Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6850618

Update to j1.6u14 throws "unsigned application requesting unstricted access"

    Details

    • Subcomponent:
    • Introduced In Version:
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      FULL PRODUCT VERSION :
      C:\Program Files\>java -version
      java version "1.6.0_14"
      Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
      Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)

      ADDITIONAL OS VERSION INFORMATION :
      WIndows XP Professional service pack 3

      A DESCRIPTION OF THE PROBLEM :
      When launching a web start app with a reference to batik.jar (part of the apache batik library), the jre complains that the file is not signed, even though it is signed (verified with jarsigner -verify batik.jar)

      This used to work in u13. I've checked that in u14 there's something called blacklist, however I could not find such list in my u14 installation. Plus when I set the deployment configuration to not check for blacklist, the error still shows.

      One note about this batik.jar file is that it has no classes, just two text files. However the jre shouldn't complain it is not signed, because it is.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Create a webstart similar to the following:

      <?xml version="1.0" encoding="utf-8"?><!-- JNLP File for My Application --><jnlp spec="1.6+" codebase="http://localhost:8080/app/"> <information> <title>My App</title> <vendor>Company,
      Inc.</vendor> <homepage href="docs/help.html"/> <description>SRM Console</description> <icon href="rs_logo_64.gif"/> <icon kind="splash" href="splash.jpg" /> <offline-allowed/> <shortcut
      online="true"> <desktop/> <menu submenu="My App"/> </shortcut> </information>
      <security> <all-permissions/> </security> <resources> <j2se version="1.6.0+"
      java-vm-args="-client" initial-heap-size="128m" max-heap-size="1024m"/> <jar href="batik.jar"/> <extension name="Java Help" href="help.jnlp" download="lazy"/> </resources> <application-desc main-class="com.mycompany.MyApp"/></jnlp>

      (Technically this web start won't work unless you have the correct MyApp class with main method. However for the sake of reproducing this bug it doesn't matter, since jre stops right at downloading the jar file).



      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      no error
      ACTUAL -
      The JNLP app could not start

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      "unsigned application requesting unstricted access"

      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      Not use the jar file in question

      Release Regression From : 6u13
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dgu Dennis Gu (Inactive)
                Reporter:
                ndcosta Nelson Dcosta (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: