-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8
-
win7/x86/jre8-b120
This bug is used to track remain issue in https://bugs.openjdk.java.net/browse/JDK-8029431.
According to https://bugs.openjdk.java.net/browse/JDK-8029431, cert signed applet using javascript calls should be blocked. After fix of JDK-8029431, the app does be blocked. But there is an extra security dialog shows up before "Application Blocked" dialog.
Steps to reproduce:
- download http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/self.valid.cert
- import it in tested JRE:
<jre home>/bin/keytool -import -file self.valid.cert -keystore <jre home>/lib/security/cacerts -storepass changeit -alias validSelfSign -noprompt
- make sure security level is set to HIGH
- open http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/html/testJava2JSBlockedHigh.html in browser (applet source is http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/Java2JSBlockedHighApplet.java)
- If there is a security dialog shows up and "Application Blocked" will show up after click "Run" on that dialog, then the bug is reproduced.
Expected behavior: "Application Blocked" will show up directly.
Note: with 7u45 cert signed applet using javascript calls was blocked directly
According to https://bugs.openjdk.java.net/browse/JDK-8029431, cert signed applet using javascript calls should be blocked. After fix of JDK-8029431, the app does be blocked. But there is an extra security dialog shows up before "Application Blocked" dialog.
Steps to reproduce:
- download http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/self.valid.cert
- import it in tested JRE:
<jre home>/bin/keytool -import -file self.valid.cert -keystore <jre home>/lib/security/cacerts -storepass changeit -alias validSelfSign -noprompt
- make sure security level is set to HIGH
- open http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/html/testJava2JSBlockedHigh.html in browser (applet source is http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/liveconnect/Java2JSBlockedHighApplet.java)
- If there is a security dialog shows up and "Application Blocked" will show up after click "Run" on that dialog, then the bug is reproduced.
Expected behavior: "Application Blocked" will show up directly.
Note: with 7u45 cert signed applet using javascript calls was blocked directly
- duplicates
-
-
- Closed
-