Bug 905074
| Summary: | JNLP with jnlp.packEnabled and jnlp.versionEnabled results in "Application Error: Cannot grant permissions to unsigned jars." | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mike Heller <michael> | ||||||||||||
| Component: | icedtea-web | Assignee: | Andrew Azores <aazores> | ||||||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
| Severity: | high | Docs Contact: | |||||||||||||
| Priority: | unspecified | ||||||||||||||
| Version: | 18 | CC: | aazores, adomurad, bloch, brovvnout+rh, dbhole, d.bz-redhat, fedora, gianluca.cecchi, grajaiya, igeorgex, imammedo, jskarvad, jvanek, kevin, key, long, michael, naoki, omajid, savelov, tbzatek, wmealing | ||||||||||||
| Target Milestone: | --- | Flags: | aazores:
needinfo-
|
||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | i386 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | 753960 | Environment: | |||||||||||||
| Last Closed: | 2013-06-19 20:03:00 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Mike Heller
2013-01-28 14:14:46 UTC
Hi. Which app are you experiencing this with? Would it be possible for us to access it/reproduce this? the app is called Spectrum Infrastructure Manager supplied by CA. There is propably a testing website but I need to check with the supplier. unfortunately I cannot offer such a opportunity. I understand. Can you please follow the steps here and post the plugin.log and java.std* files then? Thanks! http://icedtea.classpath.org/wiki/IcedTea-Web#Filing_bugs Created attachment 689604 [details]
javaws log
Created attachment 689605 [details]
icedtea log
I've uploaded the requested logs. do not hesitate to ask for further information. Thanks. I am not sure what the ;no_javaws_cheat means, but it might be to blame here. Can you please paste the output of: wget -O /dev/null http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar%3Bno_javaws_cheat and wget -O /dev/null http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar ? Thanks. wget -O /dev/null http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar%3Bno_javaws_cheat --2013-01-29 21:53:30-- http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar%3Bno_javaws_cheat Auflösen des Hostnamen »zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)«... 10.66.5.72 Verbindungsaufbau zu zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)|10.66.5.72|:8080... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 404 /spectrum/lib/contrib/clientforti.jar%3Bno_javaws_cheat 2013-01-29 21:53:30 FEHLER 404: /spectrum/lib/contrib/clientforti.jar%3Bno_javaws_cheat. ------ wget -O /dev/null http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar wget -O /dev/null http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar --2013-01-29 21:54:02-- http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/contrib/clientforti.jar Auflösen des Hostnamen »zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)«... 10.66.5.72 Verbindungsaufbau zu zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)|10.66.5.72|:8080... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 200 OK Länge: 5865 (5.7K) [application/java-archive] In »»/dev/null«« speichern. 100%[======================================================================================>] 5'865 --.-K/s in 0.08s 2013-01-29 21:54:03 (70.9 KB/s) - »»/dev/null«« gespeichert [5865/5865] any clues? need more info? Sorry for the delay Mike; the last few weeks have been quite hectic. I've asked Adam (just added to cc) to take a look into this. Created attachment 697415 [details]
Possible workaround
I have attached a possible workaround, please run the shell script in some arbitrary folder. I have no way of testing it but hopefully it'll work, but even if it doesn't hopefully it will give us more information. The cause is almost definitely the added ;no_javaws_cheat. We can work towards stripping this from the URL but at this point it is not clear what it is intended to do. Hopefully running the workaround (which simply strips this and makes sure the JNLP is not redownloaded) will give us more information. Thanks. No worry about the delay.
Unfortunately the script does not work finally.
However, it starts downloading the jar jar files actually without the error message before. But I got a new one.
Here is the console output of the workaround script:
HTTP-Anforderung gesendet, warte auf Antwort... 200 OK
Länge: nicht spezifiziert [application/x-java-jnlp-file]
In »»oneclick.jnlp.4«« speichern.
[ <=> ] 7'523 --.-K/s in 0.02s
2013-02-15 07:33:07 (376 KB/s) - »»oneclick.jnlp.4«« gespeichert [7523]
JAR http://zhbapssp-spsv01.bwns.ch:8080/spectrum/lib/jsafeJCEFIPS.jar;no_javaws_cheat not found. Continuing.
net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:312)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:232)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:357)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:421)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeExtensions(JNLPClassLoader.java:453)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:225)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:357)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:330)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:789)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:555)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:908)
java.lang.NoClassDefFoundError: com/rsa/jsafe/provider/JsafeJCE
at com.aprisma.spectrum.app.swing.window.LoginPrompt.getInformation(LoginPrompt.java:476)
at com.aprisma.spectrum.app.swing.window.LoginPrompt.<init>(LoginPrompt.java:314)
at com.aprisma.spectrum.app.client.jnlp.ClientAppBase$HttpAuthenticator.getPasswordAuthentication(ClientAppBase.java:314)
at com.aprisma.util.net.http.Authenticator.getCredentials(Authenticator.java:338)
at com.aprisma.util.net.http.Authenticator.basic(Authenticator.java:374)
at com.aprisma.util.net.http.Authenticator.authenticate(Authenticator.java:248)
at com.aprisma.util.net.http.Authenticator.authenticate(Authenticator.java:113)
at com.aprisma.util.net.http.HttpMethod.processAuthenticationResponse(HttpMethod.java:697)
at com.aprisma.util.net.http.HttpMethod.execute(HttpMethod.java:940)
at com.aprisma.util.net.http.HttpMethod.execute(HttpMethod.java:818)
at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.authenticateUser(ClientAppBase.java:1636)
at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.initialize(ClientAppBase.java:732)
at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.<init>(ClientAppBase.java:551)
at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.<init>(ClientAppBase.java:521)
at com.aprisma.spectrum.app.console.client.ConsoleApp.<init>(ConsoleApp.java:252)
at com.aprisma.spectrum.app.console.client.ConsoleApp.main(ConsoleApp.java:465)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:597)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:908)
Caused by: java.lang.ClassNotFoundException: com.rsa.jsafe.provider.JsafeJCE
at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1609)
... 22 more
after downloading the jar file a login window should pop up.
Created attachment 697837 [details]
Possible workaround
OK looks like we're getting closer, its pulling in another jnlp that has the weird ';no_javaws_cheat' stuff. Try this new workaround, hopefully it will get further. Cheers. unfortunately I get the same error. But I made probably something wrong. When I start the new script I got the error "could not find cryptoj.jnlp or oneclick.jnlp". So I wget those files into a directory and start the script again. But in this case I'm not sure if this is the proper way. I guess that the modified crypto file will not be used because the error is still the same? --2013-02-15 16:43:11-- http://zhbapssp-spsv01.bwns.ch:8080/spectrum/cryptoj.jnlp Auflösen des Hostnamen »zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)«... 10.66.5.72 Verbindungsaufbau zu zhbapssp-spsv01.bwns.ch (zhbapssp-spsv01.bwns.ch)|<ip-adress>|:8080... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 200 OK Länge: nicht spezifiziert [application/x-java-jnlp-file] In »»cryptoj.jnlp.1«« speichern. [ <=> ] 1'219 --.-K/s in 0s 2013-02-15 16:43:11 (71.5 MB/s) - »»cryptoj.jnlp.1«« gespeichert [1219] java.io.IOException: http://zhbapssp-spsv01.bwns.ch:8080/home/michael/spectrum/cryptoj2.jnlp at net.sourceforge.jnlp.JNLPFile.openURL(JNLPFile.java:284) at net.sourceforge.jnlp.JNLPFile.<init>(JNLPFile.java:206) at net.sourceforge.jnlp.JNLPFile.<init>(JNLPFile.java:190) at net.sourceforge.jnlp.JNLPFile.<init>(JNLPFile.java:240) at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:419) at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeExtensions(JNLPClassLoader.java:453) at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:225) at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:357) at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:330) at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:789) at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:555) at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:908) java.lang.NoClassDefFoundError: com/rsa/jsafe/provider/JsafeJCE at com.aprisma.spectrum.app.swing.window.LoginPrompt.getInformation(LoginPrompt.java:476) at com.aprisma.spectrum.app.swing.window.LoginPrompt.<init>(LoginPrompt.java:314) at com.aprisma.spectrum.app.client.jnlp.ClientAppBase$HttpAuthenticator.getPasswordAuthentication(ClientAppBase.java:314) at com.aprisma.util.net.http.Authenticator.getCredentials(Authenticator.java:338) at com.aprisma.util.net.http.Authenticator.basic(Authenticator.java:374) at com.aprisma.util.net.http.Authenticator.authenticate(Authenticator.java:248) at com.aprisma.util.net.http.Authenticator.authenticate(Authenticator.java:113) at com.aprisma.util.net.http.HttpMethod.processAuthenticationResponse(HttpMethod.java:697) at com.aprisma.util.net.http.HttpMethod.execute(HttpMethod.java:940) at com.aprisma.util.net.http.HttpMethod.execute(HttpMethod.java:818) at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.authenticateUser(ClientAppBase.java:1636) at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.initialize(ClientAppBase.java:732) at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.<init>(ClientAppBase.java:551) at com.aprisma.spectrum.app.client.jnlp.ClientAppBase.<init>(ClientAppBase.java:521) at com.aprisma.spectrum.app.console.client.ConsoleApp.<init>(ConsoleApp.java:252) at com.aprisma.spectrum.app.console.client.ConsoleApp.main(ConsoleApp.java:465) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:597) at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:908) Caused by: java.lang.ClassNotFoundException: com.rsa.jsafe.provider.JsafeJCE at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1609) ... 22 more Created attachment 697947 [details]
Possible workaround2
"http://zhbapssp-spsv01.bwns.ch:8080/home/michael/spectrum/cryptoj2.jnlp" didnt work out as planned. OK heres another try. This one tries to 'inline' the extension JNLP so its not needed. Worth a shot :-). Cheers. God job man. This one is working! Great! :-) So it seems we need to ignore anything after ';' in a jar URL. I still have to wonder why they added it in the first place. On that note, let us know if you run into further bugs, because their could be some obscure use for this ';no_javaws_cheat' string... I'll get around to a 'proper fix' sometime. Cheers. Mike, Can you try to reproduce this bug with the latest version of icedtea-web? We've tried to reproduce it with some mockup JNLPs here and this bug seems to have been fixed. sorry for the late reply but I was off a few weeks. But wohoo, this works perfectly! Thanks, no longer a work around needed! |