[Bug 1017] New: Class files in an app's root dir should not be available to webstart at runtime
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Mon May 28 11:23:29 PDT 2012
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1017
Priority: P3
Bug ID: 1017
CC: unassigned at icedtea.classpath.org
Assignee: omajid at redhat.com
Summary: Class files in an app's root dir should not be
available to webstart at runtime
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: ddadacha at redhat.com
Hardware: x86_64
Status: NEW
Version: unspecified
Component: NetX (javaws)
Product: IcedTea-Web
Setup an app running from 'javaws http://example.com/scratch/app.jnlp' and have
the main class call some.pkged.Helper.doSomething(). This class should _not_ be
in any of the JNLP's resources. Instead, it should be found at
http://example.com/scratch/some/pkged/Helper.class.
The app should not be able to find some.pkged.Helper since it isn't in any of
the JNLP's resources. However, it runs fine on HEAD.
If the helper class runs code that needs more permissions, the following
exception is thrown:
Error: No security instance for http://example.com/scratch/. The application
may have trouble continuing
java.lang.RuntimeException: Code source security was null
at
net.sourceforge.jnlp.runtime.JNLPClassLoader.getPermissions(JNLPClassLoader.java:923)
at
net.sourceforge.jnlp.runtime.JNLPPolicy.getPermissions(JNLPPolicy.java:86)
at net.sourceforge.jnlp.runtime.JNLPPolicy.implies(JNLPPolicy.java:182)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:272)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:344)
at
java.security.AccessController.checkPermission(AccessController.java:555)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:284)
at java.lang.System.getenv(System.java:933)
at some.pkged.Helper.doSomething(Helper.java:5)
at MyApp.init(MyApp.java:12)
at sun.applet.AppletPanel.run(AppletPanel.java:435)
at java.lang.Thread.run(Thread.java:722)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120528/d4f19904/attachment.html
More information about the distro-pkg-dev
mailing list