Details
-
Bug
-
Resolution: Fixed
-
P3
-
8u20
-
win7/x64 and x86/jre8u20-b16
-
b22
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8048500 | 9 | Victor Drozdov | P3 | Resolved | Fixed | b24 |
JDK-8056588 | emb-9 | Unassigned | P3 | Resolved | Fixed | b24 |
JDK-8063193 | 8u45 | Victor Drozdov | P3 | Resolved | Fixed | b01 |
JDK-8048501 | 8u40 | Victor Drozdov | P3 | Resolved | Fixed | b01 |
JDK-8050178 | 8u31 | Victor Drozdov | P3 | Resolved | Fixed | b01 |
JDK-8050035 | 8u25 | Victor Drozdov | P3 | Resolved | Fixed | b07 |
JDK-8070595 | emb-8u47 | Victor Drozdov | P3 | Resolved | Fixed | team |
JDK-8053173 | emb-8u26 | Victor Drozdov | P3 | Resolved | Fixed | b17 |
Description
FX app trys to access a host http://kgb.us.oracle.com in multiple threads. And this domain is allowed since cross domain xml file has <allow-access-from domain="*" secure="true"> element for this app.
But with 8u20-b16, app fail to connect to http://kgb.us.oracle.com duet to: java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")
ENV: win7/x86 and x64/jre8u20-b16
Steps to reproduce:
1) Import self.valid.cert to JCP-Security-"Manage Certificates"-"Singer CA" to have a valid cert: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/lib/self.valid.cert
2) Launch a fx app that setting crossdomain file by specified runtime args java_vm_args=-Djnlp.altCrossDomainXMLFiles=http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml in jnlp:
javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/jnlp/testFXCrossDomainMultiThreads.jnlp
3) The contents in crossdomain file http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml:
<cross-domain-policy>
<allow-access-from domain="*" secure="true"/>
<allow-http-request-headers-from domain="*" headers="Authorization,X-HTTP-Method-Override" secure="true"/>
</cross-domain-policy>
4) In this app, it trys to access "http://kgb.us.oracle.com" in multiple threads
5) A warning dialog will show up. Accept it
6) If "Test FAILed" shows up(this meas connecting to "http://kgb.us.oracle.com" fails), then this bug is reproduce. The following exception will show up In log:
network: Connecting http://kgb.us.oracle.com/ with proxy=DIRECT
Connection fail to: http://kgb.us.oracle.com/ due to java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")
java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.makeConnection(TestFXCrossDomainMultiThreads.java:90)
at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.run(TestFXCrossDomainMultiThreads.java:82)
Expected results: "Test PASSed" should show up. This means connecting to "http://kgb.us.oracle.com" succeeds
SRC:
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/src/TestFXCrossDomainMultiThreads.java
Note: above app will succeed with jre8u5-b13
Attachments
Issue Links
- backported by
-
JDK-8048500 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8048501 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8050035 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8050178 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8053173 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8056588 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8063193 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved
-
JDK-8070595 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file
- Resolved