This discussion is archived
1 2 3 Previous Next 32 Replies Latest reply: Oct 29, 2013 7:26 AM by TerDale RSS

Java 7 u45 Web Start application won't launch

beda304d-4f2b-4dd2-8ec7-0b5246984eb2 Newbie
Currently Being Moderated

I maintain an Eclipse RCP application launched with WebStart. Java 7 u45 made some security changes, and now my application crashes on startup.

I've added to the manifest:

Permissions: all-permissions

Codebase: *

Trusted-Library: true

This removed all of the warning messages from the Control Panel. But I still have a classloader issue when trying to load the first necessary class from my jar.  This is new to update 45. To add to the complication, my application uses Eclipse RCP, so the classloading is through OSGi.

  • 1. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    This likely won't answer your question, but this update has messed up quite a bit with the way applet security is handled.

     

    There are a laundry list of "known issues" in the release notes and they don't make sense.

     

    For example, I use JavaScript to communicate to my applet and I have several trusted signed jars on it's class path. To permit JavaScript calls, a new parameter "Caller-Allowable-Codebase: http://*.mysite.etc" must be provided.  To permit my applet to communicate with other jars I had previously used "Trusted-Library: true", but that setting now displays a false warning.  Here's the KNOWN ISSUE from Oracle:

    KNOWN ISSUE

    Area: Deployment/Plugin
    Synopsis: Caller-Allowable-Codebase may be ignored when used with Trusted-Library.

    If a trusted, signed JAR file is using the Caller-Allowable-Codebase manifest attribute along with Trusted-Library then the Caller-Allowable-Codebase manifest entry will be ignored and, as a result, a JavaScript -> Java call will show the native LiveConnect warning. The workaround is to remove the Trusted-Library manifest entry.

    Next, I generally test my applet by running a sample.html from my desktop.  With Java 7 u45, this fails with an InvocationTargetException.

    java.lang.RuntimeException: java.lang.reflect.InvocationTargetException ...


    Caused by: java.lang.NullPointerException

      at sun.plugin2.applet.Plugin2ClassLoader.loadAllowedCodebases(Unknown Source)

    Is this a KNOWN ISSUE too?  Hard to tell.. here's the snippet from the release notes...

    KNOWN ISSUE

    Area: Deployment/Plugin
    Synopsis: Applet could fail to load by throwing NPE if pack compression is used with deployment caching disabled.

    If a JAR file is using pack compression with manifest entries Permissions and Caller-Allowable-Codebase while deployment caching is disabled, then:

    • The Permissions manifest entry will be ignored. (This can be seen from the fact that yellow warning is there on security dialog even though the Permissions attribute is there.) This only happens if Caller-Allowable-Codebase attribute is present along with the Permissionsattribute.
    • The Caller-Allowable-Codebase attribute will cause the applet to fail to load by throwing ajava.lang.NullPointerException.

    I don't use deployment caching because it started causing problems with Java 7 u21.  Adding the cache_jar parameter back in doesn't fix this.  But the irony is this exception is only raised with the Trusted Godaddy Certificate and only when being launched from file:/// url.  The Self-Signed version actually works (although some dialogs appear, but no NPE).  This doesn't make any sense. Furthermore, when the trusted-signed version is launched from http:// it works fine.   Should I turn off compression (and why would anyone do this?)

     

    But what's worse than all of this listed above is when I finally choose the right combination of settings that permits the applet to load, it completely fails on older versions such as Java 7 u40 and Java 7 u21.  My applet is compiled using JDK 5 for backwards compatibility with Mac PPC Java 1.5 and Mac Intel Java 1.6 (the sun one has compatibility issues on Mac only), but now does every client need to update to Java 7 u45?  What about the scenarios where the upgrade isn't possible due to compatibility or availability?  I wish I could answer this.

     

    I'm struggling with this and so is my open source project.  Any expert insight advice is appreciated.  I'd happily compensate someone for assistance.

     

    -Tres Finocchiaro

  • 2. Re: Java 7 u45 Web Start application won't launch
    AdamRLeggett Newbie
    Currently Being Moderated

    I am in the same boat and am actively investigating workarounds. I'm curious though - you mentioned that you had determined the right combination of settings to get your applet to work offline (without the NPE) but didn't mention what they were. I tried the permissions and codebase having already had to add trusted-library and code signing due to earlier changes made by Oracle.

     

    Edit: Found this blog post as well https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45 - not that has helped yet

  • 3. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    @AdamRLeggett,


    The release notes actually do spell it out, but to resolve this just remove "Trusted-Library" from your manifest file.  Contrary to earlier releases, it will work without that setting.  I removed it from all of my signed Jars in my project however I'm not sure if this is necessary since the article doesn't make it clear which manifest files can trigger it. (in red below)

     

    Area: Deployment/Plugin
    Synopsis: Caller-Allowable-Codebase may be ignored when used with Trusted-Library.

    If a trusted, signed JAR file is using the Caller-Allowable-Codebase manifest attribute along with Trusted-Library then the Caller-Allowable-Codebase manifest entry will be ignored and, as a result, a JavaScript -> Java call will show the native LiveConnect warning. The workaround is to remove the Trusted-Library manifest entry.

     

    The bigger issue we're having is Java 7 u21 and Java 7 u40 seem to not work with these new manifest settings forcing clients to upgrade.

     

    Fortunately for us, Java 6 u3, Java 6 u17 work fine, so I am crossing my fingers that this may just be a version 7 < u45 conflict.  I'll post more as I find it.

     

    -Tres

  • 4. Re: Java 7 u45 Web Start application won't launch
    AdamRLeggett Newbie
    Currently Being Moderated

    @Tres, thanks for the quick reply. Unfortunately I think my woes extend to the LiveConnect issue as well (which requires the Trusted-Library setting for old JREs). So far nothing I've tried has worked - and we obviously have to support earlier 1.7 releases as well. May end up shipping two applets but first I have to get past the NPE.

  • 5. Re: Java 7 u45 Web Start application won't launch
    sbrodrigues Newbie
    Currently Being Moderated

    I'm with you everyone, I am using WebStart and am getting a NPE originating from java.awt.EventDispathThread after upgrading to Java 7u45.

     

    java.lang.NullPointerException

    at com.sun.javaws.ui.SplashGenerator.create(Unknown Source)

    at com.sun.javaws.ui.SplashGenerator.finalImageAvailable(Unknown Source)

    at com.sun.deploy.ui.ImageLoader$2.run(Unknown Source)

    at java.awt.event.InvocationEvent.dispatch(Unknown Source)

    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)

    at java.awt.EventQueue.access$200(Unknown Source)

    at java.awt.EventQueue$3.run(Unknown Source)

    at java.awt.EventQueue$3.run(Unknown Source)

    at java.security.AccessController.doPrivileged(Native Method)

    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)

    at java.awt.EventQueue.dispatchEvent(Unknown Source)

    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

    at java.awt.EventDispatchThread.run(Unknown Source)

     

    There were folks experiencing it for u25 and they had a workaround.

    https://forums.oracle.com/thread/2552941?start=0&tstart=0

    Not sure if that workaround will work here. I will try and let you know.

    Java 7 Update 25 Client App Downloaded From Web Start Can't Connect Out

  • 6. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    It's not very clear reading the [link] KNOWN ISSUES, but the NPE I get is due to launching the applet from file:/// (such as opening an html file on my desktop).  Putting the applet on a web server (in my case I quickly installed XAMPP) allows it to use an http:// URL rather than a file:/// url.  This was enough to get rid of the NPE for my applet.  Ironically, my self-signed version doesn't have this limitation, so it creates a misleading inconsistency between the free and supported versions of my LGPL software.

     

    Also, pressing the number "5" in the Java Console does a detailed debugger that may help as to the cause.

     

    In terms of older Java versions, there may be an issue caused by the Java 7 dialog that prompts to upgrade as this seems to be a consistant behavior on computers that won't run the new version of the applet.  I'm having little to no luck with computers with that upgrade dialog.

     

    Either way, study the release notes KNOWN ISSUES carefully to solve your problems.  JNLP has it's own set of issues listed in the J7u54 release notes (I'm using applet tags currently).

     

    Java™ SE Development Kit 7 Update 45 Release Notes

     

    As an additional to this information, here's the bug for our project that has been tracking the Java 7 issues:  [link] Issue 155.  It's a long bug thread, but may have some details from community members that can help this as well.

     

    -Tres

  • 7. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    Some more information for those that HAVEN'T upgraded... I apologize if this is irrelevant to the OPs question, it may need to be split into its own thread.  This is quoted from a community member on our project.

     

    Hey Tres,

    Was looking into the multiple versions issue you were having and java is disabling all plugins on previous versions [prior to Java7u45] if you choose to postpone update, hit later, or block. This isn't really an issue with your jar file I don't think its more with the new security measures they have implemented. One way (and i know its not the best) is to turn your java security settings from high to medium. Depending on your work environment this may be ok, but if its any sort of public work area you are gonna wanna monitor your machines you do this too. I am not really sure you can get around this because this is something implemented on java's end. They really made things tough for a lot of people who use self signed certs lol. Even paid ones from some people, they are practically forcing people to use like Verisign or something, which is pretty lame.

     

    From what I can gather, this isn't entirely true, the applet still loads, but LiveConnect (JavaScript) calls are blocked.  I assume this is an unintentional bug.  He thinks otherwise.

     

    Sad thing is, I don't think its a bug, i think its a new software initiative where they are forcing people to upgrade or it disables java applets for them, UNLESS, you drop your security settings to medium, which is total garbage. They are really screwing software developers here with this one.

     

    I'm aware this information is mostly unrelated to the OPs question, but I'm providing it here because it is relevant for any software development shop that's trying to battle 7u45 symptoms, since the upgrade dialog he's referring to starting appearing when 7u45 became avail.

     

    On a more personal note, (not trying to bait irrelevant posts) but if you're finding this thread through a Google search and are having similar symptoms, please consider creating an Oracle account and sharing your findings.  If we can understand the impact of this upgrade and document our workarounds, we'll all be back to writing new software features rather than addressing web browser complaints.

     

    In additon I'm adding some keywords/symptoms of these issues below:

    Java Plug-in 10.40.2.43

    Using JRE version 1.7.0_40-b43 Java HotSpot(TM) Client VM

    User home directory = C:\Users\%USERPROFILE%


    Trace level set to 5: all ... completed.ruleset: finding Deployment Rule Set for

            title: null

            location: http://mysite/sample.html

            isArtifact: false

     

    ruleset: no rule applies, returning Default Rule

    network: Created version ID: 1.7.0.40

    network: Created version ID: 1.7.0.45

    security: LiveConnect (JavaScript) blocked due to security settings.

    network: Created version ID: 1.7.0.40

    network: Created version ID: 1.7.0.45

     

    -Tres

  • 8. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    There are a bunch of comments at the bottom of this article I found interesting:

    https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45

     

    Here are a few copies of the comments:

    There appears to be a bug in the current implementation (7u45) - it conflicts with the Truster-Library attribute:

    http://stackoverflow.com/questions/19393826/java-applet-manifest-allow-all-caller-allowable-codebase

     

    For those developers like us who were blindsided by this change, and now have end users across the world getting horrible security warnings with our software, and from what I am reading, the proposed fixes are not working for people, how can we get advanced warning of Oracle breaking our software?

     

    I have been using [Caller-Allowable-Codebase:] * for testing, not production, just to prove things work as expected.

     

    The workaround of removing Trusted-Library works for me. Is it being deprecated as it now seems redundant? What about users from update 21 who need the Trusted-Library attribute - forced upgrade? Better if update 46 went out ASAP that fixed this properly, however I can't find this issue listed in the bug database.

     

    I like the new changes but they're buggy/rushed and seems it's all too little to late (NPAPI being deprecated, etc).

  • 9. Re: Java 7 u45 Web Start application won't launch
    Wolfgang Newbie
    Currently Being Moderated

    I had the very same problem with an older application (RCP based on Eclipse 3.2.2). After adding Permissions, Trusted-Library and Application-Name to all jars the additional security-warnings dissapeared but we still got "java.lang.RuntimeException: No application id has been found." in the log and the app was sending strange http-requests to the server to ask for a "config.ini".

    I found the solution for that just today, the problem is that 7u45 will not transport "insecure" properties to the application unless the JNLP is signed, so the OSGi framework did not get its bundle-list, instance-area and a bunch of other stuff.

    Signing the JNLP was not feasible for us because the JNLP is generated dynamically and the properties change for each deployment, using a JNLP-Template is also no good because you cant use wildcards in properties there.

     

    "Insecure" properties can be turned into "secure" ones by putting "jnlp." at the beginning of the name so I added that prefix to all our properties and wrote a small wrapper that removes it again and then calls the main of the previous main-class.

    If you use properties in your JNLP that might be your problem as well.

     

    Wolfgang

  • 10. Re: Java 7 u45 Web Start application won't launch
    beda304d-4f2b-4dd2-8ec7-0b5246984eb2 Newbie
    Currently Being Moderated

    Wolfgang,

     

    You and I are in exactly the same situation. For anyone else out there with an Eclipse 3.2.2 RCP app and webstart, the two things I did to get it to work were adding Permissions: all-permissions to the manifest and moving my properties from <property/> elements in the JNLP to command line flags.

     


    Before as property elements in a resource element:


    <property
    name="eclipse.product"
    value="my.product"/>


    <property
    name="osgi.configuration.area"
    value="@user.home/appdir"/>
    <property
    name="osgi.instance.area"
    value="@user.home/appdir"/>


    After:

    <application-desc main-class="org.eclipse.equinox.launcher.WebStartMain">
       <argument>-nosplapsh</argument>
       <argument>-product</argument>
       <argument>com.lspeed.workbench.product</argument>
       <argument>-data</argument>
       <argument>@user.home/.astoria/Workbench/ast-dev</argument>
       <argument>-dev</argument>
       <argument>@user.home/.astoria/Workbench/ast-dev</argument>
      
       

        </application-desc>


  • 11. Re: Java 7 u45 Web Start application won't launch
    user9146454 Newbie
    Currently Being Moderated

    In regards to the Trusted-Library attribute, it appears Oracle has acknowledged the severity of this issue:

    https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and

     

    This will be fixed in a future release so that both attributes can co-exist.

    But from my experience, this won't fix much, since LiveConnect is blocked by default once a version believes it is out of date.

     

    Some satire...

     

    http://tinyurl.com/javabroke

    http://tinyurl.com/javabroke

     

     

     

    -Tres

  • 12. Re: Java 7 u45 Web Start application won't launch
    user4754121 Newbie
    Currently Being Moderated

    I have the same Problem with JNLP and a 3.7 Eclipse Target.

    After a some day’s I found all problems which are responsive that our App stop to work with Java 7u45.

    Here my finding.

     

    My Problem are/was

    - Insecure Properties

    - missing Metainf Attributes, but not Trusted-Only* and Trusted-Library*

    - Unsigned JNLP

     

    *These two properties are useless, because, Trusted-Library is only a sign for caller which this Jar use and Thrusted-Only load only trusted classes, so your app start but you got exception like descript here.

     

     

    These problems are all solved but my last problem seem´s not resolveable.

    After starting the application I got two messages, the first is a hint that the app run with full permissions

    - is a valid Information - which can disabled by user.

    The second Message box give a hint that mixed code would be executed.

    After lot of hours I found the problem.

    I investigate the WebStartMain and isolate the code line.

    The originlacode is in WebStartMain.discoverBundles line 156.

     

    I picked the same code and test it with a testapp.

    The app starts without any warning (except the "full permission hint")

     

    The Blocking Warning apperas as follows:

     

    Code:

         public static void main(String[] args) {

         try {

     

         Enumeration resources = Snippet348.class.getClassLoader().getResources("META-INF/MANIFEST.MF");

     

         while (resources.hasMoreElements()) { //After some iterations, at this line appears the Warning (URL wird hier instanziert)

              System.out.println(resources.nextElement());

         }

     

         //This Line is no Problem

         URL manifestURL = new URL("jar:http://127.0.0.1:8080/zcwebview30/clients/rcp/plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar!/META-INF/MANIFEST.MF");

                                    

         Manifest mf = new Manifest(manifestURL.openStream());

         System.out.println(mf.getMainAttributes());

                } catch (MalformedURLException e) {

         // TODO Auto-generated catch block

         e.printStackTrace();

                } catch (IOException e) {

         // TODO Auto-generated catch block

         e.printStackTrace();

                }

     

                final Display display = new Display();

     

                Shell shell = createShell();

                shell.open();

     

                while (!display.isDisposed()) {

    if (!display.readAndDispatch())

                            display.sleep();

                }

        }

    }

     

    Output:

    jar:file:/C:/Program%20Files/Java/jre7/lib/javaws.jar!/META-INF/MANIFEST.MF

    jar:file:/C:/Program%20Files/Java/jre7/lib/deploy.jar!/META-INF/MANIFEST.MF

    jar:file:/C:/Program%20Files/Java/jre7/lib/plugin.jar!/META-INF/MANIFEST.MF

    jar:file:/C:/Program%20Files/Java/jre7/lib/deploy.jar!/META-INF/MANIFEST.MF

    ==> At this point appears the warning. After Click not blocking it continue

    jar:http://127.0.0.1:8080/zcwebview30/clients/swt/demo.jar!/META-INF/MANIFEST.MF

    jar:http://127.0.0.1:8080/zcwebview30/clients/swt/swt.jar!/META-INF/MANIFEST.MF

     

    I think this is a java bug.

     

    If the URL is correct blocked then the instance of URL should never work.

    On other hand runs the app with full permission in a javaw process which is started from

    javaws before.

     

    Any suggest are welcome

  • 13. Re: Java 7 u45 Web Start application won't launch
    Wolfgang Newbie
    Currently Being Moderated

    Did you test "Trusted-Library: true" before deeming it "useless"?

    In my case this got rid of the mixed-code warning, since all my JAR are signed correctly I guess the warning comes from the way some classes/resources are loaded.

  • 14. Re: Java 7 u45 Web Start application won't launch
    user4754121 Newbie
    Currently Being Moderated

    Yes I did it. As descripted above, but only with the full app.

    I did not tested these two attributes with the test app and the specific line.

    I do it now and tell you the result of it.

     

    Andreas

1 2 3 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points