-
Bug
-
Resolution: Cannot Reproduce
-
P2
-
6u20
-
x86
-
windows_xp
FULL PRODUCT VERSION :
1.6.0_20
ADDITIONAL OS VERSION INFORMATION :
5.1.2600
EXTRA RELEVANT SYSTEM CONFIGURATION :
I thought I had submitted this a few weeks ago, but I came back to check status and couldn't find it in the database. I apologize if it's a repeat.
A DESCRIPTION OF THE PROBLEM :
Applets executing against PKI enabled web sites have stopped working. It appears that the plug-in no longer has access to the Windows certificate store. I also loaded my PKI credentials directly into the java keystore and that no longer works either.
PKI support (using the Windows certificate store) was just introduced on 1.6.0. It has worked correctly through 1.6.0_18. It is broken in updates 19 and 20.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure any applet to run against a PKI enabled web site. Attempt to connect to the site via the applet to perform any function
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The plugin should prompt the user to select a PKI certificate and should then proceed when a valid certificate ahs been selected and presented.
ACTUAL -
No certificate selection form is displayed. The applet fails to connect.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Revert to JRE 1.6.0_18. This is no longer a viable option, particularly for Govt users, as there have been security issues reported against the previous updates.
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
1.6.0_20
ADDITIONAL OS VERSION INFORMATION :
5.1.2600
EXTRA RELEVANT SYSTEM CONFIGURATION :
I thought I had submitted this a few weeks ago, but I came back to check status and couldn't find it in the database. I apologize if it's a repeat.
A DESCRIPTION OF THE PROBLEM :
Applets executing against PKI enabled web sites have stopped working. It appears that the plug-in no longer has access to the Windows certificate store. I also loaded my PKI credentials directly into the java keystore and that no longer works either.
PKI support (using the Windows certificate store) was just introduced on 1.6.0. It has worked correctly through 1.6.0_18. It is broken in updates 19 and 20.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure any applet to run against a PKI enabled web site. Attempt to connect to the site via the applet to perform any function
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The plugin should prompt the user to select a PKI certificate and should then proceed when a valid certificate ahs been selected and presented.
ACTUAL -
No certificate selection form is displayed. The applet fails to connect.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Revert to JRE 1.6.0_18. This is no longer a viable option, particularly for Govt users, as there have been security issues reported against the previous updates.
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.