[jira] [Commented] (FELIX-2993) jnlp & felix.security

Andrei Pozolotin (JIRA) Sun, 12 Jun 2011 09:46:50 -0700

    [ 
https://issues.apache.org/jira/browse/FELIX-2993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13048371#comment-13048371
 ]


Andrei Pozolotin commented on FELIX-2993:
-----------------------------------------

per jdk jnlp source:
https://github.com/carrot-garden/carrot-jnlper/tree/master/carrot-jdk6-jnlp-unix

this place produces the "security concern":
https://github.com/carrot-garden/carrot-jnlper/blob/master/carrot-jdk6-jnlp-unix/src/common/share/classes/com/sun/deploy/security/CPCallbackHandler.java

public class CPCallbackHandler {

        private synchronized void check(URL url, boolean trusted, boolean 
authenticated) {

            if (maybeTrustedChild && maybeUntrustedChild) {
                String msg = checkAllowed(url, maybeTrustedChild && 
trustedChild);
                if (msg != null) {
                    throw new SecurityException(msg);
                }
            }


        private String checkAllowed(URL url, boolean wasTrusted) {
            if (checkMixedTrust) {
                int result = showMixedTrustDialog();
                if (result == UIFactory.CANCEL) {
                    allowMixedTrust = true;
                }
                checkMixedTrust = false;
            }


> jnlp & felix.security
> ---------------------
>
>                 Key: FELIX-2993
>                 URL: https://issues.apache.org/jira/browse/FELIX-2993
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework Security
>            Reporter: Andrei Pozolotin
>
> original thread:
> http://www.mail-archive.com/users@felix.apache.org/msg10424.html

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (FELIX-2993) jnlp & felix.security

Reply via email to