When there is no jre matches the rule specified by Admin, there is a blocked dialog for javaws apps. But no such dialog for plugin applet and javafx apps. Steps to reproduce: test scenario: Admin provide a secure version(version="secure") with "force=true" while no secure jre installed on system 1) Install 8u20 nighty build#2550 2) Download http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/LSPJPI/lib/DeploymentRuleSet.jar and then copy it to deployment.system.home/ In this DeploymentRuleSet.jar, we have: <ruleset version="1.1"> <rule> <!-- allow run everything --> <id location="http://sqeweb.us.oracle.com/"/> <action permission="run" version="SECURE" force="true"/> </rule> <!-- block everything else --> <rule> <id/> <action permission="block" message="we don't want to run anything else"/> </rule> </ruleset> 3) Make sure you can access to internet or disable OCSP and CRL check from JCP 4) Add information "1.8.0_99" to baseline.versions file under {DEPLOY_USER_HOME}/security/ dir to make test jre as old 5) Load applet: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/LSPJPI/html/UnsignedSandboxJNLP.html 6) If this app get blocked directly without any blocked dialog, then this bug is reproduced. In log, there is NPE: java.lang.NullPointerException at sun.plugin2.applet.Plugin2Manager.setParameter(Unknown Source) at sun.plugin2.main.client.PluginMain.performSSVValidation(Unknown Source) at sun.plugin2.main.client.PluginMain$StartAppletListener.appletSSVValidation(Unknown Source) at sun.plugin2.applet.Plugin2Manager.fireAppletSSVValidation(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Expected behavior: There should be a blocked dialog shows up. Note: For javaws apps, there is a blocked dialog. See attachment javaws-blocked-dialog.png Steps to reproduce: 1) Install 8u20 nighty build#2550 2) Download http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/LSPJPI/lib/DeploymentRuleSet.jar and then copy it to deployment.system.home/ In this DeploymentRuleSet.jar, we have: <ruleset version="1.1"> <rule> <!-- allow run everything --> <id location="http://sqeweb.us.oracle.com/"/> <action permission="run" version="SECURE" force="true"/> </rule> <!-- block everything else --> <rule> <id/> <action permission="block" message="we don't want to run anything else"/> </rule> </ruleset> 3) Make sure you can access to internet or disable OCSP and CRL check from JCP 4) Add information "1.8.0_99" to baseline.versions file under {DEPLOY_USER_HOME}/security/ dir to make test jre as old 5) Load javaws app: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/JawsLocalSecurityPolicy/jnlp/testSelfsignedAllpermissionJNLP.jnlp 6) There will be a "Java Application Blocked dialog" shows up.
|