JDK-8078893 : cert based run rule doesn't work when running offline
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 7u91,8u40
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86
  • Submitted: 2015-04-14
  • Updated: 2016-01-19
  • Resolved: 2015-05-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u60 b16Fixed 9Fixed
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) Client VM (build 25.45-b02, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]



A DESCRIPTION OF THE PROBLEM :
I originally reported JDK-8046501. I am now on Java 8u45 which is listed as a fixed version per JDK-8063239. My application is self-signed. The SHA256 hash of my certificate is listed in the DeploymentRuleSet.jar with <action permission="run" />. My certificate is in cacerts. When i run my app with the server available there are no prompts whatsoever. When the server is unavailable I still get a prompt asking "Do you want to run this application?" the first time it is run offline, if Run is chosen on this prompt then subsequent runs with the server unavailable have no prompts. It seams in my situation the DeploymentRuleSet.jar is still ignored when running jnlp offline.


REPRODUCIBILITY :
This bug can be reproduced always.


Comments
Crucible Review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-1007
07-05-2015

looking at 8u60, there is problem here, but it is slightly different. If run in offline mode - app with cert based DRS runs fine, but if run in online mode, when actually offline, it gets the behavior described. stacktrace: at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)^M at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)^M at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)^M at com.sun.deploy.ref.CodeRef.getResource(Unknown Source)^M at com.sun.deploy.ref.CodeRef.getCodeSigners(Unknown Source)^M at com.sun.deploy.security.ruleset.RuleId.contains(Unknown Source)^M at com.sun.deploy.security.ruleset.DRSHelper.findRule(Unknown Source)^M at com.sun.deploy.security.ruleset.DeploymentRuleSet.getDRS(Unknown Source)^M at com.sun.deploy.security.ruleset.DeploymentRuleSet.findDRS(Unknown Source)^M at com.sun.javaws.jnl.LaunchDesc.getMainDeploymentRuleSet(Unknown Source)^M at com.sun.javaws.jnl.LaunchDesc.getMatchImpl(Unknown Source)^M at com.sun.javaws.jnl.LaunchDesc.getJREMatcher(Unknown Source)^M at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)^M The problem is CodeRef.getResource() trys to get resource calling ResourceProvider.get().getResource(), with download=true, and only if a FailedDownloadException is thrown, will it try again with download=false. in this case original call throws UnknownHostException instead. It should retry with download=false if any exception is called.
06-05-2015