[rfc][icedtea-web] alaca for unsigned apps and few changes in behaviour

Jiri Vanek jvanek at redhat.com
Fri Aug 28 12:25:20 UTC 2015


ITW is suffering from not enough restrictions between codebase and documentbase. For that the 
resources loaded by applet would be nice to be shown to user.
I think best to do so is reuse already existing alaca dialogue.

There is one mayor change - reason of this patch - the alaca dilogue will rise up even in case of 
unsigned applets, and so  compleating click to run scheme by information about loaded resources.
However, the manifest-attribute value - if any - is ignored for unsigned app (as it can be easily 

Then there are few changes
  - missing alaca is shown even in low security mode
  - texts on missing alaca are kept red, but on matching alac are made green
  - matching logic is little bit loosened. Before, the reosurces were made to match both codebase 
and docbase. However docbase may be eg http://some.url/resourc/file.html - so no resource could 
actually match it. Now I'm striping the file.

And one bugfix. Somehow leaked error into code, that the list of resources was never fully checcked 
against codebase/docbase (only first in case of list of length 1 was checked)
Now all resources are processed correctly and if all resources are going from codebase and docbase 
(see docbase must be same as document base to make it match) then no alaca is shown.

I thing this is much more correct behaviour then before.

Also I belive that place from where resources are going was really missing for unsigned apps 
(although they are pretty restricted).

I would like to backport this to 1.6 and to 1.5 if possible.
In case of backport, I will enable also remmering of user's action 
(http://linuxsagas.digitaleagle.net/wp-content/uploads/2014/05/053.png - remeber action does nothing 
IIRC now)
I dont know if 1.5 backport (together with rember action) will be  posible for 1.5. If no....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: alacaForUnsigned.diff
Type: text/x-patch
Size: 12396 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150828/395a96ff/alacaForUnsigned.diff>

More information about the distro-pkg-dev mailing list