Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046006

8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file

    XMLWordPrintable

Details

    • b22

    Backports

      Description

        Test scenario:
        FX app trys to access a host http://kgb.us.oracle.com in multiple threads. And this domain is allowed since cross domain xml file has <allow-access-from domain="*" secure="true"> element for this app.
        But with 8u20-b16, app fail to connect to http://kgb.us.oracle.com duet to: java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")

        ENV: win7/x86 and x64/jre8u20-b16
        Steps to reproduce:
             1) Import self.valid.cert to JCP-Security-"Manage Certificates"-"Singer CA" to have a valid cert: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/lib/self.valid.cert
             2) Launch a fx app that setting crossdomain file by specified runtime args java_vm_args=-Djnlp.altCrossDomainXMLFiles=http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml in jnlp:
                javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/jnlp/testFXCrossDomainMultiThreads.jnlp
             3) The contents in crossdomain file http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml:
                <cross-domain-policy>
                    <allow-access-from domain="*" secure="true"/>
                    <allow-http-request-headers-from domain="*" headers="Authorization,X-HTTP-Method-Override" secure="true"/>
                </cross-domain-policy>
             4) In this app, it trys to access "http://kgb.us.oracle.com" in multiple threads
             5) A warning dialog will show up. Accept it
             6) If "Test FAILed" shows up(this meas connecting to "http://kgb.us.oracle.com" fails), then this bug is reproduce. The following exception will show up In log:
        network: Connecting http://kgb.us.oracle.com/ with proxy=DIRECT
        Connection fail to: http://kgb.us.oracle.com/ due to java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")
        java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkConnect(Unknown Source)
        at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
        at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
        at sun.net.www.http.HttpClient.openServer(Unknown Source)
        at sun.net.www.http.HttpClient.&lt;init&gt;(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
        at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.makeConnection(TestFXCrossDomainMultiThreads.java:90)
        at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.run(TestFXCrossDomainMultiThreads.java:82)

        Expected results: "Test PASSed" should show up. This means connecting to "http://kgb.us.oracle.com" succeeds

        SRC:
        http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/src/TestFXCrossDomainMultiThreads.java

        Note: above app will succeed with jre8u5-b13

        Attachments

          Issue Links

            Activity

              People

                vdrozdov Victor Drozdov (Inactive)
                wenjyang Crystal Yang (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: