-
Bug
-
Resolution: Fixed
-
P3
-
8u25
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8062617 | 9 | Dmitry Cherepanov | P3 | Resolved | Fixed | b40 |
JDK-8082385 | emb-9 | Dmitry Cherepanov | P3 | Resolved | Fixed | b40 |
JDK-8071162 | 8u60 | Dmitry Cherepanov | P3 | Resolved | Fixed | b01 |
JDK-8065428 | 8u45 | Dmitry Cherepanov | P3 | Resolved | Fixed | b01 |
JDK-8064286 | 8u31 | Dmitry Cherepanov | P3 | Resolved | Fixed | b08 |
JDK-8065101 | 8u25 | Dmitry Cherepanov | P3 | Resolved | Fixed | b32 |
JDK-8070558 | emb-8u47 | Dmitry Cherepanov | P3 | Resolved | Fixed | team |
JDK-8065249 | emb-8u33 | Dmitry Cherepanov | P3 | Resolved | Fixed | b03 |
JDK-8072165 | 7u85 | Dmitry Markov | P3 | Resolved | Fixed | b01 |
JDK-8062604 | 7u80 | Dmitry Markov | P3 | Resolved | Fixed | b03 |
JDK-8064643 | 7u79 | Dmitry Markov | P3 | Resolved | Fixed | b01 |
JDK-8064383 | 7u76 | Dmitry Markov | P3 | Resolved | Fixed | b08 |
JDK-8064284 | 7u75 | Dmitry Markov | P3 | Resolved | Fixed | b08 |
JDK-8064334 | 7u72 | Dmitry Markov | P3 | Closed | Fixed | b32 |
JDK-8062616 | 6u95 | Dmitry Markov | P3 | Resolved | Fixed | b01 |
JDK-8064285 | 6u91 | Dmitry Markov | P3 | Resolved | Fixed | b08 |
JDK-8067057 | 6u85 | Dmitry Markov | P3 | Resolved | Fixed | b31 |
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Corporate Environment - No direct connection to the internet - only via http/socks-proxys
A DESCRIPTION OF THE PROBLEM :
When in an environment where proxy configuration is determined by an autoconfig-script and jars have to be downloaded via proxys, JavaWS fails because of java.security.AccessControlException: access denied ("java.net.SocketPermission" "docs.oracle.com" "resolve")
Because of different proxys for different destinations a single proxy configuration isn't applicable.
REGRESSION. Last worked in version 8u20
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Be in a corporate environment and only have access to the internet and other destinations via (multiple) proxies
2. Deploy an autoconfig.conf like this:
(actual content doesn't really matter here)
====================
function FindProxyForURL(url, host)
{
if(dnsResolve(host) == '') {
return "DIRECT"
}
if (!isResolvable(host) && dnsDomainIs(host, "some.domain.com"))
{
return "PROXY a.proxy.in.your.company:proxyport";
}
if (isInNet(host, "255.255.0.0", "255.255.0.0") && false)
{
return "DIRECT";
}
return "PROXY yourproxy:yourproxyport";
}
====================
3. Go to http://docs.oracle.com/javase/tutorial/uiswing/layout/gridbag.html
and launch the demo:
http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The jnlp should load and spawn a new java process launching the demo.
ACTUAL -
The Application could not be started because of com.sun.deploy.net.FailedDownloadException: Ressource konnte nicht geladen werden: http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.security.AccessControlException: access denied ("java.net.SocketPermission" "docs.oracle.com" "resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at com.sun.deploy.net.proxy.PACFunctionsImpl.dnsResolve(Unknown Source)
at com.sun.deploy.net.proxy.PACFunctionsImpl.isResolvable(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler$9.apply(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler$9.apply(Unknown Source)
at jdk.nashorn.internal.scripts.Script$\^eval\_.:scopeCall-6(<eval>)
at jdk.nashorn.internal.scripts.Script$\^eval\_.FindProxyForURL(<eval>:155)
at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:539)
at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:209)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:378)
at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:185)
at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:505)
at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:227)
at com.sun.deploy.net.proxy.SunAutoProxyHandler.jsGetProxyInfo(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler.access$100(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler$2.run(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.proxy.SunAutoProxyHandler.jsGetProxyInfo(Unknown Source)
at com.sun.deploy.net.proxy.SunAutoProxyHandler.getProxyInfo(Unknown Source)
at com.sun.deploy.net.proxy.DynamicProxyManager.getProxyList(Unknown Source)
at com.sun.deploy.net.proxy.DeployProxySelector.select(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
http://docs.oracle.com/javase/tutorialJWS/samples/uiswing/GridBagLayoutDemoProject/GridBagLayoutDemo.jnlp
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
When you must use an autoconfig-script in your environment - there's no workaround except sticking to Java 8u20 or Java 7u67; but those have critical security advirories.
SUPPORT :
YES
- backported by
-
JDK-8062604 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8062616 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8062617 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064284 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064285 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064286 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064383 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064643 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8065101 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8065249 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8065428 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8067057 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8070558 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8071162 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8072165 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8082385 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Resolved
-
-
JDK-8064334 JavaWS fails with proxy autoconfig due to missing "resolve" permission
-
- Closed
-
- duplicates
-
JDK-8062034 Java not utilising PAC or WPAD
-
- Closed
-
-
JDK-8074249 Java does not respect host exception for network configuration
-
- Closed
-
-
JDK-8074249 Java does not respect host exception for network configuration
-
- Closed
-
-
JDK-8147776 Rhino fails to evaluate autoconfig-script when used via JavaWS
-
- Closed
-
- relates to
-
JDK-8038986 Nashorn fails to evaluate autoconfig-script when used via JavaWS
-
- Resolved
-
-
JDK-8071428 Jre 1.7.0_72-b14 unable to download jar file, proxy.pac dumped on console
-
- Closed
-