JDK-6850618 : Update to j1.6u14 throws "unsigned application requesting unstricted access"
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 6u14
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2009-06-12
  • Updated: 2011-02-16
  • Resolved: 2010-09-09
Related Reports
Duplicate :  
JDK-6953931 - REGRESSION:DownloadException throws when jar file contains no class file
Relates :  
JDK-6850598 - [REGRESSION] Bug #6533653 is back in Java 6u14
Description
FULL PRODUCT VERSION :
C:\Program Files\>java -version
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
WIndows XP Professional service pack 3

A DESCRIPTION OF THE PROBLEM :
When launching a web start app with a reference to batik.jar (part of the apache batik library), the jre complains that the file is not signed, even though it is signed (verified with jarsigner -verify batik.jar)

This used to work in u13. I've checked that in u14 there's something called blacklist, however I could not find such list in my u14 installation. Plus when I set the deployment configuration to not check for blacklist, the error still shows.

One note about this batik.jar file is that it has no classes, just two text files. However the jre shouldn't complain it is not signed, because it is.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a webstart similar to the following:

<?xml version="1.0" encoding="utf-8"?><!-- JNLP File for My Application --><jnlp        spec="1.6+"        codebase="http://localhost:8080/app/">    <information>        <title>My App</title>        <vendor>Company,
Inc.</vendor>        <homepage href="docs/help.html"/>        <description>SRM Console</description>        <icon href="rs_logo_64.gif"/>        <icon kind="splash" href="splash.jpg" />        <offline-allowed/>        <shortcut
online="true">            <desktop/>            <menu submenu="My App"/>        </shortcut>    </information>
<security>        <all-permissions/>    </security>    <resources>        <j2se version="1.6.0+"
java-vm-args="-client" initial-heap-size="128m" max-heap-size="1024m"/>  <jar href="batik.jar"/>             <extension name="Java Help" href="help.jnlp" download="lazy"/>    </resources>    <application-desc main-class="com.mycompany.MyApp"/></jnlp>

(Technically this web start won't work unless you have the correct MyApp class with main method. However for the sake of reproducing this bug it doesn't matter, since jre stops right at downloading the jar file).



EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no error
ACTUAL -
The JNLP app could not start

ERROR MESSAGES/STACK TRACES THAT OCCUR :
"unsigned application requesting unstricted access"

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Not use the jar file in question

Release Regression From : 6u13
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.