Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020363

Fix (partially) failed for JDK-8019425.

    Details

      Description

      With 7u40 nightly #23, confirmed that rule without any application quantifier will be treated as "Invalid (run everything) rule in Local Security Policy file".

      However, location ="*" still works as before. Policy looks like below:
      ==========

      <policy>
        <rule>
           <id location="*" />
           <action permission="run"/>
        </rule>

      <!-- block everything else -->
        <rule>
           <id/>
           <action permission="block">
      <message>we don't want to run anything else</message>
      </action>
        </rule>
      </policy>
      =============

      trace segment
      ===============
      security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
      policy: Non-jnlp policy id:
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: finding LocalSecurityPolicy for
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: Rule title: null matches artifactId: SimpleApplet
      policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
      policy: Matching Policy ID:
              title: null
              location: *
              isArtifact: false
      policy: found matching id, using rule: Policy rule:
          id:
              title: null
              location: *
              isArtifact: false
          action:
              permission: run
              version: null
              message: null
      Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      Missing Codebase manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      security: Validate the certificate chain using CertPath API
      security: The OCSP support is disabled
      security: The CRL support is disabled
      ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Revocation check disabled
      security: Revocation check disabled
      security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar : java.security.Permissions@1cdbaf7 (
       ("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
      )

      security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
      policy: Non-jnlp policy id:
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: finding LocalSecurityPolicy for
              title: SimpleApplet
              location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
              main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
              main version: null
              isArtifact: true
      policy: Rule title: null matches artifactId: SimpleApplet
      policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
      policy: Matching Policy ID:
              title: null
              location: *
              isArtifact: false
      policy: found matching id, using rule: Policy rule:
          id:
              title: null
              location: *
              isArtifact: false
          action:
              permission: run
              version: null
              message: null
      Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
      ================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                herrick Andy Herrick
                Reporter:
                stephenh Stephen Hu (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: