JDK-8037417 : javaws fails to launch app with empty href in jnlp file if Application-Library-Allowable-Codebase is used
Type:Bug
Component:deploy
Affected Version:8u11
Priority:P4
Status:Resolved
Resolution:Fixed
Submitted:2014-03-14
Updated:2015-07-15
Resolved:2014-09-23
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
If CA signed app has Application-Library-Allowable-Codebase attribute in its manifest and JNLP file has an empty href element then launching this app using javaws fails with Application Blocked Exception.
Comments
Impact: High, app fails to start
Likelihood: Low , affects only CA signed Javaws apps that use "Application-Library-Allowable-Codebase" while having an empty "href" attribute in the JNLP file
Workaround:Low, specify a non empty value for "href" attribute in JNLP file.
ILW =HLL =>Proirity P4
17-03-2014
If CA signed jar has a manifest with Application-Library-Allowable-Codebase attribute. e.g.
"Application-Library-Allowable-Codebase: http://dan http://localhost" then launching app using
javaws (javaws http://localhost:8080/Tests/TestApp/ImgApplet2.jnlp ) results in application blocked exception.
The problem is that validation of allowable codebase fails if href attribute in jnlp is empty. The debug showed that the problem appears since
AppInfo.mainJNLP URL is set in this case to file:/c:/tag9872907981234for.jnlp and this fails matching codebase pattern http://dan http://dan http://localhost) specified in the manifest.
It happens in LaunchDesc.getJNLPSrcForAppInfo() which calls AppInfo.getJNLPFromUnknownSource(); if href is null. These changes were added as a part of JDK-8025754.
private URL getJNLPSrcForAppInfo() {
// first try _home
URL best = getRealLocation();
if (best == null) {
// Must be a local JNLP file and we don't know where it came from
// case where file is downloaded external to Java
best = AppInfo.getJNLPFromUnknownSource();
}
return best;
}