United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7177094 Regression: App fails w/ "application requesting unrestricted access",cache failure in 6u33 and 7u5
JDK-7177094 : Regression: App fails w/ "application requesting unrestricted access",cache failure in 6u33 and 7u5

Details
Type:
Bug
Submit Date:
2012-06-14
Status:
Closed
Updated Date:
2013-10-23
Project Name:
JDK
Resolved Date:
2012-06-20
Component:
deploy
OS:
windows_7
Sub-Component:
webstart
CPU:
x86
Priority:
P1
Resolution:
Fixed
Affected Versions:
6u33,7,7u5
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Duplicate:
Duplicate:

Sub Tasks

Description
Applet encounters error with 6u33 and 7u5. 

#### Java Web Start Error:
#### Unsigned application requesting unrestricted access to system

Unsigned resource: http://somewebsite.domain/current/somejar.jar
6u31 was able to verify the jar successfully and start the application.


See Comments.

                                    

Comments
WORK AROUND

There are two solutions:
  1) Clear cache either via java control panel or command line "javaws -uninstall", and then launch the application again.
  2) Install 6u33/7u5 again. See: http://java.com/en/download/help/clearcache_upgrade.xml

Notes:
Fixed on a built that was made available after the GA of 6u33. If you experience this problem check your build number and if not b04 get the latest JRE. 
Fixed on a built that was made available after the GA of 7u5. If you experience this problem check your build number and if not b06 get the latest JRE.
                                     
2012-06-15
EVALUATION

I can reproduce the problem now.

It happens when user ran the application with previous release of  Java (e.g 6u31 or 7u3), have application in cache, and then upgrade to 6u33/7u5 and run the same application again.   Looks like it's a bug in our code in 6u33/7u5.

Workaround is to clear cache either via java control panel or command line "javaws -uninstall", and then launch with 6u33 again.
                                     
2012-06-15
EVALUATION

reverting the change in 7143868 does help the original upgrade scenario, ie:

7u4 -> 7u5+revert, app will launch.

But once someone ran 7u4->orig-7u5 and has the problem, the reverted change does not help.  It will continue to fail unless you clean cache.

more investigation needed
                                     
2012-06-15
EVALUATION

Two problems needs to be fixed:

1.  Original fix in 7u5/7143868 only sets knownToBeSigned = false to reset cached validation results, not that is not sufficient.  That will reset only SigningInfo.isKnownToBeSigned, but not SigningInfo.isKnownToBeValidated.  To reset cached validation results, validationTimestampt needs to reset to 0 also.  Simiar reset code is doing same in existing code too.

This will take care of upgrade from 7u3 or 7u4 scenario.

2.  Now for the corrupted cache caused by 7u5 - it seems like the code in JNLPSignedResourceHelper.checkSignedResourcesHelper has a problem.   When it detected sInfo[i].isKnownToBeSigned() == false, it thinks the cached JAR is not signed and throw UnsignedAccessViolationException.  But isKnownToBeSigned seems to only indicate whether the cached entry certificate has been pre-validated before, but not an actual indication of whehter the cached JAR is signed or not.  It seems to me when isKnownToBeSigned return false - it just means the cached results should not be trusted, but not the JAR is unsigned.  (See CacheEntry.isKnownToBeSigned) Instead of throwing the UnsignedAccessViolationException, I think we should just revert to full re-validation and continue instead.

testcase:  make sure the application http://jar.theice.com/current/webice_launch.jnlp works in both 7u3 upgrade scenario and broken 7u5 cache scenario.
                                     
2012-06-18
EVALUATION

This bug has been fixed and new downloads made available:
     http://java.com and 
     http://www.oracle.com/technetwork/java/javase/downloads/index.html

New builds of 6u33 and 7u5 have been released. Downloads of 6u33+ and 7u5+ after July 12, 2012 will have this fix.
                                     
2012-07-12
Verified on x86 Win 7 using JRE 8-b112 promotion.

Application http://jar.theice.com/current/webice_launch.jnlp launched fine 
                                     
2013-10-23



Hardware and Software, Engineered to Work Together