-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8
-
x86
-
windows_8
FULL PRODUCT VERSION :
1.8.0
ADDITIONAL OS VERSION INFORMATION :
Ubuntu 13.10, Windows 8
A DESCRIPTION OF THE PROBLEM :
An applet connects back to codebasehost on port 7777. It is denied access with a java.net.SocketPermission. Adding
permission java.net.SocketPermission "10.0.101.9:7777", "connect,resolve";
...to policy file resolves the problem, but this should not be necessary. Setting up a sniffer indicates that Java behind the curtains actually does connect to the port but thinks it is a web server and asks for crossdomain.xml which is not hosted on that port.
REGRESSION. Last worked in version 7u51
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile, jar and sign the following:
import javax.swing.JApplet;
import java.net.Socket;
public class Test extends JApplet {
private int getParameter(String name, int def) {
try {
def = Integer.parseInt(getParameter(name));
} catch (Exception e) {
}
return def;
}
public void init() {
String host = getCodeBase().getHost();
try {
Socket s = new Socket(host, getParameter("PORT", 7777));
s.getOutputStream().write("Hello from client".getBytes("ascii"));
byte b[] = new byte[1024];
int bytesRead = s.getInputStream().read(b);
System.out.write(b, 0, bytesRead);
System.out.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
...with this manifest file:
Permissions: sandbox
Caller-Allowable-Codebase: *
Codebase: *
Application-Name: Test
Put on webserver with this index.html:
<html>
<body>
<applet archive="test.jar" code="Test" width="0" height="0">
<param name="PORT" value="7777"/>
</applet>
</body>
</html>
Run a server on web server host like this:
$ echo "Hello from server" | nc -l 7777
Run appletviewer from machine with Java 1.8.0:
$ appletviewer http://webserver/index.html
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
On the server you should receive the string "Hello from client" on the console, and in the client you should get "Hello from server" in java console.
ACTUAL -
Server receives web request, client gets SocketPermission exception.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.swing.JApplet;
import java.net.Socket;
public class Test extends JApplet {
private int getParameter(String name, int def) {
try {
def = Integer.parseInt(getParameter(name));
} catch (Exception e) {
}
return def;
}
public void init() {
String host = getCodeBase().getHost();
try {
Socket s = new Socket(host, getParameter("PORT", 7777));
s.getOutputStream().write("Hello from client".getBytes("ascii"));
byte b[] = new byte[1024];
int bytesRead = s.getInputStream().read(b);
System.out.write(b, 0, bytesRead);
System.out.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Ask for permissions in client policy file:
permission java.net.SocketPermission "10.0.101.9:7777", "connect,resolve";
1.8.0
ADDITIONAL OS VERSION INFORMATION :
Ubuntu 13.10, Windows 8
A DESCRIPTION OF THE PROBLEM :
An applet connects back to codebasehost on port 7777. It is denied access with a java.net.SocketPermission. Adding
permission java.net.SocketPermission "10.0.101.9:7777", "connect,resolve";
...to policy file resolves the problem, but this should not be necessary. Setting up a sniffer indicates that Java behind the curtains actually does connect to the port but thinks it is a web server and asks for crossdomain.xml which is not hosted on that port.
REGRESSION. Last worked in version 7u51
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile, jar and sign the following:
import javax.swing.JApplet;
import java.net.Socket;
public class Test extends JApplet {
private int getParameter(String name, int def) {
try {
def = Integer.parseInt(getParameter(name));
} catch (Exception e) {
}
return def;
}
public void init() {
String host = getCodeBase().getHost();
try {
Socket s = new Socket(host, getParameter("PORT", 7777));
s.getOutputStream().write("Hello from client".getBytes("ascii"));
byte b[] = new byte[1024];
int bytesRead = s.getInputStream().read(b);
System.out.write(b, 0, bytesRead);
System.out.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
...with this manifest file:
Permissions: sandbox
Caller-Allowable-Codebase: *
Codebase: *
Application-Name: Test
Put on webserver with this index.html:
<html>
<body>
<applet archive="test.jar" code="Test" width="0" height="0">
<param name="PORT" value="7777"/>
</applet>
</body>
</html>
Run a server on web server host like this:
$ echo "Hello from server" | nc -l 7777
Run appletviewer from machine with Java 1.8.0:
$ appletviewer http://webserver/index.html
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
On the server you should receive the string "Hello from client" on the console, and in the client you should get "Hello from server" in java console.
ACTUAL -
Server receives web request, client gets SocketPermission exception.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.swing.JApplet;
import java.net.Socket;
public class Test extends JApplet {
private int getParameter(String name, int def) {
try {
def = Integer.parseInt(getParameter(name));
} catch (Exception e) {
}
return def;
}
public void init() {
String host = getCodeBase().getHost();
try {
Socket s = new Socket(host, getParameter("PORT", 7777));
s.getOutputStream().write("Hello from client".getBytes("ascii"));
byte b[] = new byte[1024];
int bytesRead = s.getInputStream().read(b);
System.out.write(b, 0, bytesRead);
System.out.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Ask for permissions in client policy file:
permission java.net.SocketPermission "10.0.101.9:7777", "connect,resolve";