Open fran-pena opened 3 years ago
OWS is trying to remember your preference in a file.
By default this will be /etc/.java/deployment/.appletTrustSettings
Can you confirm that you also see the following in the logs:
The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.
First, I have a file /etc/.java/deployment/.appletTrustSettings
but it is empty. I have imported a certificate using *OpenWebStart Settings".
Second, I confirm that I have the following line in the logs:
[ITW-CORE][2021-07-30 02:36:50.445 CEST][DEBUG][net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker] The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.
Third, if I execute the command with sudo (in order to have write acces to /etc/.java/deployment/.appletTrustSettings
), then the error I have is:
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet. For more information click "more information button".
at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:567)
at net.sourceforge.jnlp.Launcher.launchApplet(Launcher.java:483)
at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:70)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:657)
Caused by: net.sourceforge.jnlp.LaunchException: The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, but was blocked from running by the user.
at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkApplicationLibraryAllowableCodebaseAttribute(ManifestAttributesChecker.java:420)
at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkAll(ManifestAttributesChecker.java:126)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:816)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:528)
... 3 more
And lastly, my ~/.config/icedtea-web/deployment.properties` is:
~/.config/icedtea-web$ more deployment.properties
#Netx deployment configuration
#Fri Jul 30 00:23:42 CEST 2021
#Fri Jul 30 00:27:11 CEST 2021
#Fri Jul 30 00:27:35 CEST 2021
#Fri Jul 30 00:46:24 CEST 2021
#Fri Jul 30 01:16:07 CEST 2021
#Fri Jul 30 01:17:05 CEST 2021
#Fri Jul 30 01:34:53 CEST 2021
#Fri Jul 30 01:40:14 CEST 2021
#Fri Jul 30 01:40:29 CEST 2021
#Fri Jul 30 01:41:17 CEST 2021
#Fri Jul 30 01:43:43 CEST 2021
#Fri Jul 30 01:43:50 CEST 2021
#Fri Jul 30 01:45:59 CEST 2021
#Fri Jul 30 01:46:04 CEST 2021
#Fri Jul 30 01:58:25 CEST 2021
#Fri Jul 30 01:58:39 CEST 2021
#Fri Jul 30 02:05:24 CEST 2021
#Fri Jul 30 02:14:34 CEST 2021
#Fri Jul 30 02:15:46 CEST 2021
#Fri Jul 30 02:35:53 CEST 2021
#Fri Jul 30 02:36:26 CEST 2021
#Fri Jul 30 02:36:44 CEST 2021
deployment.assumeFileSystemInCodebase=true
deployment.user.security.exception.sites=aplicacions.usc.es
ows.install4j.propertyUpdate=1627605404854
deployment.log.file=true
deployment.security.askgrantdialog.show=true
deployment.security.whitelist=aplicacions.usc.es
The last error looks like there is an entry in the .appletTrustSettings which prevents your app from running. Can you rename the file and see if this changes anything
Now, I have done two tests: the first one with javaws
and the second one with sudo javaws
. Before doing each test, I have moved in /etc/.java/deployment
the file .appletTrustSettings
:
sudo mv .appletTrustSettings .appletTrustSettings.old
In both tests I have enclosed the argument of javaws
in single quotes to avoid scaping every special symbol:
javaws 'jnlps://URL/applet.jnlp?accion=asinar2&jnlp=true&idSignatures=1211751'
sudo javaws 'jnlps://URL/applet.jnlp?accion=asinar2&jnlp=true&idSignatures=1211751'
where URL is a specific URL that the server with the signature service is providing to the browser.
Now, the error for the first case is the following (and it arises in the Terminal):
[ITW-CORE][2021-07-30 18:50:42.704 CEST][ERROR][net.adoptopenjdk.icedteaweb.lockingfile.LockableFile]
Exception while creating lockable file
java.io.IOException: Permiso denegado
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:1023)
at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.<init>(LockableFile.java:93)
at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.getInstance(LockableFile.java:77)
at net.adoptopenjdk.icedteaweb.lockingfile.LockingReaderWriter.<init>(LockingReaderWriter.java:62)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.<init>(UnsignedAppletActionStorageImpl.java:68)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.AppletStartupSecuritySettings.getUnsignedAppletActionGlobalStorage(AppletStartupSecuritySettings.java:62)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getStoredEntry(UnsignedAppletTrustConfirmation.java:90)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.getInfoPanelText(MatchingALACAttributePanel.java:83)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.setupInfoPanel(AppTrustWarningPanel.java:202)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.addComponents(AppTrustWarningPanel.java:270)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.<init>(MatchingALACAttributePanel.java:63)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningDialog.matchingAlaca(AppTrustWarningDialog.java:55)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:344)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:316)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:309)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.installPanel(SecurityDialog.java:357)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.access$000(SecurityDialog.java:65)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog$1.run(SecurityDialog.java:229)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:301)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
The error for the second one is the following and it arises in an OWS error window (see attached file). It arises after an Iced-Tea window have been shown ):
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet. For more information click "more information button".
at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:567)
at net.sourceforge.jnlp.Launcher.launchApplet(Launcher.java:483)
at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:70)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:657)
Caused by: net.sourceforge.jnlp.LaunchException: The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, but was blocked from running by the user.
at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkApplicationLibraryAllowableCodebaseAttribute(ManifestAttributesChecker.java:420)
at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkAll(ManifestAttributesChecker.java:126)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:816)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:528)
... 3 more
I imagine that, in the second test, the root user do not know the OWS Settings chosen by the non-root user, that is, the non-root user has activated "assume local files belong to codebase" and the root user has not.
Hi,
I realized that the previous tests were executed having as current working directory /etc/.java/deployment
. I executed the command javaws
(without sudo
) in my HOME. Now it seems that it advances a little bit more and it stops at:
[ITW-CORE][2021-08-07 00:23:49.594 CEST][ERROR][net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils]
ERROR
java.lang.reflect.InvocationTargetException
at java.awt.EventQueue.invokeAndWait(EventQueue.java:1349)
at java.awt.EventQueue.invokeAndWait(EventQueue.java:1324)
at net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils.callOnAppContext(SwingUtils.java:147)
at net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils.invokeAndWait(SwingUtils.java:159)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.initDialog(SecurityDialog.java:226)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.<init>(SecurityDialog.java:114)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogMessageHandler.handleMessage(SecurityDialogMessageHandler.java:112)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogMessageHandler.run(SecurityDialogMessageHandler.java:92)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.nio.channels.NonWritableChannelException
at sun.nio.ch.FileChannelImpl.lock(FileChannelImpl.java:1059)
at java.nio.channels.FileChannel.lock(FileChannel.java:1053)
at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile$NioFileLock.lock(LockableFile.java:237)
at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.lock(LockableFile.java:148)
at net.adoptopenjdk.icedteaweb.lockingfile.LockingReaderWriter.lock(LockingReaderWriter.java:84)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.getMatchingItems(UnsignedAppletActionStorageImpl.java:189)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.getMatchingItem(UnsignedAppletActionStorageImpl.java:165)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getMatchingItem(UnsignedAppletTrustConfirmation.java:115)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getStoredEntry(UnsignedAppletTrustConfirmation.java:92)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.getInfoPanelText(MatchingALACAttributePanel.java:83)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.setupInfoPanel(AppTrustWarningPanel.java:202)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.addComponents(AppTrustWarningPanel.java:270)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.<init>(MatchingALACAttributePanel.java:63)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningDialog.matchingAlaca(AppTrustWarningDialog.java:55)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:344)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:316)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:309)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.installPanel(SecurityDialog.java:357)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.access$000(SecurityDialog.java:65)
at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog$1.run(SecurityDialog.java:229)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:301)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
[ITW-CORE][2021-08-07 00:23:49.610 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.628 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.647 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.758 CEST][INFO ][net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog] initial value panel is null
[ITW-CORE][2021-08-07 00:23:49.760 CEST][DEBUG][net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog] Setting value: null
Hi,
So also for your latest stack trace the file that it fails to lock is the /etc/.java/deployment/.appletTrustSettings
I checked on my linux and I do not have a /etc/.java
folder so maybe as a last test rename the entire .java folder to see if this changes the behavior
Hi, I have OpenWebStart 1.4.0 on a lubuntu 20.04. I try to execute the following command in terminal:
javaws jnlps://URL/applet.jnlp?accion=asinar2\&jnlp=true\&idSignatures=1211751
where URL is a specific URL.
The result is
I'll appreciate any help.