Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020363

Fix (partially) failed for JDK-8019425.

    XMLWordPrintable

    Details

      Description

      With 7u40 nightly #23, confirmed that rule without any application quantifier will be treated as "Invalid (run everything) rule in Local Security Policy file".

      However, location ="*" still works as before. Policy looks like below:
      ==========

      <policy>
        <rule>
           <id location="*" />
           <action permission="run"/>
        </rule>

      <!-- block everything else -->
        <rule>
           <id/>
           <action permission="block">
      <message>we don't want to run anything else</message>
      </action>
        </rule>
      </policy>
      =============

      trace segment
      ===============
      security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
      policy: Non-jnlp policy id:
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: finding LocalSecurityPolicy for
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: Rule title: null matches artifactId: SimpleApplet
      policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
      policy: Matching Policy ID:
              title: null
              location: *
              isArtifact: false
      policy: found matching id, using rule: Policy rule:
          id:
              title: null
              location: *
              isArtifact: false
          action:
              permission: run
              version: null
              message: null
      Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      Missing Codebase manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      security: Validate the certificate chain using CertPath API
      security: The OCSP support is disabled
      security: The CRL support is disabled
      ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Revocation check disabled
      security: Revocation check disabled
      security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar : java.security.Permissions@1cdbaf7 (
       ("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
      )

      security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
      policy: Non-jnlp policy id:
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: finding LocalSecurityPolicy for
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: Rule title: null matches artifactId: SimpleApplet
      policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
      policy: Matching Policy ID:
              title: null
              location: *
              isArtifact: false
      policy: found matching id, using rule: Policy rule:
          id:
              title: null
              location: *
              isArtifact: false
          action:
              permission: run
              version: null
              message: null
      Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      ================

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              herrick Andy Herrick
              Reporter:
              stephenh Stephen Hu (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: