Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8038645

Application-Library-Allowable-Codebase's documentation should be improved

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 8u40
    • None
    • docs

    Description

       http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
      it's not obvious that Application-Library-Allowable-Codebase attribute required even when user opens http link with correct
      domain name in browser. Because for user it looks like he launches a jnlp file form the same host
      where main jar file is located.
       But when we open link in browser technically happens the following:
       1. A browser donwloads a jnlp file
       2. the browser passes the jnlp file to javaws
       3. javaws don't know from what host it was downloaded, because
       the jnlp passed as local jnlp
       4. we get the security warning without checkbox.

       so we need to say to javaws that this application can be run from other host
       than jar files' host. This means that Application-Library-Allowable-Codebase
      should be added to jar even if they are located on the same host that jnlp file.

      I think this should be described better in our doc:
       http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library


      .

      Attachments

        Activity

          People

            jgordon Joni Gordon (Inactive)
            mcherkas Mikhail Cherkasov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: