[ https://issues.apache.org/jira/browse/FELIX-2993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13048371#comment-13048371 ]
Andrei Pozolotin commented on FELIX-2993: ----------------------------------------- per jdk jnlp source: https://github.com/carrot-garden/carrot-jnlper/tree/master/carrot-jdk6-jnlp-unix this place produces the "security concern": https://github.com/carrot-garden/carrot-jnlper/blob/master/carrot-jdk6-jnlp-unix/src/common/share/classes/com/sun/deploy/security/CPCallbackHandler.java public class CPCallbackHandler { private synchronized void check(URL url, boolean trusted, boolean authenticated) { if (maybeTrustedChild && maybeUntrustedChild) { String msg = checkAllowed(url, maybeTrustedChild && trustedChild); if (msg != null) { throw new SecurityException(msg); } } private String checkAllowed(URL url, boolean wasTrusted) { if (checkMixedTrust) { int result = showMixedTrustDialog(); if (result == UIFactory.CANCEL) { allowMixedTrust = true; } checkMixedTrust = false; } > jnlp & felix.security > --------------------- > > Key: FELIX-2993 > URL: https://issues.apache.org/jira/browse/FELIX-2993 > Project: Felix > Issue Type: Bug > Components: Framework Security > Reporter: Andrei Pozolotin > > original thread: > http://www.mail-archive.com/users@felix.apache.org/msg10424.html -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira