[RFC][icedtea-web] Do not allow searching of jar manifest classpath if jnlp_href is being used

Jiri Vanek jvanek at redhat.com
Thu May 17 02:50:31 PDT 2012 

On 05/17/2012 12:58 AM, Danesh Dadachanji wrote:
> Hi,

  I think this is ok, but few hints:

> Applets run by the plugin are allowed to specify classpaths in their jars' manifest files. IMO this
> is fine for applets run via specifying a main class but this is not okay if they are run via
> jnlp_href. When using a JNLP via javaws, you do not have access to manifest's classpaths. I believe
> this is a property of JNLP files. Therefore, since jnlp_href points to a JNLP file to do the guide
> the launching and resource tracking, I propose we ignore classpaths when the plugin runs using
> jnlp_href.
>
> To note, the proprietary plugin allows classpath specified jars but I do not think this is correct
> behaviour.

Although I agree with you, I'm afraid we have to follow proprietary plugin wherever specification is 
not clear :-/. But I do not see this as blocker for this changeset.
(eg this https://bugzilla.redhat.com/show_bug.cgi?id=816592 is nice example of brutality allowed in 
proprietary one:-/)

 > FWIW I've run through all the regression tests, none of them use this so far.

Please - tests!!! And if before the fix then best! I really would lke to see reproducers before push.

>
> Is this okay to push to HEAD, 1.2 and 1.1?
Are all three branches necessary? In  this case I'm maybe just for head.. But 1.2 can live long 
enough to have this too (and your next work need this (?)).
>
> +2012-05-16 Danesh Dadachanji <ddadacha at redhat.com>
> +
> + Classpaths in jars' manifests are only considered when the applet is run
> + without using jnlp_href and a JNLP file.
> + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (activateJars):
> + Add conditional check for use of jnlp_href.
> +
>
> There are no differences in the patches between HEAD, 1.2 and 1.1 so I've only attached one.
>
> Cheers,
> Danesh
>
> PS: this patch is dependent on this backport[1] going into 1.1.
>
> [1] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018533.html

Thanx a lot and sorry for sitting on tests :((

J.

More information about the distro-pkg-dev mailing list