Details
P3 Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.0.6000]
i.e. Vista
A DESCRIPTION OF THE PROBLEM :
The current Mustang release note (http://java.sun.com/javase/6/webnotes/index.html) claims that:
"On a Windows OS other than Windows Vista, when running a signed applet, a user is prompted with a security warning dialog box and must respond. If "Yes" is clicked, the applet will have AllPermissions to run on the user's machine. This includes permission to write/delete a file from the local disk.
On a Windows Vista OS, this is no longer true. Instead, AllPermissions is limited to Java Applet scope, not Windows scope. Because a process running in IE has a low integrity level, it will not be able to write/delete a file from a medium/high integrity level directory. "
This is true, but there is a well documented design to allow IE add-ins access the file system from the user's normal (Medium) Integrity level, rather the IE's Low Integrity level: implement an Internet Explorer Broker Process. E.g. Adobe Flash do this (http://blogs.msdn.com/ie/archive/2006/11/17/flash-player-9-update.aspx). Sun need to implement such a process for the IE Java plugin. Without it, Sun's implementation of file access (particularly via the AWT FileDialog) is unusable for ordinary users.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a signed Java applet that accesses the file system outside IE's virtualized file system (e.g. access a file in c:\users\<user name>). Either load, or save a file to this directory. The broker process should be used to access the file, so that the file access works - the current Java plugin lacks this, so the file access is constrained to the IE Low Integrity, which does not have write access to this directory.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Signed Java applets should be able to access all files that a Medium Integrity process can access, rather than just files that IE's Low Integrity process can. Note that this also applies to the AWT FileDialog and Swing file chooser dialogs.
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.0.6000]
i.e. Vista
A DESCRIPTION OF THE PROBLEM :
The current Mustang release note (http://java.sun.com/javase/6/webnotes/index.html) claims that:
"On a Windows OS other than Windows Vista, when running a signed applet, a user is prompted with a security warning dialog box and must respond. If "Yes" is clicked, the applet will have AllPermissions to run on the user's machine. This includes permission to write/delete a file from the local disk.
On a Windows Vista OS, this is no longer true. Instead, AllPermissions is limited to Java Applet scope, not Windows scope. Because a process running in IE has a low integrity level, it will not be able to write/delete a file from a medium/high integrity level directory. "
This is true, but there is a well documented design to allow IE add-ins access the file system from the user's normal (Medium) Integrity level, rather the IE's Low Integrity level: implement an Internet Explorer Broker Process. E.g. Adobe Flash do this (http://blogs.msdn.com/ie/archive/2006/11/17/flash-player-9-update.aspx). Sun need to implement such a process for the IE Java plugin. Without it, Sun's implementation of file access (particularly via the AWT FileDialog) is unusable for ordinary users.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a signed Java applet that accesses the file system outside IE's virtualized file system (e.g. access a file in c:\users\<user name>). Either load, or save a file to this directory. The broker process should be used to access the file, so that the file access works - the current Java plugin lacks this, so the file access is constrained to the IE Low Integrity, which does not have write access to this directory.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Signed Java applets should be able to access all files that a Medium Integrity process can access, rather than just files that IE's Low Integrity process can. Note that this also applies to the AWT FileDialog and Swing file chooser dialogs.
REPRODUCIBILITY :
This bug can be reproduced always.
Attachments
Issue Links
- duplicates
-
JDK-6559445 Java applets do not work with IE7 "Protect mode ON" on windows Vista.
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-