[
https://issues.apache.org/jira/browse/FELIX-4281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14019145#comment-14019145
]
Karl Pauls commented on FELIX-4281:
-----------------------------------
I don't think this issue has to do with the dexfile stuff. That is just a
symptom of the problem namely, if you hit the urlclassloader that loaded felix
with a request for a class it can't find it'll hit the fake url we add to it to
make framework extensions work. Due to the problematic change in how the jvm is
doing this security check that is what makes the issue appear - hence, it will
not really help you to skip the dexfile loading. We would have to make it so
that we don't register the framework extension url.
> Security Warning: Felix with Java Web Start
> -------------------------------------------
>
> Key: FELIX-4281
> URL: https://issues.apache.org/jira/browse/FELIX-4281
> Project: Felix
> Issue Type: Bug
> Environment: Windows 7 with Java 7 update 40, 64 bits
> Reporter: Cesar Souza
> Priority: Minor
> Attachments: message.zip, viewer.jnlp
>
>
> Since the release of Java 7 update 40 the following warning occurs when you
> try to execute a signed (with valid certificate) Java Web Start application:
> -----------------------------
> Security Warning
> Do you want to run this application?
> An unsigned application from the location below is requesting permission to
> run.
> http://......
> Running unsigned applications like this will be blocked in a future
> release because it is potentially unsafe and a security risk
> -----------------------------
> Although the Java recognizes the certificate in the first dialog, it shows
> the warning message when the Felix's init method is invoked.
> I have tested a same application over Java 7 update 21 and everything is ok.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
