Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8038645

Application-Library-Allowable-Codebase's documentation should be improved

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8u40
    • Component/s: docs
    • Labels:

      Description

       http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
      it's not obvious that Application-Library-Allowable-Codebase attribute required even when user opens http link with correct
      domain name in browser. Because for user it looks like he launches a jnlp file form the same host
      where main jar file is located.
       But when we open link in browser technically happens the following:
       1. A browser donwloads a jnlp file
       2. the browser passes the jnlp file to javaws
       3. javaws don't know from what host it was downloaded, because
       the jnlp passed as local jnlp
       4. we get the security warning without checkbox.

       so we need to say to javaws that this application can be run from other host
       than jar files' host. This means that Application-Library-Allowable-Codebase
      should be added to jar even if they are located on the same host that jnlp file.

      I think this should be described better in our doc:
       http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library


      .

        Attachments

          Activity

            People

            Assignee:
            jgordon Joni Gordon (Inactive)
            Reporter:
            mcherkas Mikhail Cherkasov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: