Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8061643

JavaWS fails with proxy autoconfig due to missing "resolve" permission

    XMLWordPrintable

Details

    • b14
    • x86_64
    • windows_7

    Backports

      Description

        FULL PRODUCT VERSION :
        java version "1.8.0_25"
        Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
        Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7601]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        Corporate Environment - No direct connection to the internet - only via http/socks-proxys

        A DESCRIPTION OF THE PROBLEM :
        When in an environment where proxy configuration is determined by an autoconfig-script and jars have to be downloaded via proxys, JavaWS fails because of java.security.AccessControlException: access denied ("java.net.SocketPermission" "docs.oracle.com" "resolve")

        Because of different proxys for different destinations a single proxy configuration isn't applicable.


        REGRESSION. Last worked in version 8u20

        ADDITIONAL REGRESSION INFORMATION:
        java version "1.8.0_25"
        Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
        Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)



        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1. Be in a corporate environment and only have access to the internet and other destinations via (multiple) proxies

        2. Deploy an autoconfig.conf like this:
        (actual content doesn't really matter here)
        ====================
        function FindProxyForURL(url, host)
        {
        if(dnsResolve(host) == '') {
        return "DIRECT"
        }
        if (!isResolvable(host) && dnsDomainIs(host, "some.domain.com"))
        {
        return "PROXY a.proxy.in.your.company:proxyport";
        }
        if (isInNet(host, "255.255.0.0", "255.255.0.0") && false)
        {
        return "DIRECT";
        }
        return "PROXY yourproxy:yourproxyport";
        }
        ====================

        3. Go to http://docs.oracle.com/javase/tutorial/uiswing/layout/gridbag.html
        and launch the demo:
        http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The jnlp should load and spawn a new java process launching the demo.
        ACTUAL -
        The Application could not be started because of com.sun.deploy.net.FailedDownloadException: Ressource konnte nicht geladen werden: http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        java.security.AccessControlException: access denied ("java.net.SocketPermission" "docs.oracle.com" "resolve")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkConnect(Unknown Source)
        at java.net.InetAddress.getAllByName0(Unknown Source)
        at java.net.InetAddress.getAllByName(Unknown Source)
        at java.net.InetAddress.getAllByName(Unknown Source)
        at java.net.InetAddress.getByName(Unknown Source)
        at com.sun.deploy.net.proxy.PACFunctionsImpl.dnsResolve(Unknown Source)
        at com.sun.deploy.net.proxy.PACFunctionsImpl.isResolvable(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler$9.apply(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler$9.apply(Unknown Source)
        at jdk.nashorn.internal.scripts.Script$\^eval\_.:scopeCall-6(<eval>)
        at jdk.nashorn.internal.scripts.Script$\^eval\_.FindProxyForURL(<eval>:155)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:539)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:209)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:378)
        at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:185)
        at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:505)
        at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:227)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler.jsGetProxyInfo(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler.access$100(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler$2.run(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler$2.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler.jsGetProxyInfo(Unknown Source)
        at com.sun.deploy.net.proxy.SunAutoProxyHandler.getProxyInfo(Unknown Source)
        at com.sun.deploy.net.proxy.DynamicProxyManager.getProxyList(Unknown Source)
        at com.sun.deploy.net.proxy.DeployProxySelector.select(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.AccessController.doPrivileged(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.AccessController.doPrivileged(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
        at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
        at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
        at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
        at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
        at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
        at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
        at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
        at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
        at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
        at com.sun.javaws.Launcher.launch(Unknown Source)
        at com.sun.javaws.Main.launchApp(Unknown Source)
        at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
        at com.sun.javaws.Main.access$000(Unknown Source)
        at com.sun.javaws.Main$1.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)


        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        When you must use an autoconfig-script in your environment - there's no workaround except sticking to Java 8u20 or Java 7u67; but those have critical security advirories.

        SUPPORT :
        YES

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8062604 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8062616 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8062617 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064284 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064285 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064286 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064383 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064643 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8065101 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8065249 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8065428 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8067057 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8070558 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8071162 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8072165 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8082385 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8064334 JavaWS fails with proxy autoconfig due to missing "resolve" permission

            • P3 - Major loss of function.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8062034 Java not utilising PAC or WPAD

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8074249 Java does not respect host exception for network configuration

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8147776 Rhino fails to evaluate autoconfig-script when used via JavaWS

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8074249 Java does not respect host exception for network configuration

            • P3 - Major loss of function.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8038986 Nashorn fails to evaluate autoconfig-script when used via JavaWS

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8071428 Jre 1.7.0_72-b14 unable to download jar file, proxy.pac dumped on console

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                dcherepanov Dmitry Cherepanov
                webbuggrp Webbug Group
                Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: