Thank you David.

Interesting.

Output from my gradle build (which uses the shemnon javafx-plugin) looks 
like this:
...
:classes
:jar
:jfxJar
:jfxSignJar
Signing (BLOB) C:\Users\ngalarneau\.gradle\caches\3rdpartylibrary.jar
Signed as C:\directory\to\3rdpartylibrary.jar
Signing (BLOB) C:\our\test\app.jar
Signed as C:\our\test\app.jar
:jfxCopyLibs
:compilePackageJava UP-TO-DATE
:compilePackageGroovy UP-TO-DATE
:processPackageResources UP-TO-DATE
:packageClasses UP-TO-DATE
:jfxDeploy
:assemble
:compileTestJava UP-TO-DATE
:compileTestGroovy UP-TO-DATE
:processTestResources UP-TO-DATE
:testClasses UP-TO-DATE
:test UP-TO-DATE
:check UP-TO-DATE
:build

BUILD SUCCESSFUL

And, when I run the Applet, it runs just fine.

But yet, when I run the command line David sent, jarsigner reports: "jar 
is unsigned"


I'm confused.


Thanks,

Neil



From:   David DeHaven <david.deha...@oracle.com>
To:     ngalarn...@abinitio.com, 
Cc:     Kevin Rushforth <kevin.rushfo...@oracle.com>, 
"openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net>
Date:   06/16/2014 06:18 PM
Subject:        Re: All-Permissions not working properly with 
sun.plugin2.applet.FXAppletSecurityManager




Run:
jarsigner -verify -verbose -certs /path/to/some.jar

This will show (excessive) signing information as well as the certs used 
to sign.

-DrD-


> I will see if I can get permission to send you the program.
> 
> I believe all of my jars are signed with the same certificate. What is 
the 
> best way to verify that?
> 
> 
> Thanks Kevin,
> 
> Neil
> 
> 
> 
> 
> From:   Kevin Rushforth <kevin.rushfo...@oracle.com>
> To:     ngalarn...@abinitio.com, 
> Cc:     Scott Palmer <swpal...@gmail.com>, dmitry cherepanov 
> <dmitry.cherepa...@oracle.com>, "openjfx-dev@openjdk.java.net" 
> <openjfx-dev@openjdk.java.net>
> Date:   06/16/2014 06:12 PM
> Subject:        Re: All-Permissions not working properly with 
> sun.plugin2.applet.FXAppletSecurityManager
> 
> 
> 
> Hi Neil,
> 
> If you have a test program that you can send me, I can attach it for 
you.
> 
> Question for you: are all of your jar files (including the third-party 
> libs) signed with the same certificate?
> 
> -- Kevin
> 
> 
> ngalarn...@abinitio.com wrote: 
> Also, because I can't login, I can't add a comment to the bug report. 
> 
> I am also getting a security exception even though my applet is signed & 

> has all permissions. 
> 
> In this case it is happening on a call to getClassLoader() on the JavaFX 

> thread (not a daemon thread): 
> 
> Exception in thread "JavaFX Application Thread" 
> java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" "getClassLoader") 
>        at java.security.AccessControlContext.checkPermission(Unknown 
> Source) 
>        at java.security.AccessController.checkPermission(Unknown Source) 

>        at java.lang.SecurityManager.checkPermission(Unknown Source) 
>        at 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown 
Source) 
> 
>        at java.lang.ClassLoader.checkClassLoaderPermission(Unknown 
> Source) 
>        at java.lang.Class.getClassLoader(Unknown Source) 
>        ... 
> 
> The call to getClassLoader() happens from inside a 3rd party library if 
> that matters. 
> 
> When I run the identical code as a desktop application it works fine 
EVEN 
> WHEN I ADD MY OWN SECURITY MANAGER. 
> 
> 
> Thank you for any help, 
> 
> Neil 
> 
> 
> 
> 
> From:        Scott Palmer <swpal...@gmail.com> 
> To:        Kevin Rushforth <kevin.rushfo...@oracle.com>, 
> Cc:        "openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net> 

> Date:        06/13/2014 08:19 PM 
> Subject:        Re: All-Permissions not working properly with 
> sun.plugin2.applet.FXAppletSecurityManager 
> Sent by:        "openjfx-dev" <openjfx-dev-boun...@openjdk.java.net> 
> 
> 
> 
> Thank you.
> 
> Is there a way that people that are not project authors can get 
> notifications of updates?  I can’t click to add myself to the watch list 

> or vote without a login, and it seems to be near impossible to get a 
> login.
> The "Account Help” link on the login page is broken and everything I’ve 
> found in the wiki indicates I need to be a project author to get an 
> account.
> 
> Scott
> 
> 
> On Jun 13, 2014, at 8:05 PM, Kevin Rushforth 
<kevin.rushfo...@oracle.com> 
> wrote:
> 
>> Hi Scott,
>> 
>> I created two new non-confidential bugs and closed the original ones as 

> duplicates. Here are the new bugs:
>> 
>> 
>> reflection in daemon thread: 
>> JDK-8046825 (was JDK-8040699) : All-Permissions not working properly 
> with sun.plugin2.applet.FXAppletSecurityManager
>> 
>> security manager and applet-desc webstart mode: 
>> JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not 
> set Security Manager to null.
>> 
>> I have copied Dmitry in case he has any information about these bugs.
>> 
>> -- Kevin
>> 
>> 
>> Kevin Rushforth wrote:
>>> 
>>> Dmitry can comment further, but it is possible that this issue could 
be 
> backported to 8u40 if done soon enough. 
>>> 
>>> I will double-check whether the bugs can be made non-confidential (so 
> you can at least track progress), but I suspect they cannot in their 
> current form, in which case new bugs should be filed with the 
confidential 
> information moved to confidential comments in the bug. I will help with 
> this. 
>>> 
>>> -- Kevin 
>>> 
>>> 
>>> Scott Palmer wrote: 
>>>> Drat... I was hoping to see something much sooner, like 8u20 
> (obviously too late now) or 8u40.  I'm unable to use Web Start 
deployment 
> because of this. 
>>>> 
>>>> Is it necessary for these issues to be blocked from anonymous 
viewing? 
> 
>>>> 
>>>> Thanks for the update. 
>>>> 
>>>> Scott 
>>>> 
>>>> 
>>>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth <
> kevin.rushfo...@oracle.com <mailto:kevin.rushfo...@oracle.com>> wrote: 
>>>> 
>>>>    These are now assigned to Dmitry Cherapanov who I have copied here 

> 
>>>>    in case he isn't on the openjfx alias. They are both targeted to 
>>>>    JDK 9. 
>>>> 
>>>>    -- Kevin 
>>>> 
>>>> 
>>>>    Scott Palmer wrote: 
>>>> 
>>>>        I tried to send an email to Thomas asking about the status of 
>>>>        these issues 
>>>>        (they are not visible to me), but the email bounced (user 
>>>>        unknown).  Could 
>>>>        someone let me know the status? 
>>>> 
>>>>        Thanks, 
>>>> 
>>>>        Scott 
>>>> 
>>>> 
>>>>        On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng 
>>>>        <thomas.v...@oracle.com <mailto:thomas.v...@oracle.com>> 
> wrote: 
>>>> 
>>>> 
>>>>             Thanks for the report! 
>>>> 
>>>>            Two bugs created for this: 
>>>> 
>>>>            security manager and applet-desc webstart mode: 
>>>>            https://bugs.openjdk.java.net/browse/JDK-8040231 
>>>> 
>>>>            reflection in daemon thread: 
>>>>            https://bugs.openjdk.java.net/browse/JDK-8040699 
>>>> 
>>>>            -thomas 
>>>> 
>>>> 
>>>>              *From: *Scott Palmer <swpal...@gmail.com 
>>>>            <mailto:swpal...@gmail.com>> 
>>>>             *Subject: **All-Permissions not working properly with 
>>>>            sun.plugin2.applet.FXAppletSecurityManager* 
>>>>             *Date: *April 14, 2014 at 1:07:36 PM PDT 
>>>>             *To: *"openjfx-dev@openjdk.java.net 
>>>>            <mailto:openjfx-dev@openjdk.java.net>" 
>>>>            <openjfx-dev@openjdk.java.net 
>>>>            <mailto:openjfx-dev@openjdk.java.net>> 
>>>> 
>>>> 
>>>>            Can someone confirm that all-permissions is working for 
>>>>            JavaFX apps 
>>>>            that are launched via Web Start with Java 8.0 and use 
>>>>            daemon threads 
>>>>            in a Service? 
>>>> 
>>>>            I have a JNLP file that has: 
>>>>            <security> 
>>>>             <all-permissions/> 
>>>>            </security> 
>>>> 
>>>>            and the manifest of my app's jar has the following 
>>>>            instruction in my 
>>>>            Gradle script: 
>>>> 
>>>>            jar { 
>>>>               manifest { 
>>>>                   attributes('Permissions': 'all-permissions', 
>>>>                              'Codebase': '*') 
>>>>               } 
>>>>            } 
>>>> 
>>>>            I'm using the javafx gradle plugin and signing the jars... 

> 
>>>>            e.g. I see this for every dependency and the main jar: 
>>>>            ... 
>>>>            Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar 
>>>>            Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar 

> 
>>>>            ... 
>>>> 
>>>>            I even tried System.setSecurityManager(null); in my 
>>>>            start() method 
>>>>            (and it lets me do it). 
>>>> 
>>>>            However, daemon threads started by my Service are unable 
>>>>            to use 
>>>>            reflection. (It is working in the main FX application 
>>>>            thread.)  I see 
>>>>            the following stack trace in the Java console: 
>>>> 
>>>> 
>>>>            Caused by: java.security.AccessControlException: access 
> denied 
>>>>            ("java.lang.reflect.ReflectPermission" 
> "suppressAccessChecks") 
>>>>            at 
>>>>            java.security.AccessControlContext.checkPermission(Unknown 

> 
>>>>            Source) 
>>>>            at java.security.AccessController.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.SecurityManager.checkPermission(Unknown 
> Source) 
>>>>            at 
>>>> 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown 
>>>>            Source) 
>>>>            at 
>>>>            java.lang.reflect.AccessibleObject.setAccessible(Unknown 
>>>>            Source) 
>>>> 
>>>> 
>>>>            Caused by: java.security.AccessControlException: access 
> denied 
>>>>            ("java.lang.RuntimePermission" "accessDeclaredMembers") 
>>>>            at 
>>>>            java.security.AccessControlContext.checkPermission(Unknown 

> 
>>>>            Source) 
>>>>            at java.security.AccessController.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.SecurityManager.checkPermission(Unknown 
> Source) 
>>>>            at 
>>>> 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.Class.checkMemberAccess(Unknown Source) 
>>>>            at java.lang.Class.getDeclaredMethod(Unknown Source) 
>>>>            at 
>>>> 
> 
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
 

> 
>>>>            at 
>>>> 
> 
ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
 

> 
>>>>            at 
>>>> 
> 
ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
 

> 
>>>>            ... 33 more 
>>>> 
>>>>            I bring it up here because FXAppletSecurityManager is 
>>>>            involved and 
>>>>            this smells like a possible bug in plugin2 
>>>> 
>>>>            Regards, 
>>>> 
>>>>            Scott 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
> 
> 
> 
> 
> 
> NOTICE from Ab Initio: This email (including any attachments) may 
contain 
> information that is subject to confidentiality obligations or is legally 

> privileged, and sender does not waive confidentiality or privilege. If 
> received in error, please notify the sender, delete this email, and make 

> no further use, disclosure, or distribution. 
> 
> 
> 
> NOTICE from Ab Initio: This email (including any attachments) may 
contain 
> information that is subject to confidentiality obligations or is legally 

> privileged, and sender does not waive confidentiality or privilege. If 
> received in error, please notify the sender, delete this email, and make 

> no further use, disclosure, or distribution. 




 
NOTICE from Ab Initio: This email (including any attachments) may contain 
information that is subject to confidentiality obligations or is legally 
privileged, and sender does not waive confidentiality or privilege. If 
received in error, please notify the sender, delete this email, and make 
no further use, disclosure, or distribution. 

Reply via email to