search

karakun / OpenWebStart

Run Web Start based applications after the release of Java 11
https://openwebstart.com
Other
420 stars 48 forks source link

Error when using a jnlps: URL #441

Open fran-pena opened 3 years ago

fran-pena commented 3 years ago

Hi, I have OpenWebStart 1.4.0 on a lubuntu 20.04. I try to execute the following command in terminal:

javaws jnlps://URL/applet.jnlp?accion=asinar2\&jnlp=true\&idSignatures=1211751

where URL is a specific URL.

The result is

[ITW-CORE][2021-07-30 01:58:45.482 CEST][ERROR][net.adoptopenjdk.icedteaweb.lockingfile.LockableFile]
Exception while creating lockable file
java.io.IOException: Permiso denegado
        at java.io.UnixFileSystem.createFileExclusively(Native Method)
        at java.io.File.createNewFile(File.java:1023)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.<init>(LockableFile.java:93)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.getInstance(LockableFile.java:77)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockingReaderWriter.<init>(LockingReaderWriter.java:62)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.<init>(UnsignedAppletActionStorageImpl.java:68)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.AppletStartupSecuritySettings.getUnsignedAppletActionGlobalStorage(AppletStartupSecuritySettings.java:62)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getStoredEntry(UnsignedAppletTrustConfirmation.java:90)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.getInfoPanelText(MatchingALACAttributePanel.java:83)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.setupInfoPanel(AppTrustWarningPanel.java:202)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.addComponents(AppTrustWarningPanel.java:270)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.<init>(MatchingALACAttributePanel.java:63)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningDialog.matchingAlaca(AppTrustWarningDialog.java:55)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:344)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:316)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:309)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.installPanel(SecurityDialog.java:357)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.access$000(SecurityDialog.java:65)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog$1.run(SecurityDialog.java:229)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:301)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

I'll appreciate any help.

sclassen commented 3 years ago

OWS is trying to remember your preference in a file. By default this will be /etc/.java/deployment/.appletTrustSettings

sclassen commented 3 years ago

Can you confirm that you also see the following in the logs:

The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.

fran-pena commented 3 years ago

First, I have a file /etc/.java/deployment/.appletTrustSettings but it is empty. I have imported a certificate using *OpenWebStart Settings".

Second, I confirm that I have the following line in the logs:

[ITW-CORE][2021-07-30 02:36:50.445 CEST][DEBUG][net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker] The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.

Third, if I execute the command with sudo (in order to have write acces to /etc/.java/deployment/.appletTrustSettings), then the error I have is:

net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet. For more information click "more information button".
    at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:567)
    at net.sourceforge.jnlp.Launcher.launchApplet(Launcher.java:483)
    at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:70)
    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:657)
Caused by: net.sourceforge.jnlp.LaunchException: The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, but was blocked from running by the user.
    at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkApplicationLibraryAllowableCodebaseAttribute(ManifestAttributesChecker.java:420)
    at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkAll(ManifestAttributesChecker.java:126)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:816)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
    at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:528)
    ... 3 more

And lastly, my ~/.config/icedtea-web/deployment.properties` is:

~/.config/icedtea-web$ more deployment.properties
#Netx deployment configuration
#Fri Jul 30 00:23:42 CEST 2021
#Fri Jul 30 00:27:11 CEST 2021
#Fri Jul 30 00:27:35 CEST 2021
#Fri Jul 30 00:46:24 CEST 2021
#Fri Jul 30 01:16:07 CEST 2021
#Fri Jul 30 01:17:05 CEST 2021
#Fri Jul 30 01:34:53 CEST 2021
#Fri Jul 30 01:40:14 CEST 2021
#Fri Jul 30 01:40:29 CEST 2021
#Fri Jul 30 01:41:17 CEST 2021
#Fri Jul 30 01:43:43 CEST 2021
#Fri Jul 30 01:43:50 CEST 2021
#Fri Jul 30 01:45:59 CEST 2021
#Fri Jul 30 01:46:04 CEST 2021
#Fri Jul 30 01:58:25 CEST 2021
#Fri Jul 30 01:58:39 CEST 2021
#Fri Jul 30 02:05:24 CEST 2021
#Fri Jul 30 02:14:34 CEST 2021
#Fri Jul 30 02:15:46 CEST 2021
#Fri Jul 30 02:35:53 CEST 2021
#Fri Jul 30 02:36:26 CEST 2021
#Fri Jul 30 02:36:44 CEST 2021
deployment.assumeFileSystemInCodebase=true
deployment.user.security.exception.sites=aplicacions.usc.es
ows.install4j.propertyUpdate=1627605404854
deployment.log.file=true
deployment.security.askgrantdialog.show=true
deployment.security.whitelist=aplicacions.usc.es
sclassen commented 3 years ago

The last error looks like there is an entry in the .appletTrustSettings which prevents your app from running. Can you rename the file and see if this changes anything

fran-pena commented 3 years ago

Now, I have done two tests: the first one with javaws and the second one with sudo javaws. Before doing each test, I have moved in /etc/.java/deployment the file .appletTrustSettings:

sudo mv .appletTrustSettings .appletTrustSettings.old

In both tests I have enclosed the argument of javaws in single quotes to avoid scaping every special symbol:

where URL is a specific URL that the server with the signature service is providing to the browser.

Now, the error for the first case is the following (and it arises in the Terminal):

[ITW-CORE][2021-07-30 18:50:42.704 CEST][ERROR][net.adoptopenjdk.icedteaweb.lockingfile.LockableFile]
Exception while creating lockable file
java.io.IOException: Permiso denegado
        at java.io.UnixFileSystem.createFileExclusively(Native Method)
        at java.io.File.createNewFile(File.java:1023)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.<init>(LockableFile.java:93)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.getInstance(LockableFile.java:77)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockingReaderWriter.<init>(LockingReaderWriter.java:62)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.<init>(UnsignedAppletActionStorageImpl.java:68)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.AppletStartupSecuritySettings.getUnsignedAppletActionGlobalStorage(AppletStartupSecuritySettings.java:62)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getStoredEntry(UnsignedAppletTrustConfirmation.java:90)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.getInfoPanelText(MatchingALACAttributePanel.java:83)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.setupInfoPanel(AppTrustWarningPanel.java:202)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.addComponents(AppTrustWarningPanel.java:270)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.<init>(MatchingALACAttributePanel.java:63)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningDialog.matchingAlaca(AppTrustWarningDialog.java:55)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:344)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:316)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:309)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.installPanel(SecurityDialog.java:357)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.access$000(SecurityDialog.java:65)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog$1.run(SecurityDialog.java:229)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:301)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

The error for the second one is the following and it arises in an OWS error window (see attached file). It arises after an Iced-Tea window have been shown screen ):

net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet. For more information click "more information button".
    at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:567)
    at net.sourceforge.jnlp.Launcher.launchApplet(Launcher.java:483)
    at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:70)
    at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:657)
Caused by: net.sourceforge.jnlp.LaunchException: The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, but was blocked from running by the user.
    at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkApplicationLibraryAllowableCodebaseAttribute(ManifestAttributesChecker.java:420)
    at net.adoptopenjdk.icedteaweb.manifest.ManifestAttributesChecker.checkAll(ManifestAttributesChecker.java:126)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:816)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
    at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
    at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:528)
    ... 3 more

I imagine that, in the second test, the root user do not know the OWS Settings chosen by the non-root user, that is, the non-root user has activated "assume local files belong to codebase" and the root user has not.

fran-pena commented 3 years ago

Hi,

I realized that the previous tests were executed having as current working directory /etc/.java/deployment. I executed the command javaws (without sudo) in my HOME. Now it seems that it advances a little bit more and it stops at:

[ITW-CORE][2021-08-07 00:23:49.594 CEST][ERROR][net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils]
ERROR
java.lang.reflect.InvocationTargetException
        at java.awt.EventQueue.invokeAndWait(EventQueue.java:1349)
        at java.awt.EventQueue.invokeAndWait(EventQueue.java:1324)
        at net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils.callOnAppContext(SwingUtils.java:147)
        at net.adoptopenjdk.icedteaweb.ui.swing.SwingUtils.invokeAndWait(SwingUtils.java:159)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.initDialog(SecurityDialog.java:226)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.<init>(SecurityDialog.java:114)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogMessageHandler.handleMessage(SecurityDialogMessageHandler.java:112)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogMessageHandler.run(SecurityDialogMessageHandler.java:92)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.nio.channels.NonWritableChannelException
        at sun.nio.ch.FileChannelImpl.lock(FileChannelImpl.java:1059)
        at java.nio.channels.FileChannel.lock(FileChannel.java:1053)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile$NioFileLock.lock(LockableFile.java:237)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockableFile.lock(LockableFile.java:148)
        at net.adoptopenjdk.icedteaweb.lockingfile.LockingReaderWriter.lock(LockingReaderWriter.java:84)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.getMatchingItems(UnsignedAppletActionStorageImpl.java:189)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl.getMatchingItem(UnsignedAppletActionStorageImpl.java:165)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getMatchingItem(UnsignedAppletTrustConfirmation.java:115)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.appletextendedsecurity.UnsignedAppletTrustConfirmation.getStoredEntry(UnsignedAppletTrustConfirmation.java:92)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.getInfoPanelText(MatchingALACAttributePanel.java:83)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.setupInfoPanel(AppTrustWarningPanel.java:202)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningPanel.addComponents(AppTrustWarningPanel.java:270)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.MatchingALACAttributePanel.<init>(MatchingALACAttributePanel.java:63)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.apptrustwarningpanel.AppTrustWarningDialog.matchingAlaca(AppTrustWarningDialog.java:55)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:344)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:316)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.getPanel(SecurityDialog.java:309)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.installPanel(SecurityDialog.java:357)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog.access$000(SecurityDialog.java:65)
        at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog$1.run(SecurityDialog.java:229)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:301)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

[ITW-CORE][2021-08-07 00:23:49.610 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.628 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.647 CEST][DEBUG][net.sourceforge.jnlp.util.logging.UnixSystemLog] System logger called with result of 0
[ITW-CORE][2021-08-07 00:23:49.758 CEST][INFO ][net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog] initial value panel is null
[ITW-CORE][2021-08-07 00:23:49.760 CEST][DEBUG][net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialog] Setting value: null
sclassen commented 3 years ago

Hi, So also for your latest stack trace the file that it fails to lock is the /etc/.java/deployment/.appletTrustSettings I checked on my linux and I do not have a /etc/.java folder so maybe as a last test rename the entire .java folder to see if this changes the behavior