P2
had just one applet in one version of software raise the following exception:
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "UsageTracker-AppName" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.deploy.util.DeploymentHooks.getAndClearAppName(Unknown Source)
at com.sun.deploy.util.DeploymentHooks.trackUsage(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
Couldn't send the test program -- it's a very large applet with numerous jars that won't work without their much larger server installation.
All signed applets' manifests contain:
Permissions: all-permissions
Some of the jars are unsigned -- and the "Exception Site List" is being used to run the applet.
Don't know what's different here but 2 versions of their software that do not exhibit this issue with the applet in question -- only their latest version shows this issue.
In any case it would seem clear enough that
com.sun.deploy.util.DeploymentHooks.getAndClearAppName
shouldn't raise an AccessControlException when attempting to read the
UsageTracker-AppName
property. This attempted access is by the deployment code, not by the applet code and thus simply should never produce such an issue.
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "UsageTracker-AppName" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.deploy.util.DeploymentHooks.getAndClearAppName(Unknown Source)
at com.sun.deploy.util.DeploymentHooks.trackUsage(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
Couldn't send the test program -- it's a very large applet with numerous jars that won't work without their much larger server installation.
All signed applets' manifests contain:
Permissions: all-permissions
Some of the jars are unsigned -- and the "Exception Site List" is being used to run the applet.
Don't know what's different here but 2 versions of their software that do not exhibit this issue with the applet in question -- only their latest version shows this issue.
In any case it would seem clear enough that
com.sun.deploy.util.DeploymentHooks.getAndClearAppName
shouldn't raise an AccessControlException when attempting to read the
UsageTracker-AppName
property. This attempted access is by the deployment code, not by the applet code and thus simply should never produce such an issue.