JDK-8020363 : Fix (partially) failed for JDK-8019425.
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 7u40
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2013-07-11
  • Updated: 2013-09-12
  • Resolved: 2013-07-11
Related Reports
Relates :  
JDK-8019425 - Local Security Policy: Any "run" rule must have at least one application qualifier
Description
With 7u40 nightly #23, confirmed that rule without any application quantifier will be treated as "Invalid (run everything) rule in Local Security Policy file".

However, location ="*" still works as before. Policy looks like below:
==========

<policy>
  <rule>
     <id location="*" />
     <action permission="run"/>
  </rule>

<!-- block everything else -->
  <rule>
     <id/>
     <action permission="block">
<message>we don't want to run anything else</message>
</action>
  </rule>
</policy>
=============

trace segment
===============
security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
policy: Non-jnlp policy id: 
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: finding LocalSecurityPolicy for 
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: Rule title: null matches artifactId: SimpleApplet
policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
policy: Matching Policy ID: 
        title: null
        location: *
        isArtifact: false
policy: found matching id, using rule: Policy rule:
    id:
        title: null
        location: *
        isArtifact: false
    action:
        permission: run
        version: null
        message: null
Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
Missing Codebase manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
security: Validate the certificate chain using CertPath API
security: The OCSP support is disabled
security: The CRL support is disabled
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Revocation check disabled
security: Revocation check disabled
security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar : java.security.Permissions@1cdbaf7 (
 ("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
)

security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
policy: Non-jnlp policy id: 
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: finding LocalSecurityPolicy for 
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: Rule title: null matches artifactId: SimpleApplet
policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
policy: Matching Policy ID: 
        title: null
        location: *
        isArtifact: false
policy: found matching id, using rule: Policy rule:
    id:
        title: null
        location: *
        isArtifact: false
    action:
        permission: run
        version: null
        message: null
Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
================
Comments
Affected tests: JawsLocalSecurityPolicyTest::testLSPWildcastLocationRun_High JawsLocalSecurityPolicyTest::testLSPWildcastLocationRun_Medium JawsLocalSecurityPolicyTest::testLSPWildcastLocationRun_VeryHigh LSPFXTest::testLSPWildcastLocationRun_High LSPFXTest::testLSPWildcastLocationRun_High_JNLP LSPFXTest::testLSPWildcastLocationRun_Medium LSPFXTest::testLSPWildcastLocationRun_Medium_JNLP LSPFXTest::testLSPWildcastLocationRun_VeryHigh LSPFXTest::testLSPWildcastLocationRun_VeryHigh_JNLP
11-07-2013