[Bug 1040] New: Signed main jar brought in through an external jnlp file (extension) is considered unsigned

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Jun 7 12:16:47 PDT 2012 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1040

          Priority: P3
            Bug ID: 1040
                CC: unassigned at icedtea.classpath.org
          Assignee: dbhole at redhat.com
           Summary: Signed main jar brought in through an external jnlp
                    file (extension) is considered unsigned
          Severity: normal
    Classification: Unclassified
                OS: Linux
          Reporter: smohammad at redhat.com
          Hardware: x86_64
            Status: NEW
           Version: unspecified
         Component: Plugin
           Product: IcedTea-Web

Created attachment 704
  --> http://icedtea.classpath.org/bugzilla/attachment.cgi?id=704&action=edit
Reproducer

If the launching jnlp file does not have any jars as its resources but uses a
signed jar from an external jnlp file (using extension), the jar is considered
unsigned.

In the example attached the launching jnlp file requests all permissions for
the (signed) main jar brought in through an external jnlp file. The following
message is shown when launched:

netx: Initialization Error: Could not initialize application. (Fatal:
Application Error: Cannot grant permissions to unsigned jars. Application
requested security permissions, but jars are not signed.)
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not
initialize application. 
    at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:778)
    at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:552)
    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:889)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error:
Cannot grant permissions to unsigned jars. Application requested security
permissions, but jars are not signed.
    at
net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:286)
    at
net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:206)
    at
net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:320)
    at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:770)
    ... 2 more

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120607/ff11a70d/attachment.html

More information about the distro-pkg-dev mailing list