JRuby does not work in Web Start because it does not set the ProtectionDomain
of Java proxy classes when it creates them
------------------------------------------------------------------------------------------------------------------------
Key: JRUBY-1226
URL: http://jira.codehaus.org/browse/JRUBY-1226
Project: JRuby
Issue Type: Bug
Components: Java Integration
Affects Versions: JRuby 1.0.0
Environment: Windows XP SP2, Java 1.6.0_01
Reporter: Andrew McDowell
Attachments: jruby-webstart-patch.zip
When I try to deploy JRuby as a Web Start application, it will fail because it
does not set the ProtectionDomain for the classes it creates. Web Start has a
security policy such that signed classes may be granted the permission to run,
while unsigned classes may not. If I jar up the JRuby implementation and my
classes/scripts, and sign them, Web Start will execute them. However, they
immediately fail because the proxy objects created by JavaClassProxyFactory
don't have the permission required to perform reflection (they are unsigned and
get put in the sandbox without permissions)
I have included a sample webstart application and a patch to fix the problem in
JavaClassProxyFactory. My solution is simply to grant the proxy classes the
ProtectionDomain of the factory. You may want to consider a full security
strategy for these proxy classes, but I don't see an offhand reason why you
wouldn't want them to have the permissions of JRuby itself.
See the README file in the zip for instructions to reproduce it and the patch.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
