Reviewer needed - fix for Re: Strange behaviour during javaws -about
Omair Majid
omajid at redhat.com
Mon Feb 28 09:52:32 PST 2011
On 02/24/2011 11:43 AM, Jiri Vanek wrote:
> On 02/24/2011 12:36 AM, Omair Majid wrote:
>
> So, this patch expects fixed about.jnlp to have code base of
> file://$DEST_DIR/share
>
> Then removes all-permissions, and lunched fixed window without them. The
> window is not running in invoke later(which probably caused the hang)
> but runs in javaws's own thread. Also points directly to correct jnlp
> local file and runs offline.
>
>> On 02/23/2011 12:51 PM, Dr Andrew John Hughes wrote:
>>> What is the motivation for this change? Assuming it still runs without
>>> all-permissions, the change looks fine.
>>>
>>
>> From my very limited testing, it doesnt :(
> >
>> snip
Contrary to what I had expected, this patch works just fine. I am still
not sure if we want to do it this way, but it works. The comments below
are an attempt to explain why it works.
> @@ -112,24 +105,8 @@
> }
>
> public static void main(String[] args) {
> - javax.swing.SwingUtilities.invokeLater(new Runnable() {
> - public void run() {
> - createAndShowGUI();
> - }
> - });
> - }
> + createAndShowGUI();
> + }
>
This was what was really confusing me. The "new Runnable() {...}" bit is
really an inner class, Main$1. Main and HTMLPanel are loaded by netx
itself (which has permissions to access any package), but Main$1 is
loaded by Main, which does not have access to the package
net.sourceforge.jnlp.about. So keeping the invokeLater causes an
AccessControlException (as Main tries to access
net.sourceforge.jnlp.about.Main$1), while removing it makes the
untrusted about application work.
The correct fix, IMHO, would be to change the package of about, so
about.jar can access all it's own classes without security exceptions.
On the other hand, I think that may be an overly complex solution;
removing invokeLater works for now (thought it may break at some point).
Does anyone else have any thoughts about this?
Cheers,
Omair
More information about the distro-pkg-dev
mailing list