[jira] [Commented] (FELIX-4281) Security Warning: Felix with Java Web Start

Fri, 06 Jun 2014 06:20:20 -0700 

    [ 
https://issues.apache.org/jira/browse/FELIX-4281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14019831#comment-14019831
 ] 

Rob Walker commented on FELIX-4281:
-----------------------------------

One other curiosity - a Q for Karl.

In the patched code, I noticed the following:

{format}
            
Felix.m_secureAction.addURLToURLClassLoader(Felix.m_secureAction.createURL(
                Felix.m_secureAction.createURL(null, "http:", extensionManager),
                "http://felix.extensions:9/";, extensionManager),
                Felix.class.getClassLoader());

                extensionManager = new ExtensionManager();
{format}

Was curious why the extensionManager  is only set non-null after the 
addURLToURLClassLoader() call. In the original version this would not have been 
a null value, the new ExtensionManager() would have been supplied to this call.

Is there a specific reason to pass null for extensionManager into 
addURLToURLClassLoader()?

> Security Warning: Felix with Java Web Start
> -------------------------------------------
>
>                 Key: FELIX-4281
>                 URL: https://issues.apache.org/jira/browse/FELIX-4281
>             Project: Felix
>          Issue Type: Bug
>         Environment: Windows 7 with Java 7 update 40, 64 bits
>            Reporter: Cesar Souza
>            Assignee: Karl Pauls
>            Priority: Minor
>         Attachments: message.zip, sec_action.patch, viewer.jnlp, 
> webstart.patch
>
>
> Since the release of Java 7 update 40 the following warning occurs when you 
> try to execute a signed (with valid certificate) Java Web Start application: 
> -----------------------------
> Security Warning
> Do you want to run this application?
> An unsigned application from the location below is requesting permission to 
> run.
> http://......
> Running unsigned applications like this will be blocked in a future
> release because it is potentially unsafe and a security risk
> -----------------------------
> Although the Java recognizes the certificate in the first dialog, it shows 
> the warning message when the Felix's init method is invoked.
> I have tested a same application over Java 7 update 21 and everything is ok.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to