-
Bug
-
Resolution: Fixed
-
P3
-
None
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
it's not obvious that Application-Library-Allowable-Codebase attribute required even when user opens http link with correct
domain name in browser. Because for user it looks like he launches a jnlp file form the same host
where main jar file is located.
But when we open link in browser technically happens the following:
1. A browser donwloads a jnlp file
2. the browser passes the jnlp file to javaws
3. javaws don't know from what host it was downloaded, because
the jnlp passed as local jnlp
4. we get the security warning without checkbox.
so we need to say to javaws that this application can be run from other host
than jar files' host. This means that Application-Library-Allowable-Codebase
should be added to jar even if they are located on the same host that jnlp file.
I think this should be described better in our doc:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
.
it's not obvious that Application-Library-Allowable-Codebase attribute required even when user opens http link with correct
domain name in browser. Because for user it looks like he launches a jnlp file form the same host
where main jar file is located.
But when we open link in browser technically happens the following:
1. A browser donwloads a jnlp file
2. the browser passes the jnlp file to javaws
3. javaws don't know from what host it was downloaded, because
the jnlp passed as local jnlp
4. we get the security warning without checkbox.
so we need to say to javaws that this application can be run from other host
than jar files' host. This means that Application-Library-Allowable-Codebase
should be added to jar even if they are located on the same host that jnlp file.
I think this should be described better in our doc:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
.