Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028417

Different dialogs will show when specified different(bad/valid) property inside JNLP

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 7u51, 8
    • Fix Version/s: 7u51
    • Component/s: deploy
    • Environment:

      win7/x86/jre8#728

      Description

      Background:
          With latest jre8, when run ca-signed apps that passing bad vmargs/property to vm, the warning dialog is with title "Security Warning" and in more information dialog, it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......"
          For example, when run the following ca-signed app that trying to pass bad property <property name=javapi.user0" value=testquote /> to vm, a warning dialog with title "Security Warning" will show up.

      Steps to reproduce:
          1 Install latest jre8 nightly build#728
          2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
          3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyquote.jnlp
             It try to pass bad property <property name=javapi.user0" value=testquote /> to vm
             The JNLP file is not signed and only jar file is signed.
          4) If a security warning dialog with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached security-warning.png and security-warning-moreinfo.png.

      But for apps that pass valid property to vm, the title of warning dialog is "Security Information".

      Steps to reproduce:
          1) Install latest jre8 nightly build#728
          2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
          3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyTest1.jnlp
             It try to pass valid property <property name="http.keepAlive" value="VALUE"/> to vm
             The JNLP file is also not signed and only jar file is signed.
          4) A security warning dialog with title "Security Information" will show up. See attached security-info.png

        Attachments

          Activity

            People

            • Assignee:
              mhowe Mark Howe (Inactive)
              Reporter:
              wenjyang Crystal Yang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: