader: initialize done
basic: Plugin2ClassLoader.drainPendingURLs addURL called for http://foo/HelloWorld/HelloWorld.jar
basic: JNLP2Manager.downloadResources(): updateCache true, allInCache false, doDownload true
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
calling downloadEagerorAll
network: LaunchDownload: concurrent downloads from LD: 4
network: Total size to download: -1
security: Security check for progress jars: allSigned=true
security: Staring warmup validation
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1392313326073
security: blacklist: hasBeenModifiedSince 1392313670363 (we have 1392313326073)
security: Trusted libraries list check is enabled
network: Cache entry found [url: http://foo/HelloWorld/HelloWorld.jar, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://foo/HelloWorld/HelloWorld.jar
cache: Resource http://foo/HelloWorld/HelloWorld.jar has expired.
network: Connecting http://foo/HelloWorld/HelloWorld.jar with proxy=DIRECT
network: ResponseCode for http://foo/HelloWorld/HelloWorld.jar : 304
network: Encoding for http://foo/HelloWorld/HelloWorld.jar : null
network: Disconnect connection to http://foo/HelloWorld/HelloWorld.jar
network: Download Progress: jarsDone: 1
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7
network: Created version ID: 2.2.51
basic: LaunchDesc.selectJRE(false, false) returning selected jre: JREInfo for index 0:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: true
basic: LaunchDesc location: http://foo/HelloWorld/HelloWorld.jnlp
cache: Started cleanup timer (60000 ms) for: http://foo/HelloWorld/HelloWorld.jar
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
security: --- parseCommandLine converted :
into:
[]
basic:
isRelaunch: false
Offline mode: false
forceUpdate: false
needUpdate: false
bgrUpdCheck: false
bgrUpdThread: false
Running JREInfo: JREInfo for index 2:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: false
JREMatcher:
JREDesc: JREDesc[version 1.7+, versionType=0, secure=false, heap=-1--1, args=null, href=http://java.sun.com/products/autodl/j2se, sel=true, null, null]
JREInfo: JREInfo for index 0:
platform is: 1.7
product is: 1.7.0_51
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is:
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.51 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: true
Init Heap: -1
Max Heap: 268435456
Satisfying: true, true
SatisfyingVersion: true
SatisfyingJVMArgs: true, true
SatisfyingSecure: true
Selected JVMParam: [JVMParameters: isSecure: true, args: ]
Running JVMParam: [JVMParameters: isSecure: true, args: "-Xbootclasspath/a:C:\Program Files (x86)\Java\jre7\lib\javaws.jar;C:\Program Files (x86)\Java\jre7\lib\deploy.jar;C:\Program Files (x86)\Java\jre7\lib\plugin.jar"]
network: Created version ID: 1.0+
network: Created version ID: 7.0
basic: Checking current JVM health: { healthy: true, ageSeconds: 0, availableHeapKB: 249935, appletThreads: 3 }
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
cache: Cancel delay cleanup: URL: http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Validating signatures for http://foo/HelloWorld/HelloWorld.jnlp http://foo/HelloWorld/HelloWorld.jnlp
security: TrustedSet null
security: Empty trusted set for [http://foo/HelloWorld/HelloWorld.jnlp]
security: Round 1 (0 out of 1):http://foo/HelloWorld/HelloWorld.jar
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
security: Entry [http://foo/HelloWorld/HelloWorld.jar] is not prevalidated. Revert to full validation of this JAR.
security: Round 2 (0 out of 1):http://foo/HelloWorld/HelloWorld.jar
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
cache: Read manifest for http://foo/HelloWorld/HelloWorld.jar: read=232 full=232
security: Validating cached jar url=http://foo/HelloWorld/HelloWorld.jar ffile=C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4 com.sun.deploy.cache.CachedJarFile@334c25
cache: Reading Signers from 5052 http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
cache: Done readSigners(http://foo/HelloWorld/HelloWorld.jar)
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Istrusted: http://foo/HelloWorld/HelloWorld.jnlp false
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Loading Deployment certificates from C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
cache: Started cleanup timer (60000 ms) for: http://foo/HelloWorld/HelloWorld.jar
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Loading blacklisted.certs file: C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: CAB2559E16AC5F8D98686ED704974A117F9B207491E0984449E46F17AE8E68B7
security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: The OCSP support is enabled
security: The CRL support is enabled
Opening jar http://foo/HelloWorld/HelloWorld.jar
cache: Cancel delay cleanup: URL: http://foo/HelloWorld/HelloWorld.jar | C:\Users\bar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\12f643c5-7749e6e4.idx
security: Trust for: http://foo/HelloWorld/HelloWorld.jar has ended: Thu Jan 01 01:00:00 GMT 1970
network: Created version ID: 1.7.0.51
network: Created version ID: 1.7+
security: Missing Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: Validate the certificate chain using CertPath API
security: SHA-256Certificate finger print: CAB2559E16AC5F8D98686ED704974A117F9B207491E0984449E46F17AE8E68B7
security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: The OCSP support is enabled
security: The CRL support is enabled
Opening jar http://foo/HelloWorld/HelloWorld.jar
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
network: Connecting socket://ocsp.verisign.com:80 with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
Missing Application-Name manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: User has granted the privileges to the code for this session only
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
Missing Application-Name manifest attribute for: http://foo/HelloWorld/HelloWorld.jar
security: User has granted the privileges to the code for this session only
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
security: Mark trusted: http://foo/HelloWorld/HelloWorld.jnlp
basic: LD - All JAR files signed: http://foo/HelloWorld/HelloWorld.jnlp
basic: passing security checks; secureArgs:true, allSigned:false
security: --- parseCommandLine converted :
into:
[]
basic: continuing launch in this VM
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
basic: JNLP2ClassLoader.findClass: HelloWorld: try again ..
java.lang.ClassNotFoundException: HelloWorld
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: load: class HelloWorld not found.
java.lang.ClassNotFoundException: HelloWorld
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.ClassNotFoundException: HelloWorld
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
JNLP
=================================
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" href="HelloWorld.jnlp">
<information>
<title>Hello World</title>
<vendor>Me</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<!-- Application Resources -->
<j2se version="1.7+"
href="http://java.sun.com/products/autodl/j2se"/>
<jar href="HelloWorld.jar" main="true" />
</resources>
<applet-desc
name="Hello World"
main-class="HelloWorld"
width="150"
height="150">
</applet-desc>
</jnlp>
=================================
Manifest used during jar
=================================
Permissions: all-permissions
=================================
PAC
=================================
function FindProxyForURL(url, host)
{
return "DIRECT";
}
=================================
Applet source is http://docs.oracle.com/javase/tutorial/deployment/applet/getStarted.html
=================================
import javax.swing.JApplet;
import javax.swing.SwingUtilities;
import javax.swing.JLabel;
public class HelloWorld extends JApplet {
//Called when this applet is loaded into the browser.
public void init() {
//Execute a job on the event-dispatching thread; creating this applet's GUI.
try {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
JLabel lbl = new JLabel("Hello World");
add(lbl);
}
});
} catch (Exception e) {
System.err.println("createGUI didn't complete successfully");
}
}
}
=================================
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't specify a proxy configuration script.
Run as applet (Java plug-in) rather than via Web Start
- duplicates
-
-
- Closed
-