Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8058782

Deployment Rule Set run Application without signing

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P4
    • 8u40
    • 7u67, 8u20
    • docs
    • x86_64
    • linux

    Description

      A DESCRIPTION OF THE PROBLEM :
      The documentation about Deployment Rule Set ( http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html ) describes clearly, that an Application does not need to be signed if the rule grants the permission run.
      So I have created a rule like

      <rule>
           <id location="https://my.url"/>
           <action permission="run"/>
       </rule>

      but my Applications don't start when they are not signed.

      This effects also Java 8 ( http://docs.oracle.com/javase/8/docs/technotes/guides/deploy/deployment_rules.html )

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      In the documentation should be written, that applications need to be signed to be started also it has the permission run.

      OR:

      Change the implementation so that Applications can really be started without being signed.
      ACTUAL -
      In the documentation is actually written, that applications can start without being signed if it has the permission run.

      URL OF FAULTY DOCUMENTATION :
      http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html

      Attachments

        Activity

          People

            jgordon Joni Gordon (Inactive)
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: