[rfc][icedtea-web] PR1592 reproducer fix
Andrew Azores
aazores at redhat.com
Mon Dec 23 06:54:52 PST 2013
Sorry for the probably weird formatting on this email, I'm wfh and haven't set up my proper mail client so I'm using the zimbra web interface...
>BY this you submited yourself to greater task.
>
>The reproducers must work :
> as applet in html
> as jnlp application
> as applet lunched via jnlp
>
>This will increase the number of jnlp files and of reproducer's testcase test methods, but *not* the sources of reproducers. Standart aproach is to have body of application >called from start or main.
There are a *ton* of files now, hopefully it's not too much of a monster to review.
Each "test case" runs as browser applet, as JNLP applet, and as JNLP application now. Each case is also done both via normal method calls as well as via reflection (for most tests - for a couple it just doesn't make sense).
>
>This is also pitfall of both your fix(jnlp part) and reproducer. You were never testing jnlp application which was really requesting any permissions. The security tag was >missing for all your application desc (my overlook during firts review)
>
>
>J.
The <security> tag is for fully signed applications, isn't it? Especially if you put <all-permissions/> inside it. The ClassLoader doesn't treat these as fully signed applets/applications, since it now can distinguish these partially signed cases and treats them properly. The JNLP spec says regarding the security-element that "all JAR files must be signed" [1]. So IMO it's correct not to have that tag in the JNLP files of this test. In fact, adding them causes the applications to fail to launch, since they are not fully signed, which seems to me to be the correct behaviour.
But even without specifiying the <security> tag in the JNLP, the JAR permissions are still in place, and the SecurityManager still blocks unsigned JARs from doing things they shouldn't be allowed to do. The test that I used in this reproducer is reading from System.getProperty(). The tests show that the signed JAR is allowed to read system properties, that the unsigned JAR is not, and that the unsigned JAR attempting to retrieve this information by using the signed JAR as a library is also not allowed.
Anyway, the patches are attached in a gzip-compressed-tarball, since they're fairly large altogether. I split it into testcases, srcs, and resources.
[1] http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/syntax.html#security
Thanks,
Andrew A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pr1592-reproducer.tgz
Type: application/x-compressed-tar
Size: 7728 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20131223/57c52028/pr1592-reproducer.tgz
More information about the distro-pkg-dev
mailing list