[SOLVED] vendor property in j2se tag does not supersede default value

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
ptai
Posts: 10
Joined: 13 Aug 2020, 14:50

[SOLVED] vendor property in j2se tag does not supersede default value

Post by ptai »

When the property ows.jvm.manager.server.allowFromJnlp is set to true, the JVM list from the server given in the j2se tag (with property "href") supersedes the default JVMs server list from the default server (ows.jvm.manager.server.default).

-> This allows us to provide a list of JVMs by setting ows.jvm.manager.server.allowFromJnlp to true and locking that property. As it will only use the server given in the property, this also ensures that only JVMs provided by us will be used. The customer can still use other OWS applications which get their JVM from the default server and he can change the setting without affecting our deployment.

When the property ows.jvm.manager.vendor.allowFromJnlp is set to true, the vendor value set in the property does not seem to supersede the default vendor (ows.jvm.manager.vendor).

Is that expected behavior?

If it is, I see a small problem here. When I want to make sure, that our application can always run, I do have to set the property ows.jvm.manager.vendor to '*' (as we only provide JVMs from one vendor) and lock the property. Thus a client could not set anything different anymore. If the value from the jnlp file would supersede the default value, this would not be necessary.

Here is a log-excerpt, where it finds the vendor ('*') specified in the j2se tag in the jnlpx file, but still looks for the specific JMV vendor set as default (which then fails, because the vendor is wrong):

Error-Dialog message: Es konnte keine passende JVM zum Ausführen der Anwendung gefunden werden.
Trying to find local Java runtime. Requested version: '11+' Requested vendor: 'Azul Systems, Inc.' requested os: 'WIN64' active: 'false'
No remote runtime found, will check deactivated local runtimes.
Received 3 possible runtime definitions from server
Using NO_PROXY
Using NO_PROXY
Endpoint to request for Java runtimes: http://127.0.0.1/jvms.json
Trying to find remote Java runtime. Requested version: '11+' Requested vendor: 'Azul Systems, Inc.' requested os: 'WIN64'
No local runtime found, will try to find remote runtime
Trying to find local Java runtime. Requested version: '11+' Requested vendor: 'Azul Systems, Inc.' requested os: 'WIN64' active: 'true'
Trying to find Java runtime. Requested version: '11+', vendor: 'Azul Systems, Inc.', os: 'WIN64', server-url: 'http://127.0.0.1/jvms.json'
searching for JRE with version string '11+' and vendor '*'
...

Stephan Classen
Posts: 181
Joined: 27 Mar 2020, 09:55

Re: vendor property in j2se tag does not supersede default value

Post by Stephan Classen »

I am not sure if I have understood everything.

Here is a short description of what the code is doing:
- get a vendor from the JNLP if allowFromJnlp is set to true and the vendor in the JNLP is different from '*' (any vendor)
- if this did not lead to a vendor it will take the vendor specified in ows.jvm.manager.vendor
- if this did not lead to a vendor it will take the fallback value of '*'

Out of security considerations we decided not to allow '*' in the JNLP file.

ptai
Posts: 10
Joined: 13 Aug 2020, 14:50

Re: vendor property in j2se tag does not supersede default value

Post by ptai »

Out of security considerations we decided not to allow '*' in the JNLP file.
This explains the behavior. I set '*' in the jnlp which then got superseded by the vendor set as default. If I set a specific vendor in the jnlp, it works as I expected.

Maybe you should add this information to the documentation, that '*' is not allowed in the jnlp, I did not see that anywhere.

Just out of interest: How does that enhance security though? What scenario is prevented by doing this?

I was also missing a full specification of the jnlp json, as it differsn from the Oracle jnlp spec. For example, I was confused about the "vendor" property at first, until I found the thread here explaining that the property is actually on the j2se/java tag (which I assumed, but could not find a confirmation).


Something unrelated to the question:
When searching the web for hints about my problem, I found the following page:
https://openwebstart.com/configuration/

But I noticed that I cannot reach that page through the homepage, it does not seem to be linked anywhere. Also, it does not seem to be up to date, as the property "ows.jvm.manager.server.allowFromJnlp.whitelist" is missing. Maybe that is an old page which should be removed now?

Andreas Ehret
Posts: 56
Joined: 25 Mar 2020, 12:21

Re: [SOLVED] vendor property in j2se tag does not supersede default value

Post by Andreas Ehret »

yes, this page is outdated. For the up-to-date information on configuration properties have a look at the OWS user guide:
https://github.com/karakun/OpenWebStart ... Guide.adoc

Post Reply