Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6967408

Security Warning for mixed code should not appear

    Details

      Description

      FULL PRODUCT VERSION :
      JRE update 20 Server VM

      ADDITIONAL OS VERSION INFORMATION :
      Windows 7 64-bit running 32-bit Java 6 JRE Update 20 with Server VM installed.

      A DESCRIPTION OF THE PROBLEM :
      Ordinary Java Web Start locally cached application. Server VM is used for high performance, client code uses Swing jnlp applications uses Locally cached JARs only. System uses deployment.config in c:\Windows\Sun\Java\Deployment\ which mandates system-wide deployment.properties which contains "deployment.security.mixcode=DISABLE". (Mandatory actual usage of properties file was verified.) App behavior is normal most of the time, but at undetermined random periods of time after prolonged runtime session, Security Warning dialog appears as result of Swing GUI event handlers. Cannot reliably reproduce, but appears that VM somehow "reverts" to mixed code security checking, despite the configuration attempting to disable this behavior. This should be disabled, due to property in configuration properties, and the security exceptions result in unreliability of code at runtime. Code runs perfectly, 24x7 under Java 6 Update 17 but fails randomly under Update 20 (and possibly 19) where mixed code Security Warning is a possibility. JARs are fully signed, and code contains no special classloaders or "tricks" other than ordinary instantiations. ALL APPLICATION JARS ARE SIGNED WITH SAME KEY STORE. Application is stable; only change is Java VM Update 20.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Cannot provide determinate test case.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      No Security Warning popup dialog, and no security exceptions as a result.
      ACTUAL -
      Security Warning popup dialog, and security exceptions thrown in code after indeterminate run time, as a result of Swing GUI events.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Exception in thread "AWT-EventQueue-0" java.lang.SecurityException:
      class "com.twc.trader.SupportResistanceDialog$1"'s signer information
      does not match signer information of other classes in the same package
              at java.lang.ClassLoader.checkCerts(Unknown Source)
              at java.lang.ClassLoader.preDefineClass(Unknown Source)
              at java.lang.ClassLoader.defineClassCond(Unknown Source)
              at java.lang.ClassLoader.defineClass(Unknown Source)
              at java.security.SecureClassLoader.defineClass(Unknown Source)
              at java.net.URLClassLoader.defineClass(Unknown Source)
              at java.net.URLClassLoader.access$000(Unknown Source)
              at java.net.URLClassLoader$1.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at java.net.URLClassLoader.findClass(Unknown Source)
              at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at com.twc.trader.SupportResistanceDialog.<init>(Unknown Source)
              at com.twc.trader.Core.getSupportResistanceDialog(Unknown Source)
              at com.twc.trader.TickAnalyzer.update(Unknown Source)
              at com.twc.trader.PriceMicroDetailWindow.notifyObservers(Unknown
      Source)
              at com.twc.trader.PriceMicroDetailWindow$1.chartMouseClicked(Unknown
      Source)
              at org.jfree.chart.ChartPanel.mouseClicked(Unknown Source)
              at java.awt.Component.processMouseEvent(Unknown Source)
              at javax.swing.JComponent.processMouseEvent(Unknown Source)
              at java.awt.Component.processEvent(Unknown Source)
              at java.awt.Container.processEvent(Unknown Source)
              at java.awt.Component.dispatchEventImpl(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Window.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown
      Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown
      Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.run(Unknown Source)


       jnlp for launch. jnlp resides on webserver. code cached locally by webstart.

        <?xml version="1.0" encoding="UTF-8" ?>
       <jnlp spec="1.0+" codebase="http://FutureScalper.com/[location withheld]/serverbeta_ta_skin" href="FutureScalperServerBeta_ta_skin.jnlp">

       <information>
        <title>FutureScalper Server TA SKIN BETA</title>
        <vendor>FutureScalper.com</vendor>
        <description>FutureScalper Server TA SKIN BETA</description>
        <homepage href="http://FutureScalper.com/[location withheld]/serverbeta_ta_skin" />
        <offline-allowed />
        </information>

       <security>
        <all-permissions />
       </security>

       <resources>
        <j2se version="1.6.0+" java-vm-args=" -server -
      -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1TimeSliceMS=40 -
      -XX:+G1ParallelRSetUpdatingEnabled -XX:+G1ParallelRSetScanningEnabled -
      -XX:GCPauseIntervalMillis=250 -
      -XX:ThreadStackSize=128 -XX:CompileThreshold=20 -
      -XX:CICompilerCount=4 -XX:+UseBiasedLocking -
      -XX:+AggressiveHeap -XX:+ForceTimeHighResolution -
      -XX:+RelaxAccessControlCheck -XX:-TieredCompilation -
      -XX:MaxInlineSize=256000 -Xverify:none -XX:FreqInlineSize=256000 -XX:-DontCompileHugeMethods -
      -XX:+UseFastAccessorMethods -Xss128k -Xms370m -Xmx370m -Xbatch -Xnoclassgc -
      -Dswing.defaultlaf=com.sun.java.swing.plaf.windows.WindowsLookAndFeel -
      -Dswing.metalTheme=steel -
      -Ddeployment.security.mixcode=DISABLE -
      -Duser.timezone=America/New_York -Duser.language=en -Duser.region=US />

        <property name="sun.java2d.noddraw" value="true" />
        <property name="sun.java2d.d3d" value="false" />
        <property name="java.rmi.server.hostname" value="127.0.0.1" />
        <property name="deployment.security.mixcode" value="DISABLE" />

        <jar href="sFutureScalper.jar" download="eager" main="true" />
        <jar href="sFutureScalperChart.jar" download="eager" main="false" />
        <jar href="sFutureScalperSounds.jar" download="eager" main="false" />
        <jar href="sFutureScalperContracts.jar" download="eager" main="false" />
        <jar href="sFutureScalperAuth.jar" download="eager" main="false" />
       </resources>

       <application-desc main-class="com.twc.trader.FutureScalper">
        <argument>command-line-argument</argument>
       </application-desc>

        </jnlp>

      NOTE: java.security.mixcode property is also present here, which has no effect, but deployment.config and deployment.properties are used on the system where the code is executed.




      REPRODUCIBILITY :
      This bug can be reproduced occasionally.

      CUSTOMER SUBMITTED WORKAROUND :
      No solution or workaround known.

      Release Regression From : 6u19
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Activity

            People

            • Assignee:
              dgu Dennis Gu (Inactive)
              Reporter:
              igor Igor Nekrestyanov (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: