2 files changed, 29 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 105e2a0..8889764 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-06-26  Jiri Vanek  <[email protected]>
+
+	Last hope for not downloaded resources to be verified
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
+	(getCodeSourceSecurity): will now try to download and verify resource
+	which was downloaded outside of netx.
+	(alreadyTried) set for memory of once tried resources to not try again 
+
 2012-06-25  Adam Domurad  <[email protected]>
 
 	Small comment cleanup to classes with missing or wrong descriptions.
@@ -24,7 +32,7 @@
 	(NP_Initialize): Make use of initialization helper functions, get
 	rid of old size tests and error if the helper functions fail.
 
-2012-06-18  Adam Domurad  <[email protected]>
+2012-06-20  Adam Domurad  <[email protected]>
 
 	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
 	(verifyJar): two for loops made into for-each loops
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index a5c8403..78dc30d 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -172,6 +172,9 @@ public class JNLPClassLoader extends URLClassLoader {
     /** Map of specific original (remote) CodeSource Urls  to securitydesc */
     private HashMap<URL, SecurityDesc> jarLocationSecurityMap =
             new HashMap<URL, SecurityDesc>();
+
+    /*Set to prevent once tried-to-get resources to be tried again*/
+    private Set<URL> alreadyTried = Collections.synchronizedSet(new HashSet<URL>());
     
     /** Loader for codebase (which is a path, rather than a file) */
     private CodeBaseClassLoader codeBaseLoader;
@@ -1810,11 +1813,27 @@ public class JNLPClassLoader extends URLClassLoader {
 
     protected SecurityDesc getCodeSourceSecurity(URL source) {
         SecurityDesc sec=jarLocationSecurityMap.get(source);
+        if (sec == null && !alreadyTried.contains(source)) {
+            alreadyTried.add(source);
+            //try to load the jar which is requesting the permissions, but was NOT downloaded by standard way
+            if (JNLPRuntime.isDebug()) {
+                System.out.println("Application is trying to get permissions for " + source.toString() + ", which was not added by standard way. Trying to download and verify!");
+            }
+            try {
+                JARDesc des = new JARDesc(source, null, null, false, false, false, false);
+                addNewJar(des);
+                sec = jarLocationSecurityMap.get(source);
+            } catch (Throwable t) {
+                if (JNLPRuntime.isDebug()) {
+                    t.printStackTrace();
+                }
+                sec = null;
+            }
+        }
         if (sec == null){
             System.out.println(Translator.R("LNoSecInstance",source.toString()));
         }
         return sec;
-
     }
 
     /**