-
Type:
Bug
-
Resolution: Cannot Reproduce
-
Priority:
P2
-
Affects Version/s: 8
-
Component/s: deploy
-
Environment:
jre8 b113,win7 x86,IE9,FF24
After grant the permission like this:
grant {
permission com.sun.deploy.security.SecureCookiePermission "origin.*";
};
Unsigned applet loaded over http and making http connection with server should be able to read the secure cookies. Now it cannot.
Steps to reproduce:
1) Make sure to delete existing .java.policy file from User home
2) Close all sessions of browser under test before running tests
3) Make sure that cookies are not blocked by browser.
4) Create .java.policy file inside the user_home with com.sun.deploy.security.SecureCookiePermission as follows :
grant {
permission com.sun.deploy.security.SecureCookiePermission "origin.*";
};
5) Close browser session and clear deployment cache by running "javaws -uninstall"
6) Make sure that proxy connection is set to "none"
7) Try to load following applet to set secure cookies https://10.182.69.181:8443/cookies/html/testHTTPGetSetCookieSecure.html
8)Accept Security Warning from Browser e.g. on IE click "Continue to this website (not recommended)" while on Firefox click on "I Understand the Risks" followd by "Add Exception" and then "Confirm Security Exception"
9) There should be Security Warning pop-up from Java since we are trying to make secure https connection. Accept the warning
10) Accept the security warning dialog, the applet should get launched and set the security cookies.
11)In the same browser session now try loading applet
12) In the same browser session now try loading applet to read all the secure-non-secure cookies https://10.182.69.181:8443/cookies/html/ReadSecureCookies.html
13) If no cookies is read, bug is reproducible.
Note:
The no-secure cookies can be read normally.
Steps:
1) set no-secure cookies firstly by launching
https://10.182.69.181:8443/cookies/html/testHTTPGetSetCookie.html
2) Read the cookies by launching
https://10.182.69.181:8443/cookies/html/ReadSecureCookies.html
Source code:
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/HTTPGetSetCookie.java
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/ReadSecureCookies.java
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/servlets/set_CookieCommonServlet.java
grant {
permission com.sun.deploy.security.SecureCookiePermission "origin.*";
};
Unsigned applet loaded over http and making http connection with server should be able to read the secure cookies. Now it cannot.
Steps to reproduce:
1) Make sure to delete existing .java.policy file from User home
2) Close all sessions of browser under test before running tests
3) Make sure that cookies are not blocked by browser.
4) Create .java.policy file inside the user_home with com.sun.deploy.security.SecureCookiePermission as follows :
grant {
permission com.sun.deploy.security.SecureCookiePermission "origin.*";
};
5) Close browser session and clear deployment cache by running "javaws -uninstall"
6) Make sure that proxy connection is set to "none"
7) Try to load following applet to set secure cookies https://10.182.69.181:8443/cookies/html/testHTTPGetSetCookieSecure.html
8)Accept Security Warning from Browser e.g. on IE click "Continue to this website (not recommended)" while on Firefox click on "I Understand the Risks" followd by "Add Exception" and then "Confirm Security Exception"
9) There should be Security Warning pop-up from Java since we are trying to make secure https connection. Accept the warning
10) Accept the security warning dialog, the applet should get launched and set the security cookies.
11)In the same browser session now try loading applet
12) In the same browser session now try loading applet to read all the secure-non-secure cookies https://10.182.69.181:8443/cookies/html/ReadSecureCookies.html
13) If no cookies is read, bug is reproducible.
Note:
The no-secure cookies can be read normally.
Steps:
1) set no-secure cookies firstly by launching
https://10.182.69.181:8443/cookies/html/testHTTPGetSetCookie.html
2) Read the cookies by launching
https://10.182.69.181:8443/cookies/html/ReadSecureCookies.html
Source code:
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/HTTPGetSetCookie.java
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/ReadSecureCookies.java
http://sqeweb.us.oracle.com/deployment2/sheldon/webCases/cookies/src/servlets/set_CookieCommonServlet.java