[jdk9] Webstart app is logging a SecurityException
Reto Merz
reto.merz at abacus.ch
Tue Feb 21 11:07:18 UTC 2017
Hi,
While we test our WebStart app with Java 9 we noticed that a SecurityException is silently logged to the Java Webstart Console:
Exception in thread "Thread-13" java.lang.SecurityException: Sicherheitspaket-JAR-Datei kann nicht geprüft werden
at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline.verifyJar(Unknown Source)
at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline.access$200(Unknown Source)
at jdk.deploy at 9-ea/com.sun.deploy.util.SecurityBaseline$1.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
The app continues to work, we have not found any side effects yet.
One conspicuous thing is that this is just logged after we call:
java.util.logging.LogManager.getLogManager().readConfiguration();
I have not found any related open issue on https://bugs.openjdk.java.net
All our JARs are signed and JNLP also request all-permissions.
Tested with Java 9 b157 and Windows 7.
The exception is not logged with Java 8 u121.
Should we fill a report on bugreport.java.com for this ?
Btw SecurityBaseline starts multiple threads, it would be great to give this threads a descriptive name.
Thanks
Reto
More information about the security-dev
mailing list