[
https://issues.apache.org/jira/browse/FELIX-2993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13048371#comment-13048371
]
Andrei Pozolotin commented on FELIX-2993:
-----------------------------------------
per jdk jnlp source:
https://github.com/carrot-garden/carrot-jnlper/tree/master/carrot-jdk6-jnlp-unix
this place produces the "security concern":
https://github.com/carrot-garden/carrot-jnlper/blob/master/carrot-jdk6-jnlp-unix/src/common/share/classes/com/sun/deploy/security/CPCallbackHandler.java
public class CPCallbackHandler {
private synchronized void check(URL url, boolean trusted, boolean
authenticated) {
if (maybeTrustedChild && maybeUntrustedChild) {
String msg = checkAllowed(url, maybeTrustedChild &&
trustedChild);
if (msg != null) {
throw new SecurityException(msg);
}
}
private String checkAllowed(URL url, boolean wasTrusted) {
if (checkMixedTrust) {
int result = showMixedTrustDialog();
if (result == UIFactory.CANCEL) {
allowMixedTrust = true;
}
checkMixedTrust = false;
}
> jnlp & felix.security
> ---------------------
>
> Key: FELIX-2993
> URL: https://issues.apache.org/jira/browse/FELIX-2993
> Project: Felix
> Issue Type: Bug
> Components: Framework Security
> Reporter: Andrei Pozolotin
>
> original thread:
> http://www.mail-archive.com/[email protected]/msg10424.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
