PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path

element in the manifest.
author: Deepak Bhole <[email protected]> 2011-09-28 15:28:14 -0400
committer: Deepak Bhole <[email protected]> 2011-09-28 15:28:14 -0400
commit: 7a339780a1b3af621e2887c8dc41d86273d62320 (patch)
tree: ba01f902312b6576d8171c43de732781b7ac5a52 /netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
parent: dc63e62272f8d610986ce9327ce8ffdea9fe75f9 (diff)
1 files changed, 73 insertions, 6 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 1706076..03e3763 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -35,6 +35,7 @@ import java.security.Permission;
 import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
@@ -1019,7 +1020,11 @@ public class JNLPClassLoader extends URLClassLoader {
 
                             JarFile jarFile = new JarFile(localFile.getAbsolutePath());
                             Manifest mf = jarFile.getManifest();
-                            classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath()));
+
+                            if (file instanceof PluginBridge) {
+                                classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath()));
+                            }
+
                             JarIndex index = JarIndex.getJarIndex(jarFile, null);
                             if (index != null)
                                 jarIndexes.add(index);
@@ -1334,7 +1339,7 @@ public class JNLPClassLoader extends URLClassLoader {
      * is downloaded.
      * @param desc the JARDesc for the new jar
      */
-    private void addNewJar(JARDesc desc) {
+    private void addNewJar(final JARDesc desc) {
 
         available.add(desc);
 
@@ -1344,10 +1349,72 @@ public class JNLPClassLoader extends URLClassLoader {
                 JNLPRuntime.getDefaultUpdatePolicy()
                 );
 
-        URL remoteURL = desc.getLocation();
-        URL cachedUrl = tracker.getCacheURL(remoteURL);
-        addURL(remoteURL);
-        CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl);
+        // Give read permissions to the cached jar file
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                Permission p = CacheUtil.getReadPermission(desc.getLocation(),
+                        desc.getVersion());
+
+                resourcePermissions.add(p);
+
+                return null;
+            }
+        });
+
+        final URL remoteURL = desc.getLocation();
+        final URL cachedUrl = tracker.getCacheURL(remoteURL); // blocks till download
+
+        available.remove(desc); // Resource downloaded. Remove from available list.
+        
+        try {
+
+            // Verify if needed
+
+            final JarSigner signer = new JarSigner();
+            final List<JARDesc> jars = new ArrayList<JARDesc>();
+            jars.add(desc);
+
+            // Decide what level of security this jar should have
+            // The verification and security setting functions rely on 
+            // having AllPermissions as those actions normally happen
+            // during initialization. We therefore need to do those 
+            // actions as privileged.
+
+            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
+                public Void run() throws Exception {
+                    signer.verifyJars(jars, tracker);
+
+                    if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
+                        checkTrustWithUser(signer);
+                    }
+
+                    final SecurityDesc security;
+                    if (signer.anyJarsSigned()) {
+                        security = new SecurityDesc(file,
+                                SecurityDesc.ALL_PERMISSIONS,
+                                file.getCodeBase().getHost());
+                    } else {
+                        security = new SecurityDesc(file,
+                                SecurityDesc.SANDBOX_PERMISSIONS,
+                                file.getCodeBase().getHost());
+                    }
+
+                    jarLocationSecurityMap.put(remoteURL, security);
+
+                    return null;
+                }
+            });
+
+            addURL(remoteURL);
+            CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl);
+
+        } catch (Exception e) {
+            // Do nothing. This code is called by loadClass which cannot 
+            // throw additional exceptions. So instead, just ignore it. 
+            // Exception => jar will not get added to classpath, which will 
+            // result in CNFE from loadClass.
+            e.printStackTrace();
+        }
     }
 
     /**
author	Deepak Bhole <[email protected]>	2011-09-28 15:28:14 -0400
committer	Deepak Bhole <[email protected]>	2011-09-28 15:28:14 -0400
commit	7a339780a1b3af621e2887c8dc41d86273d62320 (patch)
tree	ba01f902312b6576d8171c43de732781b7ac5a52 /netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
parent	dc63e62272f8d610986ce9327ce8ffdea9fe75f9 (diff)