diff --git a/core/src/main/java/net/sourceforge/jnlp/runtime/JNLPRuntime.java b/core/src/main/java/net/sourceforge/jnlp/runtime/JNLPRuntime.java index 415f994f3..b4f523adc 100644 --- a/core/src/main/java/net/sourceforge/jnlp/runtime/JNLPRuntime.java +++ b/core/src/main/java/net/sourceforge/jnlp/runtime/JNLPRuntime.java @@ -25,6 +25,7 @@ import net.adoptopenjdk.icedteaweb.client.parts.downloadindicator.DownloadIndicator; import net.adoptopenjdk.icedteaweb.extensionpoint.ExtensionPoint; import net.adoptopenjdk.icedteaweb.io.FileUtils; +import net.adoptopenjdk.icedteaweb.jnlp.version.VersionId; import net.adoptopenjdk.icedteaweb.logging.Logger; import net.adoptopenjdk.icedteaweb.logging.LoggerFactory; import net.adoptopenjdk.icedteaweb.resources.UpdatePolicy; @@ -41,7 +42,7 @@ import net.sourceforge.jnlp.util.RestrictedFileUtils; import net.sourceforge.jnlp.util.logging.LogConfig; import net.sourceforge.jnlp.util.logging.OutputController; -import sun.net.www.protocol.jar.URLJarFile; +//import sun.net.www.protocol.jar.URLJarFile; import javax.jnlp.ServiceManager; import javax.naming.ConfigurationException; @@ -257,10 +258,20 @@ public static void initialize() throws IllegalStateException { ServiceManager.setServiceManagerStub(new XServiceManagerStub()); // ignored if we're running under Web Start - policy = new JNLPPolicy(); - - security = new JNLPSecurityManager(); // side effect: create JWindow - + // if running < Java 24 we create the security manager and the policy + final VersionId jvmVersion = VersionId.fromString(JavaSystemProperties.getJavaVersion()); + boolean isSecurityManagerEnabled = true; + if (jvmVersion.compareTo(VersionId.fromString("24")) < 0) { + LOG.info("Running on java version < 24. Create the policy and set the security manager."); + policy = new JNLPPolicy(); + + security = new JNLPSecurityManager(); // side effect: create JWindow + } + else { + LOG.info("Running on java version 24 or higher. Do not create the policy and set the security manager."); + isSecurityManagerEnabled = false; + } + doMainAppContextHacks(); final boolean deploymentNosecurity = Boolean.parseBoolean(getConfiguration().getProperty(ConfigurationConstants.KEY_NOSECURITY)); @@ -268,8 +279,9 @@ public static void initialize() throws IllegalStateException { // Set SecurityEnable to FALSE if either -nosecurity on cmdline or deployment property nosecurity is true setSecurityEnabled(!(deploymentNosecurity || cmdlineNosecurity)); LOG.debug("SecurityEnabled = {} cmdLine nosecurity = {} deployment nosecurity = {}", isSecurityEnabled(), cmdlineNosecurity, deploymentNosecurity); - if (isSecurityEnabled() && forkingStrategy.mayRunManagedApplication()) { + if (isSecurityManagerEnabled && isSecurityEnabled() && forkingStrategy.mayRunManagedApplication()) { Policy.setPolicy(policy); // do first b/c our SM blocks setPolicy + System.setSecurityManager(security); } @@ -301,7 +313,7 @@ public static void initialize() throws IllegalStateException { Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp"); - URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); + //URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); initialized = true; LOG.debug("End JNLPRuntime.initialize()"); @@ -309,7 +321,9 @@ public static void initialize() throws IllegalStateException { public static void reloadPolicy() { LOG.debug("Start JNLPRuntime.reloadPolicy()"); - policy.refresh(); + if (policy != null) { + policy.refresh(); + } LOG.debug("End JNLPRuntime.reloadPolicy()"); } @@ -464,7 +478,7 @@ private static class DeploymentConfigurationHolder { config.copyTo(System.getProperties()); } catch (ConfigurationException ex) { LOG.info("Fatal error while reading the configuration, continuing with empty. Please fix"); - //mark this exceptionas we can die on it later + //mark this exceptions we can die on it later config.setLoadingException(ex); //to be sure - we MUST die - http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/properties.html } catch (Exception t) { @@ -579,7 +593,7 @@ public static void setSecurityEnabled(boolean enabled) { */ public static SecurityDialogMessageHandler getSecurityDialogHandler() { SecurityManager sm = System.getSecurityManager(); - if (sm != null) { + if (sm != null) { // null under java 25 sm.checkPermission(new AllPermission()); } return securityDialogMessageHandler; @@ -594,7 +608,9 @@ public static SecurityDialogMessageHandler getSecurityDialogHandler() { */ public static void setExitClass(Class exitClass) { checkExitClass(); - security.setExitClass(exitClass); + if (security != null) { + security.setExitClass(exitClass); + } } /** @@ -603,7 +619,9 @@ public static void setExitClass(Class exitClass) { * Once disabled, exit cannot be re-enabled for the duration of the JVM instance */ public static void disableExit() { - security.disableExit(); + if (security != null) { + security.disableExit(); + } } /** @@ -611,7 +629,10 @@ public static void disableExit() { * determined. */ public static ApplicationInstance getApplication() { - return security.getApplication(); + if (security != null) { + return security.getApplication(); + } + return null; } /** @@ -739,7 +760,7 @@ private static void checkInitialized() { * the exit class and the runtime has been initialized. */ private static void checkExitClass() { - if (securityEnabled && initialized) + if (security != null && securityEnabled && initialized) if (!security.isExitClass()) throw new IllegalStateException("Caller is not the exit class"); } @@ -789,8 +810,9 @@ public static boolean isUnix() { public static void setInitialArguments(List args) { checkInitialized(); SecurityManager securityManager = System.getSecurityManager(); - if (securityManager != null) + if (securityManager != null) { securityManager.checkPermission(new AllPermission()); + } initialArguments = args; } diff --git a/core/src/main/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoader.java b/core/src/main/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoader.java index dd3056a1b..d39b6c70c 100644 --- a/core/src/main/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoader.java +++ b/core/src/main/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoader.java @@ -1253,7 +1253,7 @@ private Void doActivateJars(List jars) { URL fileURL = new URL("file://" + extractedJarLocation); // there is no remote URL for this, so lets fake one URL fakeRemote = new URL(jar.getLocation().toString() + "!" + je.getName()); - CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL); + //CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL); addURL(fakeRemote); jarLocationSecurityMap.put(new UrlKey(fakeRemote), jarSecurity); @@ -1268,12 +1268,17 @@ private Void doActivateJars(List jars) { } } - addURL(jar.getLocation()); + //addURL(jar.getLocation()); + if (localFile != null) { + addURL(localFile.toURI().toURL()); + } else { + addURL(jar.getLocation()); + } // there is currently no mechanism to cache files per // instance.. so only index cached files if (localFile != null) { - CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), localFile.toURI().toURL()); + //CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), localFile.toURI().toURL()); try (JarFile jarFile = new JarFile(localFile.getAbsolutePath())) { JarIndexAccess index = JarIndexAccess.getJarIndex(jarFile.getNative()); @@ -1282,7 +1287,7 @@ private Void doActivateJars(List jars) { } } } else { - CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), jar.getLocation()); + //CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), jar.getLocation()); } LOG.debug("Activate jar: {}", location); @@ -1573,8 +1578,14 @@ private void addNewJar(final JARDesc desc, UpdatePolicy updatePolicy) { return null; }); - addURL(remoteURL); - CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); + //addURL(remoteURL); + //CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); + File localFile = tracker.getCacheFile(remoteURL); + if (localFile != null) { + addURL(remoteURL.toURI().toURL()); + } else { + addURL(remoteURL); + } } catch (Exception e) { // Do nothing. This code is called by loadClass which cannot diff --git a/core/src/test/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoaderTest.java b/core/src/test/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoaderTest.java index e2ef884e7..852d1e376 100644 --- a/core/src/test/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoaderTest.java +++ b/core/src/test/java/net/sourceforge/jnlp/runtime/classloader/JNLPClassLoaderTest.java @@ -58,7 +58,7 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; -import sun.net.www.protocol.jar.URLJarFile; +//import sun.net.www.protocol.jar.URLJarFile; import java.io.File; import java.io.FileOutputStream; @@ -555,7 +555,7 @@ public void testLoadClass() throws Exception { JNLPRuntime.setSecurityEnabled(false); JNLPRuntime.setDebug(true); getConfiguration().setProperty(ConfigurationConstants.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, "NONE"); - URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); + //URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); final ServerLauncher as = ServerAccess.getIndependentInstance(jnlp.getParent(), port); try { @@ -569,7 +569,7 @@ public void testLoadClass() throws Exception { JNLPRuntime.setSecurityEnabled(securityBackup); JNLPRuntime.setDebug(verbose); getConfiguration().setProperty(ConfigurationConstants.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, manifestAttsBackup); - URLJarFile.setCallBack(null); + //URLJarFile.setCallBack(null); as.stop(); clearCache();