[rfc][icedtea-web] External main-class fix

Andrew Azores aazores at redhat.com
Tue Jan 14 11:30:04 PST 2014

On 01/08/2014 04:57 PM, Andrew Azores wrote:
> Hi,
> Jiri found a flaw in the fix for PR1513, which allows applets to run 
> when their main-class is not in a JAR, but is still available to load 
> from the codebase. The previous fix simply didn't throw a 
> LaunchException when the main-class could not be found in a JAR, and 
> instead displayed a warning about not all of the code being signed. 
> However, this warning could still appear even if no classes or JARs 
> could be loaded at all! This patch causes the ClassLoader to not be so 
> optimistic about finding an external main-class - it actually checks 
> for it first, and if it still can't be found on the codebase after 
> searching all JARs, then a LaunchException is thrown. If it can be 
> found, then the applet launch proceeds as normal at this step.
> Additionally, checkNotAllSignedWithUser can only be called once now in 
> initializeResources. Previously, it could be called both due to an 
> external main-class as well as mixed signing states of JARs in the 
> applet - so if you had one signed JAR, one unsigned JAR, and an 
> external main-class, you would be prompted twice about the mixed 
> signing, as well as about trusting the signer of the signed JAR. 
> Craziness. Now, the prompt about mixed signing should only appear once.
> ChangeLog:
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: 
> (initializeResources) perform search for main-class when suspected to 
> be external. Only show mixed code signing prompt once during 
> initialization. (checkNotAllSignedWithUser) refactor to remove local 
> variable (promptUser)
> Thanks,

Updated patch, Jiri pointed out over IRC that the previous patch only 
worked for plugin applets and excluded JNLP. This makes it work for JNLP 
as well, and also cleans up how codebase loading is set up on a 
classloader. It's now done during initialization, rather than being 
handled after the fact by a static factory-ish method.


Andrew A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pr1513-fix3.patch
Type: text/x-patch
Size: 10372 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140114/c0493e87/pr1513-fix3.patch 

More information about the distro-pkg-dev mailing list