Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8023821

REGRESSION: Webstart fails to send properties to application

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P2
    • Resolution: Not an Issue
    • Affects Version/s: 7u45
    • Fix Version/s: None
    • Component/s: deploy
    • Labels:
    • Subcomponent:
    • CPU:
      x86
    • OS:
      windows_7

      Description

      J2SE Version (please include all output from java -version flag):
      Java Web Start 10.45.2.07
      Using JRE version 1.7.0_45-b07 Java HotSpot(TM) 64-Bit Server VM

      Does this problem occur on J2SE 6ux or 7ux? Yes / No (pick one)
      Work with 7U40, does not now work with 7U45

      Operating System Configuration Information (be specific):
      Windows 7 64bit

      Hardware Configuration Information (be specific):
      Compaq laptop

      Bug Description:
      Properties encoded in the JNLP file are no longer sent to the application. This complete breaks
      our application.

      Steps to Reproduce (be specific):
      The encoded project works with previous releases, not with 45. With update 45,
      the text field will be empty, as opposed to saying "World"


      https://bugs.openjdk.java.net/browse/JDK-8023821

      I thought I could use it for this issue, but do not
      have success with it.

      Best Regards,
      Dennis

        Activity

        Hide
        dtitov Daniil Titov added a comment - - edited
        Starting from 7u45 launch descriptor (JNLP file) need to be signed in order to set insecure system properties. So it is expected behaviour in 7u45 since the sample doesn't have signed JNLP inside jar. ( https://bugs.openjdk.java.net/browse/JDK-8017533 )
        Show
        dtitov Daniil Titov added a comment - - edited Starting from 7u45 launch descriptor (JNLP file) need to be signed in order to set insecure system properties. So it is expected behaviour in 7u45 since the sample doesn't have signed JNLP inside jar. ( https://bugs.openjdk.java.net/browse/JDK-8017533 )
        Hide
        ngthomas Thomas Ng (Inactive) added a comment -
        This is an intentional change to resolve a security vulnerability.
        insecure properties in an unsigned jnlp file will not be set as system properties.

        there are several workarounds:

        1.) Sign the jnlp file.
              Use either a signed-jnlp file (JNLP-INF/APPLICATION.JNLP) or a signed jnlp template (JNLP-INF/APPLICATION_TEMPLATE.JNLP).
              This may be impractical if the insecure properties in the jnlp file being dynamic.
        2.) Use secure properties.
             Change all the properties in the jnlp file to pre-pend "jnlp." to the property name, and modify all code to use the new properties name.
        3.) Use secure properties and translate them in the main of your signed application to insecure properties.
            Change jnlp files to have the property names in the jnlp file pre-pended with "jnlp.myapp.", then in your application read the system properties and for each property starting with "jnlp.myapp." set the corresponding property without the "jnlp.myapp." pre-pended to the name.
        Show
        ngthomas Thomas Ng (Inactive) added a comment - This is an intentional change to resolve a security vulnerability. insecure properties in an unsigned jnlp file will not be set as system properties. there are several workarounds: 1.) Sign the jnlp file.       Use either a signed-jnlp file (JNLP-INF/APPLICATION.JNLP) or a signed jnlp template (JNLP-INF/APPLICATION_TEMPLATE.JNLP).       This may be impractical if the insecure properties in the jnlp file being dynamic. 2.) Use secure properties.      Change all the properties in the jnlp file to pre-pend "jnlp." to the property name, and modify all code to use the new properties name. 3.) Use secure properties and translate them in the main of your signed application to insecure properties.     Change jnlp files to have the property names in the jnlp file pre-pended with "jnlp.myapp.", then in your application read the system properties and for each property starting with "jnlp.myapp." set the corresponding property without the "jnlp.myapp." pre-pended to the name.
        Hide
        tyao Ting-Yun Ingrid Yao (Inactive) added a comment -
        According to the submitter, they did self-signed JNLP file.

        Attached their test jar file signed by their “real” certificate. This does not work either.
        Show
        tyao Ting-Yun Ingrid Yao (Inactive) added a comment - According to the submitter, they did self-signed JNLP file. Attached their test jar file signed by their “real” certificate. This does not work either.
        Hide
        dtitov Daniil Titov added a comment -
        Attached jar doesn't have signed-jnlp file JNLP-INF/APPLICATION.JNLP nor jnlp template JNLP-INF/APPLICATION_TEMPLATE.JNLP
        Show
        dtitov Daniil Titov added a comment - Attached jar doesn't have signed-jnlp file JNLP-INF/APPLICATION.JNLP nor jnlp template JNLP-INF/APPLICATION_TEMPLATE.JNLP

          People

          • Assignee:
            dtitov Daniil Titov
            Reporter:
            tyao Ting-Yun Ingrid Yao (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: