-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
7u55
-
x86
-
os_x
FULL PRODUCT VERSION :
JRE: 1.7.0_55-b13
Plugin: 10.55.2.13
ADDITIONAL OS VERSION INFORMATION :
Mac OS X 10.8.5
EXTRA RELEVANT SYSTEM CONFIGURATION :
Safari 6.0.5 (8536.30.1)
Firefox 28.0
A DESCRIPTION OF THE PROBLEM :
A signed Java applet that makes an applet to JavaScript or a JavaScript to applet call will get a security prompt with UNKNOWN for publisher and application. When the applet was initially loaded, the security prompt at load time listed both the publisher and the application correctly.
The following is the manifest for signing:
Caller-Allowable-Codebase: * https://*.<hostname>.com
Application-Library-Allowable-Codebase: *
Codebase: *
Application-Name: <application name>
Permissions: all-permissions
REGRESSION. Last worked in version 7u51
ADDITIONAL REGRESSION INFORMATION:
I do not have the precise version. The Mac laptop was upgraded to 7u55.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create an HTML page.
Create an applet tag with a named Java applet.
Inside that applet, have publicly accessible method that can be called externally.
Create an IFrame in the HTML page containing the applet.
Create an HTML page that has a JavaScript function that calls into a JavaApplet.
Declare a method for onLoad to call that JavaScript function.
The JavaApplet sets the IFrame's URL to the the second HTML page.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Since a Java method is being accessed from a signed Java applet, I expect that the security dialog that will be displayed would have the name of the applet and its publisher.
I expect it to behave the same as a Lion desktop running Safari 6.0.5 and a Lion desktop running Safari 6.1.3 both with 7u55...each showed the application name and the publisher.
I expect a prompt because of the 7u55 changes to the behavior of Caller-Allowable-Codebase.
ACTUAL -
The application and publisher are UNKNOWN in the security prompt.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
(unlocked icon) Allow access to the following application from
Web Site: <URL>
Application: UNKNOWN
Publisher: UNKNOWN
This web site is requesting access and control of the Java application shown above. Allow (cut off)
[ ] Do not show this again for this app and web site.
(gold shield) More information Allow Do Not Allow
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Click the "Do not show..." checkbox.
SUPPORT :
YES
JRE: 1.7.0_55-b13
Plugin: 10.55.2.13
ADDITIONAL OS VERSION INFORMATION :
Mac OS X 10.8.5
EXTRA RELEVANT SYSTEM CONFIGURATION :
Safari 6.0.5 (8536.30.1)
Firefox 28.0
A DESCRIPTION OF THE PROBLEM :
A signed Java applet that makes an applet to JavaScript or a JavaScript to applet call will get a security prompt with UNKNOWN for publisher and application. When the applet was initially loaded, the security prompt at load time listed both the publisher and the application correctly.
The following is the manifest for signing:
Caller-Allowable-Codebase: * https://*.<hostname>.com
Application-Library-Allowable-Codebase: *
Codebase: *
Application-Name: <application name>
Permissions: all-permissions
REGRESSION. Last worked in version 7u51
ADDITIONAL REGRESSION INFORMATION:
I do not have the precise version. The Mac laptop was upgraded to 7u55.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create an HTML page.
Create an applet tag with a named Java applet.
Inside that applet, have publicly accessible method that can be called externally.
Create an IFrame in the HTML page containing the applet.
Create an HTML page that has a JavaScript function that calls into a JavaApplet.
Declare a method for onLoad to call that JavaScript function.
The JavaApplet sets the IFrame's URL to the the second HTML page.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Since a Java method is being accessed from a signed Java applet, I expect that the security dialog that will be displayed would have the name of the applet and its publisher.
I expect it to behave the same as a Lion desktop running Safari 6.0.5 and a Lion desktop running Safari 6.1.3 both with 7u55...each showed the application name and the publisher.
I expect a prompt because of the 7u55 changes to the behavior of Caller-Allowable-Codebase.
ACTUAL -
The application and publisher are UNKNOWN in the security prompt.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
(unlocked icon) Allow access to the following application from
Web Site: <URL>
Application: UNKNOWN
Publisher: UNKNOWN
This web site is requesting access and control of the Java application shown above. Allow (cut off)
[ ] Do not show this again for this app and web site.
(gold shield) More information Allow Do Not Allow
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Click the "Do not show..." checkbox.
SUPPORT :
YES