[JDK-8153077] JNLP example with -XaddExports

Discussion:

Reto Merz

2017-01-18 13:35:31 UTC

Hello,

Is there any documentation or a public available working example how to use -XaddExports for WebStart apps ?
I have no acces to the example mentioned in JDK-8153077.

We try this:
<j2se version="1.8+" java-vm-args="-XaddExports:java.base/sun.security.action=ALL-UNNAMED"/>

and also this:
<resources>
<j2se version="1.8+"/>
[..]
<property name="addExports" value="java.base/sun.security.action=ALL-UNNAMED"/>
</resources>

In both cases WebStart throws a IAE. All our JARs are signed and JNLP also request all-permissions.
Tested with Java 9 b152 and Windows 7. Java Webstart Console output:

Java Web Start 12.0.0.0
Using JRE version 9-ea+152 Java HotSpot(TM) 64-Bit Server VM
JRE expiration date: 11.07.17, 00:00
User home directory = C:\Users\Administrator
[..]
#### Java Web Start Error:
#### java.lang.IllegalAccessError: class ch.abacus.Java9Test (in unnamed module @0x4ab3b734) cannot access class sun.security.action.GetPropertyAction (in module java.base) because module java.base does not export sun.security.action to unnamed module @0x4ab3b734

Thanks
Reto Merz

Alan Bateman

2017-01-18 13:48:19 UTC

Permalink

Post by Reto Merz
Hello,
Is there any documentation or a public available working example how to use -XaddExports for WebStart apps ?
I have no acces to the example mentioned in JDK-8153077.
<j2se version="1.8+" java-vm-args="-XaddExports:java.base/sun.security.action=ALL-UNNAMED"/>

I suspect this is what you want (and should be allowed because the
application is signed):

<java version="9+"
java-vm-args="--add-exports=java.base/sun.security.action=ALL-UNNAMED"/>

At the same time then it would be good to understand why this code needs
to make direct use of types in sun.security.action. As there isn't
anything very critical in that package then it make be a
straight-forward dependency to remove.

-Alan

Reto Merz

2017-01-18 14:19:24 UTC

Permalink

Thanks Alan for clarify the syntax, it works!

This was just an example. At the moment we just want to evaluate some basics with Java 9 + Webstart.
In our real world application we use these classes from sun.security.*

sun.security.util.DerValue
sun.security.x509.AVA
sun.security.x509.AlgorithmId
sun.security.x509.CertificateAlgorithmId
sun.security.x509.CertificateIssuerName
sun.security.x509.CertificateSerialNumber
sun.security.x509.CertificateSubjectName
sun.security.x509.CertificateValidity
sun.security.x509.CertificateVersion
sun.security.x509.CertificateX509Key
sun.security.x509.RDN
sun.security.x509.X500Name
sun.security.x509.X509CertImpl
sun.security.x509.X509CertInfo
sun.security.x509.AVA
sun.security.x509.CertificatePoliciesExtension
sun.security.x509.CertificatePolicyId
sun.security.x509.PolicyInformation
sun.security.x509.X500Name
sun.security.x509.X509CertImpl
sun.security.x509.X509CertImpl

I am not the owner of this code and I dont know what exactly is does, it is beyond me.
As far as I know the public JRE API and bouncycastle lib does not provide some functionality needed to support some Smartcards and SuisseID.

Reto

Post by Reto Merz

Post by Reto Merz
Hello,
Is there any documentation or a public available working example how to

use -XaddExports for WebStart apps ?

Post by Reto Merz
I have no acces to the example mentioned in JDK-8153077.
<j2se version="1.8+" java-vm-args="-

XaddExports:java.base/sun.security.action=ALL-UNNAMED"/>
I suspect this is what you want (and should be allowed because the
<java version="9+"
java-vm-args="--add-exports=java.base/sun.security.action=ALL-
UNNAMED"/>
At the same time then it would be good to understand why this code needs
to make direct use of types in sun.security.action. As there isn't
anything very critical in that package then it make be a
straight-forward dependency to remove.
-Alan

Reto Merz

2017-01-19 09:35:04 UTC

Permalink

One more question: Is it possible to use --add-opens in JNLP ?
We have try this:

<java version="9+"
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"/>

This seems not to work/legal, or we use the wrong syntax:
#### Java Web Start Error:
#### Unable to make field private final byte[] java.lang.String.value accessible: module java.base does not "opens java.lang" to unnamed module @60bfc3dd

Thanks
Reto

-----Ursprüngliche Nachricht-----
Gesendet: Mittwoch, 18. Januar 2017 14:48
Betreff: Re: [JDK-8153077] JNLP example with -XaddExports

Post by Reto Merz
Hello,
Is there any documentation or a public available working example how to

use -XaddExports for WebStart apps ?

Post by Reto Merz
I have no acces to the example mentioned in JDK-8153077.
<j2se version="1.8+" java-vm-args="-

Robert Gibson

2017-01-19 10:00:28 UTC

Permalink

Hi Reto,
I don't think this works in WebStart, which is usually a bit behind the curve in option handling. I filled a bug for exactly this problem yesterday but I don't have a bug number yet.
Robert

Post by Reto Merz
One more question: Is it possible to use --add-opens in JNLP ?
<java version="9+"
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"/>
Thanks
Reto

-----Ursprüngliche Nachricht-----
Gesendet: Mittwoch, 18. Januar 2017 14:48
Betreff: Re: [JDK-8153077] JNLP example with -XaddExports

Post by Reto Merz
Hello,
Is there any documentation or a public available working example how to

use -XaddExports for WebStart apps ?

Post by Reto Merz
I have no acces to the example mentioned in JDK-8153077.
<j2se version="1.8+" java-vm-args="-

Alan Bateman

2017-01-19 10:36:59 UTC

Permalink

Post by Reto Merz
One more question: Is it possible to use --add-opens in JNLP ?
<java version="9+"
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"/>

Not yet but there is an issue (JDK-8172986) tracking this. It is of
course questionable as to whether it's a good idea or not.

BTW: Do you know what is hacking into String.value?

-Alan

Reto Merz

2017-01-19 12:06:51 UTC

Permalink

Post by Reto Merz

Post by Reto Merz
One more question: Is it possible to use --add-opens in JNLP ?
<java version="9+"
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"/>
#### Unable to make field private final byte[] java.lang.String.value

accessible: module java.base does not "opens java.lang" to unnamed
Not yet but there is an issue (JDK-8172986) tracking this.

Thanks for the info. Unfortunately JDK-8172986 is not public visible.

Post by Reto Merz
It is of course questionable as to whether it's a good idea or not.

Most time we need reflections hacks to fix issues in the JRE because webstart does not support -Xbootclasspath,
for example in the past we have create workarounds for JDK-8130735 and JDK-6477756, just to name two issues.
We use Java since 1.3, there are tons of hacks and as always too less time to look into it and cleanup if possible.
BTW we have never understand why Webstart does not allow any java arguments when JARs are signed and all-permissions is requested.
The launcher has anway to perform checks before the "definitve" java proces is started.

Post by Reto Merz
BTW: Do you know what is hacking into String.value?

This is used by performance critical code and I hope the owner of this code knows the details and the impact.
We are aware that Hotspot intrinsic string operations and string related stuff may be affected/changed for example by JEP 254 (compatc strings).

Reto