Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6949237

Java WebStart app wont run with custom classloader under 6u19

    Details

    • Subcomponent:
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      J2SE Version (please include all output from java -version flag):
      1.6.0_19 and 6u20
       
      Does this problem occur on J2SE 1.4.x or 5.0.x or 6.0?Yes / No (pick one)

      No

      Operating System Configuration Information (be specific):
      Windows


      Bug Description:

      We are unable to get our Java Web Start application running under 6u19 or higher
      *and* get rid of the dreaded mixed-code dialog.

      First off, we need to have a mix or signed and unsigned jars.

      Secondly, we need to failover to the server codebase (like the applet
      classloader does)
      if none of the jars contain the resource being sought.

      We have a custom classloader installed by a signed jar that layers over
      the JNLPClassloader.
       This worked fine until Java 6 Update 19. This fails
      in Java 6 Update 19 and 20 if we have
      "Trusted-Library: true" in our initial
      jar's manifest, but otherwise it still works fine --
      except for the dreaded
      security dialog. The issue appears to be that the classloader that
      loads our
      intial class is not a workable parent for our general custom classloader.
      It
      would appear that the classloader used for Trusted-Libraries cannot see/load
      any of the unsigned jars.

      This is not how signed jars behave if they are not denoted as "Trusted-Libraries".
      This lack of access to unsigned jar resources completely breaks our Java Web Start application.

      The only reason we null out the security manager is to get failover to the codebase.
      We run the same application as an applet just fine -- we have a collection of signed,
      trusted libraries (which don't need to see/load unsigned code) and unsigned
      application
      code that uses them and fails over to codebase when resources are
      missing.

      The lack of this facility in the world of Java Web Start and JNLP is the only thing
      that forces us (1) to write our own classloader here and (2) to do such oddities as
      signing our application entry point and nulling out the security manager.

        Attachments

          Activity

            People

            • Assignee:
              herrick Andy Herrick
              Reporter:
              tyao Ting-Yun Ingrid Yao (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: