Jim Colquist

Greenhorn
+ Follow
since Aug 21, 2014
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Jim Colquist


I've been able to modify the original "JarSignersHardLinker" code that worked on Java 1.6 to also work on Java 1.7. The original code failed on Java 1.7 for a few reasons:

1) The mechanism for getting the list of jar files loaded by the JNLP in the original JarSignersHardLinker used the method:

Thread.currentThread().getContextClassLoader().getResources("META-INF/MANIFEST.MF")

However, in later versions of java 1.7 (I was using 1.7_45), when you access the Enumeration returned by that method, java throws up a security dialog telling you that you are accessing mixed signed/unsigned code. This dialog forces the user to select "Unblock" to allow the application to continue. This is true EVEN if all of your jars are signed! See this link describing that issue: https://community.oracle.com/thread/2593279

To work around this, we need to get the list of jar URLs in a different way. Since we know that we are running from JNLP, we know that the class loader is of type JNLPClassLoader. We can use methods on that class to get the jar list available at:

(JNLPClassLoader) (Thread.currentThread().getContextClassLoader()).getLaunchDesc().getResources().getLocalJarDescs()

The code uses reflection to call that method to get the jar list. This does not trigger the security dialog. Refer to this link (https://code.google.com/p/flyway/issues/detail?id=287) for where I got the idea on how to do this.

2) The structure of class "com.sun.deploy.cache.CachedJarFile" is changed in java 1.7. Under java 1.6, the original JarSignersHardLinker code would preserve the fields "signersRef", "signerMapRef" and "codeSourceCacheRef" by creating hard links to them. These fields no longer exist in the Java 1.7 version of CachedJarFile. Instead, under java 1.7 all of the signing data is consolidated in field "signingDataRef". So the updated linker code, in "makeHardSignersRef" only make a hard link to "signingDataRef" field.

The code has gone through a full cycle of testing without seeing the garbage collection issue with signed jars under java 1.7_45 and Java Web Start. I'm posting my code in case anyone else is struggling with the same issue.

Note that this code ONLY works on 1.7...it is NOT backwards compatible with 1.6. In our system, I've created a simple branch that calls the older version if we are running on java 1.6, and this new updated code if on java 1.7.

Here is the code:

9 years ago