[Bug 1040] Signed main jar brought in through an external jnlp file (extension) is considered unsigned
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Thu Jun 7 14:14:08 PDT 2012
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1040
Danesh Dadachanji <ddadacha at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ddadacha at redhat.com
--- Comment #1 from Danesh Dadachanji <ddadacha at redhat.com> ---
I am guessing the classloader looks for resourced jars first, JarCertVerifier
realizes there aren't any and tells JNLPClassLoader the app is unsigned,
causing ITW to stop fatally. Since the extension isn't verified by the same
classloader as the launcher, I can see why this is happening.
IMO if the JNLP asks for all-permissions but has no resourced jars, we should
_not_ crash. We should verify the extended JNLP, then give the launched JNLP's
classloader the same permissions as the extended one.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120607/d278f7db/attachment.html
More information about the distro-pkg-dev
mailing list