Testcase: 1.) Use 7u40-b43 2.) Open the Java ControlPanel and turn off caching 3.) Setup DRS with the hash from a certificate (in the example below it is the hash from the Oracle cert) <ruleset version="1.0+"> <rule> <id> <certificate hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" /> </id> <action permission="run" /> </rule> </ruleset> 4.) Open any Java Web Start application Actual: A warning message called "Do you want to run this application ?" is shown to the user before the apps starts. Expected: no interactive warnings at all, the app simply starts. Comments: When I open a signed applet, everything works as expected, I don't see any security warnings. However, when I open a signed Java Web Start app, I see the security warning. When I setup DRS with a location id (e.g. *.oracle.com), everything works as expected for both signed Java Web Start app and signed Java applets. When I enable caching, it also works as expected. Reproducible on both Windows and Linux. Conclusion: The issue only occurs if the ruleset is about a certificate rule AND it is a Java Web Start app AND Java cache is turned off. Cross platform problem probably.
|