felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Pozolotin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-2993) jnlp & felix.security
Date Sun, 12 Jun 2011 16:45:51 GMT

    [ https://issues.apache.org/jira/browse/FELIX-2993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13048371#comment-13048371
] 

Andrei Pozolotin commented on FELIX-2993:
-----------------------------------------

per jdk jnlp source:
https://github.com/carrot-garden/carrot-jnlper/tree/master/carrot-jdk6-jnlp-unix

this place produces the "security concern":
https://github.com/carrot-garden/carrot-jnlper/blob/master/carrot-jdk6-jnlp-unix/src/common/share/classes/com/sun/deploy/security/CPCallbackHandler.java

public class CPCallbackHandler {

	private synchronized void check(URL url, boolean trusted, boolean authenticated) {

            if (maybeTrustedChild && maybeUntrustedChild) {
		String msg = checkAllowed(url, maybeTrustedChild && trustedChild);
		if (msg != null) {
		    throw new SecurityException(msg);
		}
	    }


        private String checkAllowed(URL url, boolean wasTrusted) {
	    if (checkMixedTrust) {
	        int result = showMixedTrustDialog();
	        if (result == UIFactory.CANCEL) {
	            allowMixedTrust = true;
	        }
	        checkMixedTrust = false;
	    }


> jnlp & felix.security
> ---------------------
>
>                 Key: FELIX-2993
>                 URL: https://issues.apache.org/jira/browse/FELIX-2993
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework Security
>            Reporter: Andrei Pozolotin
>
> original thread:
> http://www.mail-archive.com/users@felix.apache.org/msg10424.html

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message