Karl:
1) I confirm that even when ALL jars & bundles are signed, osgi & jnlp
cache clean, the "security concern" still comes up
during
context.installBundle("http://xxx/org.apache.felix.framework.security-1.4.2.jar";)
2) "all permission" is present:
20:32:58.494 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - ### cache :
/home/user1/.java/deployment/cache/com.barchart.platform.host.main
20:32:58.515 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.security.AllPermission <all permissions> <all actions>)
20:32:58.516 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.lang.RuntimePermission stopThread)
20:32:58.516 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission line.separator read)
20:32:58.517 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.version read)
20:32:58.517 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.specification.version read)
20:32:58.517 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.specification.vendor read)
20:32:58.517 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vendor.url read)
20:32:58.518 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.name read)
20:32:58.518 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission os.name read)
20:32:58.518 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.vendor read)
20:32:58.518 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission path.separator read)
20:32:58.519 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.specification.name read)
20:32:58.519 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission os.version read)
20:32:58.519 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission os.arch read)
20:32:58.520 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.class.version read)
20:32:58.520 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.version read)
20:32:58.520 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission file.separator read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vendor read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.vm.specification.name read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.specification.version read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.util.PropertyPermission java.specification.vendor read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.io.FilePermission
/home/user1/.java/deployment/cache/6.0/13/288cd04d-57660858 read)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.net.SocketPermission apps.barchart.com connect,accept,resolve)
20:32:58.521 [javawsApplicationMain] DEBUG
com.barchart.platform.host.main.App - permission :
(java.net.SocketPermission localhost:1024- listen,resolve)
Andrei.
-------- Original Message --------
Subject: jnlp & felix.security
From: Andrei Pozolotin <andrei.pozolo...@gmail.com>
To: users@felix.apache.org
Date: Fri 10 Jun 2011 03:16:36 PM CDT
>
> Karl, hello again:
>
> 1) when I load a felix embedded in jnlp app,
>
> 2) and attempt to issue
> Bundle bundle =
> framework.getBundleContext().installBundle(location);
>
> 3) for location =
> http://xxx/org.apache.felix.framework.security-1.4.2.jar
>
> 4) I get the dreaded "**Error : Java has discovered application
> components that could indicate a security concern**"
> http://www.java.com/en/download/help/error_mixedcode.xml
>
> 5) jnlp app itself is running with "all permission"
> http://lopica.sourceforge.net/ref.html#all-permissions
>
> 6) the jnlp felix embedder is signed; the
> org.apache.felix.framework.security-1.4.2.jar is NOT signed;
> but also NOT signed some 10 other bundles which, if I exclude
> org.apache.felix.framework.security-1.4.2.jar from install,
> will install and start just fine w/o the above "security concern";
>
> 7) what is the missing magic ingredient in felix.security that
> makes sun deploy.jar to intercept this and how to get rid of it?
> do you by chance know of example somewhere on how to start
> felix.security in jnlp mode properly?
>
> Thank you,
>
> Andrei
>
