Oh, right. Blob signing can't be verified with jarsigner...
-DrD-
> Thank you David.
>
> Interesting.
>
> Output from my gradle build (which uses the shemnon javafx-plugin) looks like
> this:
> ...
> :classes
> :jar
> :jfxJar
> :jfxSignJar
> Signing (BLOB) C:\Users\ngalarneau\.gradle\caches\3rdpartylibrary.jar
> Signed as C:\directory\to\3rdpartylibrary.jar
> Signing (BLOB) C:\our\test\app.jar
> Signed as C:\our\test\app.jar
> :jfxCopyLibs
> :compilePackageJava UP-TO-DATE
> :compilePackageGroovy UP-TO-DATE
> :processPackageResources UP-TO-DATE
> :packageClasses UP-TO-DATE
> :jfxDeploy
> :assemble
> :compileTestJava UP-TO-DATE
> :compileTestGroovy UP-TO-DATE
> :processTestResources UP-TO-DATE
> :testClasses UP-TO-DATE
> :test UP-TO-DATE
> :check UP-TO-DATE
> :build
>
> BUILD SUCCESSFUL
>
> And, when I run the Applet, it runs just fine.
>
> But yet, when I run the command line David sent, jarsigner reports: "jar is
> unsigned"
>
>
> I'm confused.
>
>
> Thanks,
>
> Neil
>
>
>
> From: David DeHaven <david.deha...@oracle.com>
> To: ngalarn...@abinitio.com,
> Cc: Kevin Rushforth <kevin.rushfo...@oracle.com>,
> "openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net>
> Date: 06/16/2014 06:18 PM
> Subject: Re: All-Permissions not working properly with
> sun.plugin2.applet.FXAppletSecurityManager
>
>
>
>
> Run:
> jarsigner -verify -verbose -certs /path/to/some.jar
>
> This will show (excessive) signing information as well as the certs used to
> sign.
>
> -DrD-
>
>
> > I will see if I can get permission to send you the program.
> >
> > I believe all of my jars are signed with the same certificate. What is the
> > best way to verify that?
> >
> >
> > Thanks Kevin,
> >
> > Neil
> >
> >
> >
> >
> > From: Kevin Rushforth <kevin.rushfo...@oracle.com>
> > To: ngalarn...@abinitio.com,
> > Cc: Scott Palmer <swpal...@gmail.com>, dmitry cherepanov
> > <dmitry.cherepa...@oracle.com>, "openjfx-dev@openjdk.java.net"
> > <openjfx-dev@openjdk.java.net>
> > Date: 06/16/2014 06:12 PM
> > Subject: Re: All-Permissions not working properly with
> > sun.plugin2.applet.FXAppletSecurityManager
> >
> >
> >
> > Hi Neil,
> >
> > If you have a test program that you can send me, I can attach it for you.
> >
> > Question for you: are all of your jar files (including the third-party
> > libs) signed with the same certificate?
> >
> > -- Kevin
> >
> >
> > ngalarn...@abinitio.com wrote:
> > Also, because I can't login, I can't add a comment to the bug report.
> >
> > I am also getting a security exception even though my applet is signed &
> > has all permissions.
> >
> > In this case it is happening on a call to getClassLoader() on the JavaFX
> > thread (not a daemon thread):
> >
> > Exception in thread "JavaFX Application Thread"
> > java.security.AccessControlException: access denied
> > ("java.lang.RuntimePermission" "getClassLoader")
> > at java.security.AccessControlContext.checkPermission(Unknown
> > Source)
> > at java.security.AccessController.checkPermission(Unknown Source)
> > at java.lang.SecurityManager.checkPermission(Unknown Source)
> > at
> > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source)
> >
> > at java.lang.ClassLoader.checkClassLoaderPermission(Unknown
> > Source)
> > at java.lang.Class.getClassLoader(Unknown Source)
> > ...
> >
> > The call to getClassLoader() happens from inside a 3rd party library if
> > that matters.
> >
> > When I run the identical code as a desktop application it works fine EVEN
> > WHEN I ADD MY OWN SECURITY MANAGER.
> >
> >
> > Thank you for any help,
> >
> > Neil
> >
> >
> >
> >
> > From: Scott Palmer <swpal...@gmail.com>
> > To: Kevin Rushforth <kevin.rushfo...@oracle.com>,
> > Cc: "openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net>
> > Date: 06/13/2014 08:19 PM
> > Subject: Re: All-Permissions not working properly with
> > sun.plugin2.applet.FXAppletSecurityManager
> > Sent by: "openjfx-dev" <openjfx-dev-boun...@openjdk.java.net>
> >
> >
> >
> > Thank you.
> >
> > Is there a way that people that are not project authors can get
> > notifications of updates? I can’t click to add myself to the watch list
> > or vote without a login, and it seems to be near impossible to get a
> > login.
> > The "Account Help” link on the login page is broken and everything I’ve
> > found in the wiki indicates I need to be a project author to get an
> > account.
> >
> > Scott
> >
> >
> > On Jun 13, 2014, at 8:05 PM, Kevin Rushforth <kevin.rushfo...@oracle.com>
> > wrote:
> >
> >> Hi Scott,
> >>
> >> I created two new non-confidential bugs and closed the original ones as
> > duplicates. Here are the new bugs:
> >>
> >>
> >> reflection in daemon thread:
> >> JDK-8046825 (was JDK-8040699) : All-Permissions not working properly
> > with sun.plugin2.applet.FXAppletSecurityManager
> >>
> >> security manager and applet-desc webstart mode:
> >> JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not
> > set Security Manager to null.
> >>
> >> I have copied Dmitry in case he has any information about these bugs.
> >>
> >> -- Kevin
> >>
> >>
> >> Kevin Rushforth wrote:
> >>>
> >>> Dmitry can comment further, but it is possible that this issue could be
> > backported to 8u40 if done soon enough.
> >>>
> >>> I will double-check whether the bugs can be made non-confidential (so
> > you can at least track progress), but I suspect they cannot in their
> > current form, in which case new bugs should be filed with the confidential
> > information moved to confidential comments in the bug. I will help with
> > this.
> >>>
> >>> -- Kevin
> >>>
> >>>
> >>> Scott Palmer wrote:
> >>>> Drat... I was hoping to see something much sooner, like 8u20
> > (obviously too late now) or 8u40. I'm unable to use Web Start deployment
> > because of this.
> >>>>
> >>>> Is it necessary for these issues to be blocked from anonymous viewing?
> >
> >>>>
> >>>> Thanks for the update.
> >>>>
> >>>> Scott
> >>>>
> >>>>
> >>>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth <
> > kevin.rushfo...@oracle.com <mailto:kevin.rushfo...@oracle.com>> wrote:
> >>>>
> >>>> These are now assigned to Dmitry Cherapanov who I have copied here
> >
> >>>> in case he isn't on the openjfx alias. They are both targeted to
> >>>> JDK 9.
> >>>>
> >>>> -- Kevin
> >>>>
> >>>>
> >>>> Scott Palmer wrote:
> >>>>
> >>>> I tried to send an email to Thomas asking about the status of
> >>>> these issues
> >>>> (they are not visible to me), but the email bounced (user
> >>>> unknown). Could
> >>>> someone let me know the status?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Scott
> >>>>
> >>>>
> >>>> On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
> >>>> <thomas.v...@oracle.com <mailto:thomas.v...@oracle.com>>
> > wrote:
> >>>>
> >>>>
> >>>> Thanks for the report!
> >>>>
> >>>> Two bugs created for this:
> >>>>
> >>>> security manager and applet-desc webstart mode:
> >>>> https://bugs.openjdk.java.net/browse/JDK-8040231
> >>>>
> >>>> reflection in daemon thread:
> >>>> https://bugs.openjdk.java.net/browse/JDK-8040699
> >>>>
> >>>> -thomas
> >>>>
> >>>>
> >>>> *From: *Scott Palmer <swpal...@gmail.com
> >>>> <mailto:swpal...@gmail.com>>
> >>>> *Subject: **All-Permissions not working properly with
> >>>> sun.plugin2.applet.FXAppletSecurityManager*
> >>>> *Date: *April 14, 2014 at 1:07:36 PM PDT
> >>>> *To: *"openjfx-dev@openjdk.java.net
> >>>> <mailto:openjfx-dev@openjdk.java.net>"
> >>>> <openjfx-dev@openjdk.java.net
> >>>> <mailto:openjfx-dev@openjdk.java.net>>
> >>>>
> >>>>
> >>>> Can someone confirm that all-permissions is working for
> >>>> JavaFX apps
> >>>> that are launched via Web Start with Java 8.0 and use
> >>>> daemon threads
> >>>> in a Service?
> >>>>
> >>>> I have a JNLP file that has:
> >>>> <security>
> >>>> <all-permissions/>
> >>>> </security>
> >>>>
> >>>> and the manifest of my app's jar has the following
> >>>> instruction in my
> >>>> Gradle script:
> >>>>
> >>>> jar {
> >>>> manifest {
> >>>> attributes('Permissions': 'all-permissions',
> >>>> 'Codebase': '*')
> >>>> }
> >>>> }
> >>>>
> >>>> I'm using the javafx gradle plugin and signing the jars...
> >
> >>>> e.g. I see this for every dependency and the main jar:
> >>>> ...
> >>>> Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
> >>>> Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
> >
> >>>> ...
> >>>>
> >>>> I even tried System.setSecurityManager(null); in my
> >>>> start() method
> >>>> (and it lets me do it).
> >>>>
> >>>> However, daemon threads started by my Service are unable
> >>>> to use
> >>>> reflection. (It is working in the main FX application
> >>>> thread.) I see
> >>>> the following stack trace in the Java console:
> >>>>
> >>>>
> >>>> Caused by: java.security.AccessControlException: access
> > denied
> >>>> ("java.lang.reflect.ReflectPermission"
> > "suppressAccessChecks")
> >>>> at
> >>>> java.security.AccessControlContext.checkPermission(Unknown
> >
> >>>> Source)
> >>>> at java.security.AccessController.checkPermission(Unknown
> >>>> Source)
> >>>> at java.lang.SecurityManager.checkPermission(Unknown
> > Source)
> >>>> at
> >>>>
> > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
> >>>> Source)
> >>>> at
> >>>> java.lang.reflect.AccessibleObject.setAccessible(Unknown
> >>>> Source)
> >>>>
> >>>>
> >>>> Caused by: java.security.AccessControlException: access
> > denied
> >>>> ("java.lang.RuntimePermission" "accessDeclaredMembers")
> >>>> at
> >>>> java.security.AccessControlContext.checkPermission(Unknown
> >
> >>>> Source)
> >>>> at java.security.AccessController.checkPermission(Unknown
> >>>> Source)
> >>>> at java.lang.SecurityManager.checkPermission(Unknown
> > Source)
> >>>> at
> >>>>
> > sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
> >>>> Source)
> >>>> at java.lang.Class.checkMemberAccess(Unknown Source)
> >>>> at java.lang.Class.getDeclaredMethod(Unknown Source)
> >>>> at
> >>>>
> > ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
> >
> >
> >>>> at
> >>>>
> > ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
> >
> >
> >>>> at
> >>>>
> > ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
> >
> >
> >>>> ... 33 more
> >>>>
> >>>> I bring it up here because FXAppletSecurityManager is
> >>>> involved and
> >>>> this smells like a possible bug in plugin2
> >>>>
> >>>> Regards,
> >>>>
> >>>> Scott
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >
> >
> >
> >
> >
> > NOTICE from Ab Initio: This email (including any attachments) may contain
> > information that is subject to confidentiality obligations or is legally
> > privileged, and sender does not waive confidentiality or privilege. If
> > received in error, please notify the sender, delete this email, and make
> > no further use, disclosure, or distribution.
> >
> >
> >
> > NOTICE from Ab Initio: This email (including any attachments) may contain
> > information that is subject to confidentiality obligations or is legally
> > privileged, and sender does not waive confidentiality or privilege. If
> > received in error, please notify the sender, delete this email, and make
> > no further use, disclosure, or distribution.
>
>
>
>
>
> NOTICE from Ab Initio: This email (including any attachments) may contain
> information that is subject to confidentiality obligations or is legally
> privileged, and sender does not waive confidentiality or privilege. If
> received in error, please notify the sender, delete this email, and make no
> further use, disclosure, or distribution.
