United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6533653 [REGRESSION] webstarts can't handle jar with no real entries (jar of empty dir)
JDK-6533653 : [REGRESSION] webstarts can't handle jar with no real entries (jar of empty dir)

Details
Type:
Bug
Submit Date:
2007-03-12
Status:
Closed
Updated Date:
2011-05-18
Project Name:
JDK
Resolved Date:
2011-05-18
Component:
deploy
OS:
windows_xp
Sub-Component:
webstart
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports
Backport:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)


ADDITIONAL OS VERSION INFORMATION :
Windows XP SP2

EXTRA RELEVANT SYSTEM CONFIGURATION :
tested with a jnlp on a localhost:8080 jetty webserver (but doesn't matter)

A DESCRIPTION OF THE PROBLEM :
I have a jar with only a META-INF directory.
This jar works in java webstart 1.5.0_09, but breaks in java webstart 1.6.0, with the error mentioned below.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a jar of an empty classes directory and use it in java webstart on jdk/jre 1.6.0.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a running webstarted application
ACTUAL -
The error dialog of java webstart, with a details button.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
JNLPException[category: Security Error : Exception: null : LaunchDesc:
<jnlp spec="1.0+" codebase="http://localhost:8080/digidoc-web/jnlp/" href="http://localhost:8080/digidoc-web/jnlp/launch.jnlp">
...
</jnlp> ]
	at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
	at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.launch(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)


REPRODUCIBILITY :
This bug can be reproduced always.


CUSTOMER SUBMITTED WORKAROUND :
Don't use empty jars... but we use maven and transitively depend on one which is in a state of working progress to be cleaned up... sooner or later.

                                    

Comments
EVALUATION

This is a regression from Java 5.  If the application request all permissions, and the jnlp file include a jar file will no real entries in it (e.g only entries are under META-INF/), Java Web Start will complain about unsigned JAR requesting unrestricted access.

Problem is in SigningInfo.getCodeSourceFromCache, we should only return a CodeSource object if the JAR file as real entries in it.  Otherwise, return null.

fix in 7 and 6 update release
                                     
2007-03-21



Hardware and Software, Engineered to Work Together