[RFC][icedtea-web] Do not allow searching of jar manifest classpath if jnlp_href is being used
Danesh Dadachanji
ddadacha at redhat.com
Thu May 17 11:26:58 PDT 2012
Hi Jiri,
Thanks for the review! Comments below
On 17/05/12 05:50 AM, Jiri Vanek wrote:
> On 05/17/2012 12:58 AM, Danesh Dadachanji wrote:
>> Hi,
>
> I think this is ok, but few hints:
>
>> Applets run by the plugin are allowed to specify classpaths in their jars' manifest files. IMO this
>> is fine for applets run via specifying a main class but this is not okay if they are run via
>> jnlp_href. When using a JNLP via javaws, you do not have access to manifest's classpaths. I believe
>> this is a property of JNLP files. Therefore, since jnlp_href points to a JNLP file to do the guide
>> the launching and resource tracking, I propose we ignore classpaths when the plugin runs using
>> jnlp_href.
>>
>> To note, the proprietary plugin allows classpath specified jars but I do not think this is correct
>> behaviour.
>
> Although I agree with you, I'm afraid we have to follow proprietary plugin wherever specification is not clear :-/. But I do not see
> this as blocker for this changeset.
I realize that specification is not clear but regardless, I would rather we deviate from proprietary plugin here. An app run from a
JNLP is expected to have all its jars fully signed by 1 signer, right? Then it should not matter how we run this, be it through the
plugin or from javaws. What do you think?
> (eg this https://bugzilla.redhat.com/show_bug.cgi?id=816592 is nice example of brutality allowed in proprietary one:-/)
Yeah I agree, that is quite horrible. :S
> > FWIW I've run through all the regression tests, none of them use this so far.
>
> Please - tests!!! And if before the fix then best! I really would lke to see reproducers before push.
>
Sorry, I did not realize we supported manifest entries! I am writing a test now but I've run into a problem. The plugin will search
your current directory for jars by default (at least it was when I ran my test manually). So I would need to put the manifest classpath
specified jar in a different dir than jnlp_test_server. Is this possible with our current engine? It can be a subdir even.
>>
>> Is this okay to push to HEAD, 1.2 and 1.1?
> Are all three branches necessary? In this case I'm maybe just for head.. But 1.2 can live long enough to have this too (and your next
> work need this (?)).
>>
>> +2012-05-16 Danesh Dadachanji <ddadacha at redhat.com>
>> +
>> + Classpaths in jars' manifests are only considered when the applet is run
>> + without using jnlp_href and a JNLP file.
>> + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (activateJars):
>> + Add conditional check for use of jnlp_href.
>> +
>>
>> There are no differences in the patches between HEAD, 1.2 and 1.1 so I've only attached one.
>>
>> Cheers,
>> Danesh
>>
>> PS: this patch is dependent on this backport[1] going into 1.1.
>>
>> [1] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018533.html
>
> Thanx a lot and sorry for sitting on tests :((
The more tests the better!
Cheers,
Danesh
More information about the distro-pkg-dev
mailing list