[jdk9] Webstart app is logging a SecurityException

Reto Merz reto.merz at abacus.ch
Tue Feb 21 11:07:18 UTC 2017


Hi,

While we test our WebStart app with Java 9 we noticed that a SecurityException is silently logged to the Java Webstart Console:

Exception in thread "Thread-13" java.lang.SecurityException: Sicherheitspaket-JAR-Datei kann nicht geprüft werden
	at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline.verifyJar(Unknown Source)
	at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline.access$200(Unknown Source)
	at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline$1.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

The app continues to work, we have not found any side effects yet.

One conspicuous thing is that this is just logged after we call:
  java.util.logging.LogManager.getLogManager().readConfiguration();

I have not found any related open issue on https://bugs.openjdk.java.net
  
All our JARs are signed and JNLP also request all-permissions.
Tested with Java 9 b157 and Windows 7.
The exception is not logged with Java 8 u121.

Should we fill a report on bugreport.java.com for this ?

Btw SecurityBaseline starts multiple threads, it would be great to give this threads a descriptive name.

Thanks

Reto





More information about the security-dev mailing list