external customer reported regression in 6u14:

Dear all,

sorry bothering you again, but I found a new bug in the Java Plugin 1.6_14-ea.


This JNLP can be loaded successfully under 1.5 and 1.6_10: http://genflux.de/genfluxFX/genfluxFX.jnlp



When I try to run it under 1.6_14-ea it breaks due to some security exceptions. I attached the full Java console output. Although I confirm full security access for this JNLP/application it somehow seems not to mange allowing my application full rights:

security: Add sandbox permissions


This happens only under 1.6_14-ea. With 1.5 and 1.6_10 full rights are granted.



Cheers,
Dieter
Posted Date : 2009-04-24 05:34:48.0

N/A

when launching with javaws, even JNLP applet is signed and user accepted security dialog, applet still runs in sandbox instead of all-permissions
Posted Date : 2009-04-24 05:36:04.0

When running signed JNLP applet using java Web Start (via javaws or shortcuts), even JNLP applet is signed and user accepted security dialog, applet still runs in sandbox instead of all-permissions.

Root problem is the Plugin2ClassLoader/JNLP2ClassLoader code is not ready for the performance fix to "ignore signers" yet.  So when JNLP applet is launched via javaws, it will use the com.sun.jnlp.JNLPCachedJarURLConnection as the JAR protocol handler, which sets the ignoreSigner flag to true.  But in this case, since we now launch JNLP applets using plugin code (JNLP2Manager/JNLP2Viewer), classloading will be done by Plugin2ClassLoader/JNLP2ClassLoader.  When ignoreSingers is true, the classloader code will fail to grant all-permissions (CodeSource.getCertficatees will return null), even if the user accepted the security dialog.
Posted Date : 2009-04-28 18:18:32.0