Details
-
Bug
-
Resolution: Fixed
-
P1
-
6u29, 7
-
b10
-
x86
-
windows_xp
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2218892 | 8 | Thomas Ng | P2 | Closed | Fixed | b18 |
| JDK-2216210 | 6u30 | Thomas Ng | P2 | Closed | Fixed | b10 |
Description
J2SE Version (please include all output from java -version flag):
6u29
Does this problem occur on J2SE 1.5.x or 6ux? Yes / No (pick one)
No, works fine on 6u29 build03
and all previous releases
Bug Description:
Our application consists of an applet and servlets that
communicate with each other.
The browser loads the applet, and the applet contacts our servelts directly.
These communications are now broken in the latest JRE release (1.6.0_29).
Attached logs for the latest JRE and the prerelease u28
(before version name change) as well.
The only difference between the successful case and the failed case is the
JRE being used, all other environmental factors are unchanged. That said,
my test environment does not have a proxy or firewall enabled.
Our servlets require the session ID that was set in a previous communication,
but it seems the JRE is restricting the cookies that are sent with applet
initiated HTTPS connections to our servlets. Not sure why the restriction
is happening, the applet is contacting the same site that it came from,
so it should be trusted.
This is affecting all our customers that upgrade to JRE 1.6.0_29.
They are unable to authenticate themselves in their organizations.
We are seeing the following errors, something about a
SecureCokiePermission permission:
java.security.AccessControlException: access denied (com.sun.deploy.security.SecureCookiePermission origin.https://<someurl>)
another instance of this bug is related to use of MS remote proxy scripting:
https://forums.oracle.com/forums/thread.jspa?forumID=953&threadID=2300815
6u29
Does this problem occur on J2SE 1.5.x or 6ux? Yes / No (pick one)
No, works fine on 6u29 build03
and all previous releases
Bug Description:
Our application consists of an applet and servlets that
communicate with each other.
The browser loads the applet, and the applet contacts our servelts directly.
These communications are now broken in the latest JRE release (1.6.0_29).
Attached logs for the latest JRE and the prerelease u28
(before version name change) as well.
The only difference between the successful case and the failed case is the
JRE being used, all other environmental factors are unchanged. That said,
my test environment does not have a proxy or firewall enabled.
Our servlets require the session ID that was set in a previous communication,
but it seems the JRE is restricting the cookies that are sent with applet
initiated HTTPS connections to our servlets. Not sure why the restriction
is happening, the applet is contacting the same site that it came from,
so it should be trusted.
This is affecting all our customers that upgrade to JRE 1.6.0_29.
They are unable to authenticate themselves in their organizations.
We are seeing the following errors, something about a
SecureCokiePermission permission:
java.security.AccessControlException: access denied (com.sun.deploy.security.SecureCookiePermission origin.https://<someurl>)
another instance of this bug is related to use of MS remote proxy scripting:
https://forums.oracle.com/forums/thread.jspa?forumID=953&threadID=2300815
Attachments
Issue Links
- backported by
-
JDK-2216210 REGRESSION: secure cookies is always dropped if network connection is triggered via liveconnect
-
- Closed
-
-
-
- Closed
-
- duplicates
-
-
- Closed
-