Run: jarsigner -verify -verbose -certs /path/to/some.jar This will show (excessive) signing information as well as the certs used to sign.
-DrD- > I will see if I can get permission to send you the program. > > I believe all of my jars are signed with the same certificate. What is the > best way to verify that? > > > Thanks Kevin, > > Neil > > > > > From: Kevin Rushforth <kevin.rushfo...@oracle.com> > To: ngalarn...@abinitio.com, > Cc: Scott Palmer <swpal...@gmail.com>, dmitry cherepanov > <dmitry.cherepa...@oracle.com>, "openjfx-dev@openjdk.java.net" > <openjfx-dev@openjdk.java.net> > Date: 06/16/2014 06:12 PM > Subject: Re: All-Permissions not working properly with > sun.plugin2.applet.FXAppletSecurityManager > > > > Hi Neil, > > If you have a test program that you can send me, I can attach it for you. > > Question for you: are all of your jar files (including the third-party > libs) signed with the same certificate? > > -- Kevin > > > ngalarn...@abinitio.com wrote: > Also, because I can't login, I can't add a comment to the bug report. > > I am also getting a security exception even though my applet is signed & > has all permissions. > > In this case it is happening on a call to getClassLoader() on the JavaFX > thread (not a daemon thread): > > Exception in thread "JavaFX Application Thread" > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at java.security.AccessControlContext.checkPermission(Unknown > Source) > at java.security.AccessController.checkPermission(Unknown Source) > at java.lang.SecurityManager.checkPermission(Unknown Source) > at > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) > > at java.lang.ClassLoader.checkClassLoaderPermission(Unknown > Source) > at java.lang.Class.getClassLoader(Unknown Source) > ... > > The call to getClassLoader() happens from inside a 3rd party library if > that matters. > > When I run the identical code as a desktop application it works fine EVEN > WHEN I ADD MY OWN SECURITY MANAGER. > > > Thank you for any help, > > Neil > > > > > From: Scott Palmer <swpal...@gmail.com> > To: Kevin Rushforth <kevin.rushfo...@oracle.com>, > Cc: "openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net> > Date: 06/13/2014 08:19 PM > Subject: Re: All-Permissions not working properly with > sun.plugin2.applet.FXAppletSecurityManager > Sent by: "openjfx-dev" <openjfx-dev-boun...@openjdk.java.net> > > > > Thank you. > > Is there a way that people that are not project authors can get > notifications of updates? I can’t click to add myself to the watch list > or vote without a login, and it seems to be near impossible to get a > login. > The "Account Help” link on the login page is broken and everything I’ve > found in the wiki indicates I need to be a project author to get an > account. > > Scott > > > On Jun 13, 2014, at 8:05 PM, Kevin Rushforth <kevin.rushfo...@oracle.com> > wrote: > >> Hi Scott, >> >> I created two new non-confidential bugs and closed the original ones as > duplicates. Here are the new bugs: >> >> >> reflection in daemon thread: >> JDK-8046825 (was JDK-8040699) : All-Permissions not working properly > with sun.plugin2.applet.FXAppletSecurityManager >> >> security manager and applet-desc webstart mode: >> JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not > set Security Manager to null. >> >> I have copied Dmitry in case he has any information about these bugs. >> >> -- Kevin >> >> >> Kevin Rushforth wrote: >>> >>> Dmitry can comment further, but it is possible that this issue could be > backported to 8u40 if done soon enough. >>> >>> I will double-check whether the bugs can be made non-confidential (so > you can at least track progress), but I suspect they cannot in their > current form, in which case new bugs should be filed with the confidential > information moved to confidential comments in the bug. I will help with > this. >>> >>> -- Kevin >>> >>> >>> Scott Palmer wrote: >>>> Drat... I was hoping to see something much sooner, like 8u20 > (obviously too late now) or 8u40. I'm unable to use Web Start deployment > because of this. >>>> >>>> Is it necessary for these issues to be blocked from anonymous viewing? > >>>> >>>> Thanks for the update. >>>> >>>> Scott >>>> >>>> >>>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth < > kevin.rushfo...@oracle.com <mailto:kevin.rushfo...@oracle.com>> wrote: >>>> >>>> These are now assigned to Dmitry Cherapanov who I have copied here > >>>> in case he isn't on the openjfx alias. They are both targeted to >>>> JDK 9. >>>> >>>> -- Kevin >>>> >>>> >>>> Scott Palmer wrote: >>>> >>>> I tried to send an email to Thomas asking about the status of >>>> these issues >>>> (they are not visible to me), but the email bounced (user >>>> unknown). Could >>>> someone let me know the status? >>>> >>>> Thanks, >>>> >>>> Scott >>>> >>>> >>>> On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng >>>> <thomas.v...@oracle.com <mailto:thomas.v...@oracle.com>> > wrote: >>>> >>>> >>>> Thanks for the report! >>>> >>>> Two bugs created for this: >>>> >>>> security manager and applet-desc webstart mode: >>>> https://bugs.openjdk.java.net/browse/JDK-8040231 >>>> >>>> reflection in daemon thread: >>>> https://bugs.openjdk.java.net/browse/JDK-8040699 >>>> >>>> -thomas >>>> >>>> >>>> *From: *Scott Palmer <swpal...@gmail.com >>>> <mailto:swpal...@gmail.com>> >>>> *Subject: **All-Permissions not working properly with >>>> sun.plugin2.applet.FXAppletSecurityManager* >>>> *Date: *April 14, 2014 at 1:07:36 PM PDT >>>> *To: *"openjfx-dev@openjdk.java.net >>>> <mailto:openjfx-dev@openjdk.java.net>" >>>> <openjfx-dev@openjdk.java.net >>>> <mailto:openjfx-dev@openjdk.java.net>> >>>> >>>> >>>> Can someone confirm that all-permissions is working for >>>> JavaFX apps >>>> that are launched via Web Start with Java 8.0 and use >>>> daemon threads >>>> in a Service? >>>> >>>> I have a JNLP file that has: >>>> <security> >>>> <all-permissions/> >>>> </security> >>>> >>>> and the manifest of my app's jar has the following >>>> instruction in my >>>> Gradle script: >>>> >>>> jar { >>>> manifest { >>>> attributes('Permissions': 'all-permissions', >>>> 'Codebase': '*') >>>> } >>>> } >>>> >>>> I'm using the javafx gradle plugin and signing the jars... > >>>> e.g. I see this for every dependency and the main jar: >>>> ... >>>> Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar >>>> Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar > >>>> ... >>>> >>>> I even tried System.setSecurityManager(null); in my >>>> start() method >>>> (and it lets me do it). >>>> >>>> However, daemon threads started by my Service are unable >>>> to use >>>> reflection. (It is working in the main FX application >>>> thread.) I see >>>> the following stack trace in the Java console: >>>> >>>> >>>> Caused by: java.security.AccessControlException: access > denied >>>> ("java.lang.reflect.ReflectPermission" > "suppressAccessChecks") >>>> at >>>> java.security.AccessControlContext.checkPermission(Unknown > >>>> Source) >>>> at java.security.AccessController.checkPermission(Unknown >>>> Source) >>>> at java.lang.SecurityManager.checkPermission(Unknown > Source) >>>> at >>>> > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown >>>> Source) >>>> at >>>> java.lang.reflect.AccessibleObject.setAccessible(Unknown >>>> Source) >>>> >>>> >>>> Caused by: java.security.AccessControlException: access > denied >>>> ("java.lang.RuntimePermission" "accessDeclaredMembers") >>>> at >>>> java.security.AccessControlContext.checkPermission(Unknown > >>>> Source) >>>> at java.security.AccessController.checkPermission(Unknown >>>> Source) >>>> at java.lang.SecurityManager.checkPermission(Unknown > Source) >>>> at >>>> > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown >>>> Source) >>>> at java.lang.Class.checkMemberAccess(Unknown Source) >>>> at java.lang.Class.getDeclaredMethod(Unknown Source) >>>> at >>>> > ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304) > > >>>> at >>>> > ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240) > > >>>> at >>>> > ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83) > > >>>> ... 33 more >>>> >>>> I bring it up here because FXAppletSecurityManager is >>>> involved and >>>> this smells like a possible bug in plugin2 >>>> >>>> Regards, >>>> >>>> Scott >>>> >>>> >>>> >>>> >>>> >>>> > > > > > > NOTICE from Ab Initio: This email (including any attachments) may contain > information that is subject to confidentiality obligations or is legally > privileged, and sender does not waive confidentiality or privilege. If > received in error, please notify the sender, delete this email, and make > no further use, disclosure, or distribution. > > > > NOTICE from Ab Initio: This email (including any attachments) may contain > information that is subject to confidentiality obligations or is legally > privileged, and sender does not waive confidentiality or privilege. If > received in error, please notify the sender, delete this email, and make > no further use, disclosure, or distribution.