Our java application is launchend via java web start (with glassfish 4.0). After updating to java 7u45, it doesn't work anymore. Here is the error message:

java.lang.NullPointerException

at java.io.StringReader.(Unknown Source)

at org.glassfish.appclient.client.JWSAppClientContainerMain.insertMaskingLoader(JWSAppClientContainerMain.java:186)

at org.glassfish.appclient.client.JWSAppClientContainerMain.main(JWSAppClientContainerMain.java:132)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at com.sun.javaws.Launcher.executeApplication(Unknown Source)

at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

at com.sun.javaws.Launcher.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

This happens right after the download finished. After a quick look into the GF source file, it seems that the property loader.config is not defined as the second line throws the NPE:

final String loaderConfig = System.getProperty("loader.config");

StringReader sr = new StringReader(loaderConfig);

EDIT

The above two code lines where the NPE happens is Glassfish code, from the Class JWSAppClientContainerMain in the jar gf-client-module.jar. It worked until java update 45.

解决方案

As of Update 45, JavaWebstart will no longer pass insecure properties to your application. All properties that are not prefixed with jnlp or javaws are considered insecure.

You either need to change loader.config to jnlp.loader.config (both in the JNLP as well as your java code), or you need to sign the JNLP (place an exact copy of your JNLP in

JNLP-INF/APPLICATION.JNLP inside your jar and sign the jar).

According to this OpenJDK Bugreport this is an intentional change to resolve a security

vulnerability