[RFC][IcedTea-Web]: Change #4 (PersistenceService) of new JNLP specification (v7.0)

Omair Majid omajid at redhat.com
Wed Jun 8 13:44:45 PDT 2011

On 06/08/2011 04:19 PM, Saad Mohammad wrote:
> On 06/08/2011 03:52 PM, Omair Majid wrote:
>> app = JNLPRuntime.getApplication();
> I am looking into ApplicationInstance.isSigned at the moment, and I will
> try running some test to see if it is actually a better method to
> determine whether the application has a signature.

Please do NOT use ApplicationIsntance.isSigned(). Deepak himself patched 
checkAccess to avoid using ApplicationInstance.isSigned. It is not 
enough. You can have unsigned applications calling privileged code which 
does doPrivileged() operations. I think it's completely fine to allow 
them to use PersistenceService.

> I will get back with
> that soon. Deepak is also right about having a nested if condition, I
> will fix it with &&. I will also create a method within ServiceUtil to
> avoid having duplicate code and will email my updated patch soon.

I look forward to it.


More information about the distro-pkg-dev mailing list