javaws argument to disable alaca URL Check

[Jiri Vanek]

On 02/26/2016 09:13 PM, Mathieu Westphal wrote:
> When i open a jnlp file i have the following :
> $javaws -verbose -allowredirect -nosecurity xplorersCities1.jnlp
> ...
> Trusted Only manifest attribute not found. Continuing.
> The application is a local file. Codebase validation is disabled. See:
> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html for details.
> The application is a local file. Codebase validation is disabled. See:
> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html for details.
> System logger called with result of 0
> System logger called with result of 0
> System logger called with result of 0
> Found alaca URLs to be verified
>   - file:/home/glow/aur/xplorers2
>   - http://games.asobrain.com/applets/xplorers
> Warning! file:/home/glow/aur/xplorers2 is NOT from codebase/docbase.
> Warning! http://games.asobrain.com/applets/xplorers is NOT from codebase/docbase.
> Setting value:null
>
> With an annoying popup where i need to press "Yes" to validate the URLs. Any ways to disable this
> check ?
>
> Mathieu

Hello!

You can disable the checks by modifying yours  deployment.properties in your config directory. 
Depends on yours $XDG_CONFIG_HOME, eg   ~/.config/icedtea-web/deployment.properties

To ignore manifest (and so this) checks, you need to play with
deployment.manifest.attributes.check
    and
deployment.security.level

(see verbose help/manpages/runtime/online docs))

The value of deployment.manifest.attributes.check depends on yours version of ITW. on 1.6.X:
   Most insecure setting is:
deployment.manifest.attributes.check=NONE
deployment.security.level=ALLOW_UNSIGNED

   but:
deployment.manifest.attributes.check=CODEBASE,ENTRYPOINT,PERMISSIONS,TRUSTED

Should be enough for you.

Since 1.7 (future ITW) this dialog will have "remember checkbox" and its remembering will be based 
on codebase/docbase.


J.