JDK-6485535 : Allow trusted applications to re-launch with all vm-args and properties in the jnlp file.
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 1.4.2
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2006-10-24
  • Updated: 2014-02-27
  • Resolved: 2011-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6u10Fixed 7 b16Fixed
Java Web Start uses the <vm-args> and <property> tags in the jnlp file to construct the arguments used for launching the java vm.
Because it is not secure to allow many properties and vm-args values in an untrusted web-application, and because trust cannot be established until after java is launched, we have implemented a list of secure properties and secure vm args.  Only those listed in the jnlp file that are also in these lists are used when invoking java.
For a trusted application, properties listed in the jnlp file are set before invoking the main() method of the application.
This is not soon enough for many properties that are read by java packages on initialization of the vm.

To solve this, we should specifically recognize when a trusted application had requested unsecure vm-args, and after verifying trust for the application, re-launch the vm with all the requested vm-args and properties. (we can not do this soley because app has requested unsecure properties, because we have no way of knowing if setting those properties before launching main() is enough, and we do not want to adversly effect the startup performance of such apps)

for example, a signed application requesting all-permissions, which may have previously tried setting the property:
<property name="com.sun.security.preserveOldDCEncoding" value="true"/>
and found that it failed, could in a trusted app set:
<java vm-args="-Dcom.sun.security.preserveOldDCEncoding=true" .../>
and javaws would then (after verifying the signing of the jars) relaunch the vm with this arg included.

SUGGESTED FIX http://web-east.east/www/webrevs/andy/1.7.0/6485535/

EVALUATION this can be implemented in Launcher.prepareLaunchFile after verifying app has been granted truet