JDK-8175981 : "Do you want to run this application ?" message after updating to Java 8.0 update 121
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 8u121,9
  • Priority: P2
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: other
  • CPU: x86_64
  • Submitted: 2017-02-27
  • Updated: 2017-03-15
  • Resolved: 2017-03-15
Related Reports
Duplicate :  
JDK-8176083 - signed applet package ignores 'Do not show again' checkbox and misreports Application/Publisher
Relates :  
JDK-8157337 - Allow always checkbox in security dialog when jnlp location is unknown
Description
FULL PRODUCT VERSION :
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) Client VM (build 25.121-b13, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
windows 7
windows 10
Linux

A DESCRIPTION OF THE PROBLEM :
After updating to 1.8.0_121, the popup "Do you want to run this application ?" always appears even when checking checkbox "Do not show".

The issue appears with a real valid certificate and also with a DeploymentRuleSet.jar configuration.

REGRESSION.  Last worked in version 8u111

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Copy in a browser the following URL:
http://launcher-weasis.rhcloud.com/weasis-pacs-connector/viewer?studyUID=1.2.840.113619.2.176.2025.1499492.7409.1172755464.916&mhs=1024m

2) Double click on the downloaded jnlp file.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No popup after check "Do not show..." 

ACTUAL -
Popup always appears.

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Type in a console:
javaws http://launcher-weasis.rhcloud.com/weasis-pacs-connector/viewer?studyUID=1.2.840.113619.2.176.2025.1499492.7409.1172755464.916&mhs=1024m

The weird thing is after running the above command the issue doesn't appear any more in a browser.
Comments
As per above dev eval, resolving as a non-issue.
15-03-2017
This is the expected behavior. The JNLP file does not contain 'href' attribute. At the same time, it changes with each download. Before JDK-8157337 was fixed, Security Warning did not contain "Do not show it..." check box if there was no 'href' attribute in JNLP file. With JDK-8157337 fix, JNLP file is hashed. This allows matching JNLP files from <unknown> location, i.e. without 'href' attribute. If you select "Do not show..." check box and if you then use the same file to launch the app, the hash coincides and you do not see the Security Warning. On the other hand, if the JNLP changes, then it's considered another application and therefore you see the Security Warning again.
28-02-2017
Checked this on Windows 7 and Windows 10 (64-bit) and could confirm the described behavior. Issue is reproducible in 8u121 and above including 9 ea. Irrespective of checking the checkbox "Do not show this again for apps from the publication and location above" the message continue to appears on subsequent run from the browser. It works fine from the command line (javaws) though. To reproduce, run the following url from a web browser: http://launcher-weasis.rhcloud.com/weasis-pacs-connector/viewer?studyUID=1.2.840.113619.2.176.2025.1499492.7409.1172755464.916&mhs=1024m 2) Double click on the downloaded jnlp file and check the aforementioned check box when it appears. Close the application and relaunch the jnlp from browser again. Observe that the dialog box "Do you want to run this application" with the checkbox continue to appear. Status: 8u111 b14: PASS 8u112 b15: PASS 8u121 b13: FAIl 8u152 b01: FAIL 9 ea b158: FAIL This seems a regression from 8u121.
28-02-2017