Java版本7u45(NPE)后Java web start不起作用 [英] Java web start doesn't work after java version 7u45 (NPE)
问题描述
我们的java应用程序是通过java web start启动的(使用glassfish 4.0)。更新到java 7u45后,它不再工作。以下是错误消息:
java.lang.StringReader中的java.lang.NullPointerException
< init> (未知源)
在org.glassfish.appclient.client.JWSAppClientContainerMain.insertMaskingLoader(JWSAppClientContainerMain.java:186)
在org.glassfish.appclient.client.JWSAppClientContainerMain.main(JWSAppClientContainerMain.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown源)
在com.sun.javaws.Launcher.doLaunchApp(未知源)
在com.sun.javaws.Launcher.run(未知源)
在java.lang.Thread.run (未知来源)
HED。快速浏览GF源文件后,似乎没有定义属性 loader.config
,因为第二行会引发NPE:
final String loaderConfig = System.getProperty(loader.config);
StringReader sr = new StringReader(loaderConfig);
编辑
NPE发生的上述两条代码行是Glassfish代码,来自jar gf-client-module.jar
中的类 JWSAppClientContainerMain
。它直到java更新45。
自更新45开始,JavaWebstart不再将不安全的属性传递给您的应用程序。所有未前缀 jnlp
或 javaws
的属性都被认为是不安全的。
您需要将 loader.config
更改为 jnlp.loader.config
(都在JNLP以及你的java代码),或者你需要签署JNLP(在你的
JNLP-INF / APPLICATION.JNLP
中放置一份JNLP的精确副本jar和jar签名)。
根据这个OpenJDK Bugreport 这是一个有意的改变来解决安全
漏洞
Our java application is launchend via java web start (with glassfish 4.0). After updating to java 7u45, it doesn't work anymore. Here is the error message:
java.lang.NullPointerException
at java.io.StringReader.<init>(Unknown Source)
at org.glassfish.appclient.client.JWSAppClientContainerMain.insertMaskingLoader(JWSAppClientContainerMain.java:186)
at org.glassfish.appclient.client.JWSAppClientContainerMain.main(JWSAppClientContainerMain.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
This happens right after the download finished. After a quick look into the GF source file, it seems that the property loader.config
is not defined as the second line throws the NPE:
final String loaderConfig = System.getProperty("loader.config");
StringReader sr = new StringReader(loaderConfig);
EDIT
The above two code lines where the NPE happens is Glassfish code, from the Class JWSAppClientContainerMain
in the jar gf-client-module.jar
. It worked until java update 45.
As of Update 45, JavaWebstart will no longer pass insecure properties to your application. All properties that are not prefixed with jnlp
or javaws
are considered insecure.
You either need to change loader.config
to jnlp.loader.config
(both in the JNLP as well as your java code), or you need to sign the JNLP (place an exact copy of your JNLP in
JNLP-INF/APPLICATION.JNLP
inside your jar and sign the jar).
According to this OpenJDK Bugreport this is an intentional change to resolve a security vulnerability
这篇关于Java版本7u45(NPE)后Java web start不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!