Bug 816592
Summary: | icedtea-web not loading GeoGebra java applets in Firefox or Chrome | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Emiliano Pastorino <emilianopastorino> | ||||||
Component: | icedtea-web | Assignee: | jiri vanek <jvanek> | ||||||
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 16 | CC: | dbhole, omajid, pbrobinson | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-06-26 10:13:57 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Emiliano Pastorino
2012-04-26 13:16:02 UTC
Jiri, can you please take a look? Thanks. Quite interesting and tricky seams this one to me. The exception described above, is caused by loading (and using methods from) another jar, downloaded by not standard way (probably by url.getInputStream and in addition used in some creepy internal classloader) Few more facts: * both urls from reporter are pointing to same GeoGebra applets * GeoGebra applets are signed by globally trusted certificate (and doing such a nasty thing!) * runnig from comamndline (java -jar...) is not significant as there is no security manager during such a run * the behavior is same when run from javaws (with jnlp file created from html appelt tag) with the only "small" difference - the exception is consumed (probably in awt event queue thread) and so unrelated deadlock is detected much later I have suggested patch which is printing by above required debug outputs to upstream - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-April/018330.html * I do not understand why issue is not replica-able on ubuntu. My first idea was that they are using different globally trusted keystores, but it is probably not true. My second idea is that there is still icedtea-web 1.0 (or 1.1?) which had (IIRC) not so strict classloader * The fact that the some of applets are able to show splash screen, depends on calling methods from this "downloaded" jar. If those methods are called in init() then no splash is shown.If later, then at least splash screen is hown before cruel death Created attachment 580746 [details]
binary-blob reproducer
geodebra.html is original reproducer
geodebra.jnlp is the same, except rewritten to jnlp to be more easily debugged
geodebra2.{jnlp,html} is "correct" way how to download resources. However does not help here, because it is using some really crazy internal classloader which is ignoring "external" (understand normal please) classpath.
I think i can easily make reproducer for icedte-web reproducers framework for geodebra.html/jnlp. To reproduce geodebra2.html/jnlp behavior can be more complicated (and if I'm right about the suspicions for crazy internal classlaoder - then even incorrect). If we would like to fix the original issue (although I do not want to - i consider this very VERY nasty and do not wan to support this) and we maybe must to as proprietary plugin probably handle this "correctly", then my suggestion is this: in http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120427/da938d44/debuggingEnchancements.diff i have suggested to add debug line "Error! No security instance for signed "+source.toString()+" This source was loaded outside of netx, and application will have troubles to continue". So instead of this debugline, my fix would like to locate requested url/jar and regain signatures, and provide those just retrieved (and to cache them as it is done for normal resources during preloading) instead of returning null. Reproducer for this issue with source codes for icedtea-web testsuite posted to review. http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018357.html fix posted to upstream review fix posted to upstream review http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018372.html Fixed upstream. http://icedtea.classpath.org/hg/icedtea-web/rev/1d7e18be89f4 One more patch for this (and similar) issues is on the way, but appelts are working. What release is this fix contained in for Fedora? Currently it is in head, so it will reflect in 1.3, which is going to be in f18. I will try to negotiate backport to 1.2 so it will reach updates in f16+f17. after few iterations in head. Are you ok with it? Is it worthy? ( O:) ) Yes please for 1.2 backported to 1.2 |