-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
None
-
8
-
x86
-
windows_8
FULL PRODUCT VERSION :
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.2.9200]
A DESCRIPTION OF THE PROBLEM :
A webstart application whose JAR files are pack200-compressed, but are served by a mis-configured web server which does not include the proper Content-Type and Content-Encoding headers indicating this, will fail to launch with the following exception:
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.AppPolicy.addPermissions(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.getTrustedCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Serve the pack200'd jar files with headers like this:
> Content-Location: main-makeschool.jar.pack.gz
> Content-Type: application/x-gzip
Instead of the correct headers, which are:
> Content-Location: main-makeschool.jar.pack.gz
> Content-Type: application/x-java-archive
> Content-Encoding: pack200-gzip
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A friendlier error message, saying something like:
The resource designated as the application's main JAR file does not appear to be a JAR file (perhaps because the server is sending the wrong Content-Type and/or Content-Encoding headers)
ACTUAL -
The NullPointerException given above, which is extremely hard to diagnose because the classes involved (a) have no public source code and (b) are not obviously related to HTTP headers or content encoding, but instead appear to have to do with security checks and permissions.
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.2.9200]
A DESCRIPTION OF THE PROBLEM :
A webstart application whose JAR files are pack200-compressed, but are served by a mis-configured web server which does not include the proper Content-Type and Content-Encoding headers indicating this, will fail to launch with the following exception:
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.AppPolicy.addPermissions(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.getTrustedCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Serve the pack200'd jar files with headers like this:
> Content-Location: main-makeschool.jar.pack.gz
> Content-Type: application/x-gzip
Instead of the correct headers, which are:
> Content-Location: main-makeschool.jar.pack.gz
> Content-Type: application/x-java-archive
> Content-Encoding: pack200-gzip
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A friendlier error message, saying something like:
The resource designated as the application's main JAR file does not appear to be a JAR file (perhaps because the server is sending the wrong Content-Type and/or Content-Encoding headers)
ACTUAL -
The NullPointerException given above, which is extremely hard to diagnose because the classes involved (a) have no public source code and (b) are not obviously related to HTTP headers or content encoding, but instead appear to have to do with security checks and permissions.
REPRODUCIBILITY :
This bug can be reproduced always.