JNLP with unsigend resources is no longer loaded with SunJDK 7U45
Bernd Eckenfels
bernd-2013 at eckenfels.net
Wed Oct 16 03:01:05 UTC 2013
Hello,
sadly I noticed another regression with the Oracle JDK 7U45: it will
refuse to load an JNLP Application if the JAR files contain unsigned
resources.
I must admit I dont know what we have those in the JAR files and I will
remove them (META-INF/maven/* stuff mostly) but I wonder why this was not
announced.
Even when I reduce the security slider as far as possible I am never asked
if it is ok and I want to proceed.
I know it is not the best list to discuss this here, but since I wanted to
write something about the new code base properties anyway, I thought I
might begin with complain :)
Gruss
Bernd
java.lang.SecurityException: com.sun.deploy.net.JARSigningException:
Unsignierter Eintrag gefunden in Ressource: http://localhost:10000/s....jar
at com.sun.deploy.cache.CacheEntry.getJarFile(Unknown Source)
at com.sun.javaws.security.SigningInfo.check(Unknown Source)
at
com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown
Source)
at
com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown
Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: com.sun.deploy.net.JARSigningException: Unsignierter Eintrag
gefunden in Ressource:
http://localhost:10000/seeburger/app/com.seeburger.gui-framework.gui-framework.jar
... 14 more
<jnlp spec="6.0" codebase="http://localhost:10000/s..">
<information>..</information>
<security>
<all-permissions/>
</security>
<update check="always" policy="always"/>
<resources>
<java version="1.6+" href="http://java.sun.com/products/autodl/j2se"
java-vm-args="-Xms64m -Xmx256m -XX:NewRatio=3"/>
<jar href="com..jar" main="true"/>
<property name="protocol" value="http"/>
<property name="javax.xml.parsers.DocumentBuilderFactory"
value="com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"/>
<property name="sun.java2d.d3d" value="false"/>
<jar href="antlr-2.7.7.jar"/>
...
jnlp file truncated after 10K
More information about the security-dev
mailing list