cannot launch jnlp on windows due to exception while creating native storage directory
AlBundy33 opened this issue · 6 comments
OWS/IcedTea-Web creates a temp-folder netx-native-xxxx.temp and tries to rename it which does not work if the folder has "insufficient" permissions.
The default %TEMP% (%LOCALAPPDATA%\Temp) has (at least on my system) this ACLs
cacls %TEMP%
C:\Users\AlBundy\AppData\Local\Temp NT-AUTORITÄT\SYSTEM:(OI)(CI)F
VORDEFINIERT\Administratoren:(OI)(CI)F
ALBUNDY-W10-VM\albundy:(OI)(CI)F
If you create another temp-directory like C:\temp\ows the ACLs are slightly different
cacls c:\temp\ows
c:\temp\ows VORDEFINIERT\Administratoren:(OI)(CI)(ID)F
NT-AUTORITÄT\SYSTEM:(OI)(CI)(ID)F
VORDEFINIERT\Benutzer:(OI)(CI)(ID)R
NT-AUTORITÄT\Authentifizierte Benutzer:(ID)C
NT-AUTORITÄT\Authentifizierte Benutzer:(OI)(CI)(IO)(ID)C
As you can see in the default temp-folder the current user has an ACL that grant full access.
In the created folder c:\temp\ows there are only group rights set.
In BOTH directory I can create folder an files in windows explorer.
But launching a jnlp works only in the default temp-folder - not in c:\temp\ows
to reproduce this, create the folder c:\temp\ows
open a command prompt and run
SET TEMP=C:\temp\ows
SET TMP=C:\temp\ows
"c:\Program Files\OpenWebStart\javaws.exe" "%USERPROFILE%\Downloads\jnlp.jnlp"
This results in an exception during startup
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:593)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:374)
at net.sourceforge.jnlp.Launcher.access$300(Launcher.java:72)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:661)
Caused by: java.lang.RuntimeException: Exception while creating native storage directory 'C:\temp\ows\netx-native-50323'
at net.sourceforge.jnlp.cache.NativeLibraryStorage.createNativeStoreDirectory(NativeLibraryStorage.java:179)
at net.sourceforge.jnlp.cache.NativeLibraryStorage.getNativeStoreDirectory(NativeLibraryStorage.java:157)
at net.sourceforge.jnlp.cache.NativeLibraryStorage.addSearchJar(NativeLibraryStorage.java:135)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.doActivateJars(JNLPClassLoader.java:1294)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.lambda$activateJars$3(JNLPClassLoader.java:1179)
at java.security.AccessController.doPrivileged(Native Method)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.activateJars(JNLPClassLoader.java:1180)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:830)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:352)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:425)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:497)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:470)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:585)
... 3 more
Caused by: java.io.IOException: Cannot rename C:\temp\ows\netx-native-50323.temp to C:\temp\ows\netx-native-50323
at net.sourceforge.jnlp.util.RestrictedFileUtils.createRestrictedFile(RestrictedFileUtils.java:172)
at net.sourceforge.jnlp.util.RestrictedFileUtils.createRestrictedDirectory(RestrictedFileUtils.java:62)
at net.sourceforge.jnlp.cache.NativeLibraryStorage.createNativeStoreDirectory(NativeLibraryStorage.java:176)
... 15 more
workaround: give current user full access to c:\temp\ows
Hi,
I don't know If your issues is the same as mine.
For my application IcedTea created too restricted files/directories.
Add the following property helped:
deployment.security.itw.disablerestrictedfiles=true
Thanks - this seems to be another workaround 👍
But I wonder why the application-files are created this way. 🤔
With this restrictions OWS or ITW don't work with a manually created temp-folder.
-> And I didn't found any informations about this setting. 🤔
I stumbled across the same problem. Saw the same kind of restricted permissions and
compared it to a file created by another application like the windows file explorer.
I found this setting in the code during debugging.
Maybe it's good to add this to a documentation to offer this option to the user.
I haven't checked the code how ows/itw creates the file but it would be nice if even manually created temp-folder would work out of the box.
If I manually create a file in this folder I can rename it without issues.
If the current implementation is because of security reasons a better error-message would be helpful because ot took some time to find the cause.
Problem/bug still present in v 1.10.1.
The workaround with 'deployment.security.itw.disablerestrictedfiles=true' works, but it is bad it can't be changed via OpenWebStartSettings GUI.
EDIT:
In my case, I am not using manually created Temp directory.
We use standard %temp% directory. The internal netx security thing has no permissions to the directory it created itself:
net.adoptopenjdk.icedteaweb.lockingfile.StorageIoException:
Caused by: java.io.IOException: Cannot rename C:\Users<user>\AppData\Local\Temp\netx-native-59378.temp to C:\Users<user>\AppData\Local\Temp\netx-native-59378
at net.sourceforge.jnlp.util.RestrictedFileUtils.createRestrictedFile(RestrictedFileUtils.java:172)
at net.sourceforge.jnlp.util.RestrictedFileUtils.createRestrictedDirectory(RestrictedFileUtils.java:62)
at net.sourceforge.jnlp.cache.NativeLibraryStorage.createNativeStoreDirectory(NativeLibraryStorage.java:176)
... 15 more
I've created another issue in AdoptOpenJDK/IcedTea-Web#955 - hopefully it get's more attention there.