Servoy Forum

[martinh]

Hi,

After installing JAVA update 19 on the client (server still works on update 17), during smart client startup, the following screen occurs and it hangs:

java update 19.JPG (34.16 KiB) Viewed 20074 times

Yes/No buttons do not work.

I cleaned both JAVA cache and .servoy directory.

Anyone knows how to solve this?

Martin

[mboegem]

Hi Martin,

we have problems with v19 as well.
Have to find out what the problem is, seems to be 1 or more plugins.

Meanwhile I've sent a warning out to all our clients NOT to update...

[martinh]

Hi Marc,

I'm glad that you confirmed that you have problems as well.
I also send a message to all my customers not to update.

Now we can only wait until there is a solution (from JAVA or from Servoy)

Martin

[IT2Be]

This is what I noticed:

It looks like this is a security (possibly signing) issue when loading components.

1. At first I saw an error reported on one of our Beans.
2. When I removed all our beans the error was reported on the 'swingbeans.jar'.
3. After removing 'swingbeans.jar' (not a Servoy library as far as I know) the security warning popped up as reported by Martin and I could also not remove the dialog anymore.
4. After removing all our plugins from the plugins folder the error dialog popped up again.

It looks like Java is going to be very strict (and beyond) about signing beans if I am correct.
Strange event though is that when loading a non-secure Bean (in Java eyes) is loaded JWS reports nicely.
When a plugin is loaded JWS freezes.

The above makes it hard to analyze what really goes on.
Is it the absence of a signature (could be the case for some beans/plugins) or the fact that the signature differs from that of Servoy (some of the plugins are signed with our own signature) or is this something else.

Edit: ook de demo site van Servoy geeft een foutmelding (zie punt 2) als een smart client opgestart wordt..

[IT2Be]

Found the below here: http://java.sun.com/javase/6/webnotes/6u19.html

Ensuring Application and Applet Security when Mixing Signed and Unsigned Code
Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of this release, when mixed code is detected in a program, a warning dialog is raised. Mixing Signed and Unsigned Code explains this warning dialog and options that the user, system administrator, developer, and deployer have to manage it.

So, basically this is ok but...

- for beans there is no dialog!
- for plugins the dialog freezes!

Nice stuff...

[Harjo]

We have the same issues!!
All customers that have updated there java to this version, could not log in anymore into our Servoy solution.
First we thought it had something todo with the calendarbean of IT2BE, but even the standard demo solution of Servoy itself at: demo.servoy.com does not work!!

I hope Servoy could take a look at this. (also for Servoy 3.5?)

[pbakker]

This is being looked into as I write. will post updates here when more information is available.

Paul

[jcompagner]

The problem seems 2 fold:
-First a problem downloading the swingbeans.jar from the server (some get a download error now even before the security dialog)
Workarround: Removed swingbeans.jar from the server.

-Second the dialog that SUN that shows to enduser has a problem in with modality
Workarround: Go to the enduser JavaControl panel and in the advanced tab under security > mixed code > disable the verification.
See also: http://java.sun.com/javase/6/docs/techn ... usted_only

[Harjo]

JOhan,

we have it also, on the beans of IT2BE (calendar in this case)
we can't remove those, because than our solution is not working anymore....

[Jan Blok]

Remove of swingbeans.jar is possible on the server since this is just a list of available java swing beans, only used by servoy developer.

[pbakker]

In addition to what Johan already said in the previous post:

Sun/Oracle has pushed a change into update 19 of Java 6 that, in our opinion should have been reserved for a major update (Java 7).

The change in update 19 doesn't take into account scenario's Java WebStart scenario's like Servoy's (and many, many other software vendors that use Java WebStart) that use libraries, both signed and unsigned and that can be extended with additional libraries of 3rd parties (beans, plugins etc).

This change has broken many Java WebStart implementations, including ours.

The workarounds for now are:
- Removal of the /application_server/beans/swingbeans.jar
- Make sure your customers do not upgrade to Java 6 update 19
- If your customer(s) have already upgraded to Java 6 update 19, the best option would be to downgrade or activate a previous version on Java on their client machines.
- If they have upgraded and cannot downgrade, they can disable "verification" under Advanced tab > security > "mixed mode" in the Java Control Panel on the client machine(s) , see:
http://java.sun.com/javase/6/docs/technotes/guides/jweb/mixed_code.html#jcp.

Our effort will continue to provide you with a structural solution asap.

Paul

[mboegem]

- If they have upgraded and cannot downgrade, they can disable "verification" under Advanced tab > security > "mixed mode" in the Java Control Panel on the client machine(s) , see:
http://java.sun.com/javase/6/docs/techn ... e.html#jcp.

This might work for 'beanless' solutions. ('beanless' in terms of no 3rd party beans)
But after removing the 'swingbeans.jar' it's still impossible to startup as we use the 'calendar bean' + more.

Our effort will continue to provide you with a structural solution asap.

I trust Servoy in finding a great solution!(as always)

For 'new-to-java' customers: they can not downgrade, but the can download a previous stable version (17) from: https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u17-oth-JPR@CDS-CDS_Developer

[Stef]

We only have IT2be's Outlook plugin running... is that a problem?

THX
Stef

[IT2Be]

We only have IT2be's Outlook plugin running... is that a problem?

Hold it here...
Before we get the blame for this, it is this version of Java that does not work as advertised!

As far as I have seen there are more libraries that can cause issues since they are either unsigned or signed with a different signature.

[Stef]

Marcel, I don't blame you at all!

Just tested, Outlook plugin is still working!

THX!