-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
8u91
-
x86
-
windows_7
FULL PRODUCT VERSION :
C:\Users\Administrator>java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b15)
Java HotSpot(TM) Client VM (build 25.91-b15, mixed mode, sharing)
C:\Users\Administrator>
ADDITIONAL OS VERSION INFORMATION :
This is applicable to window7/8/8.1/10
here is one from windows7
C:\Users\Administrator>ver
Microsoft Windows [Version 6.1.7601]
C:\Users\Administrator>
A DESCRIPTION OF THE PROBLEM :
The below issue is seen with latest JRE(java1.8update91or above) and with latest Firefox version(42 or above) on windows platform(win7/8/8.1/10).
There are two issue seen together
1) The signed applet permission("all-permissions") not requested/granted by JVM security system at first attempt even though applet is launched and in operation which is evident in JavaConsole log. But we do 'refresh' on Firefox browser, it goes fine.
Java Security warning ie, User-Consent prompt window (allow or not allow) is not shown to user at first attempt.
2) Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) gives 'undefined' even after "applet" comes to operational mode which is evident in JavaConsole log ie, we could see debug message from applet in Java console.
REGRESSION. Last worked in version 8u92
ADDITIONAL REGRESSION INFORMATION:
it worked till java1.8update77 or before.
C:\Users\Administrator>java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b15)
Java HotSpot(TM) Client VM (build 25.91-b15, mixed mode, sharing)
C:\Users\Administrator>
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) create a JavaApplet with below manifest and two public members(errorcode and status)
2) sign the jar and deploy it onto webserver
3) access webserver from client machine
4) Invoke applet by attaching <applet> tag into DOM like below
myapplettag = '<applet id="idJavaSun" name="idJavaSun" width="0" height="0" code="MyApplet.MyApplet" archive="binaries/myapplet.jar"><param name="version" value="ver1.0" MAYSCRIPT></applet>';
document.getElementById( "idDivMain" ).innerHTML = myapplettag;
5) start polling JavaApplet member( status or errorcode )
myapplet.mf
Manifest-Version: 1.0
Sealed: true
Trusted-Library: true
Permissions: all-permissions
Codebase: https://*
Application-Name: MyTestApplet
Implementation-Vendor: MyCompanyName.
Caller-Allowable-Codebase: *
Application-Library-Allowable-Codebase: *
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
1) At first attempt, The signed applet permission("all-permissions") should be requested/granted by JVM security system. The evidence would be "Java Security warning ie, User-Consent prompt window(allow or not allow)" and JavaConsole with similar lines as below.
security: Grant liveconnect connect perm for https://myserver/start.htm : java.security.Permissions@b7a91a (
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "browser.version" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
2) Once applet is in operational, Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) should not give "undefined' but to valid value.
ACTUAL -
1) At first attempt, The signed applet permission("all-permissions") not requested/granted by JVM security system. "Java Security warning ie, User-Consent prompt window(allow or not allow)" is not shown to user and JavaConsole DOES NOT HAVE similar lines as below.
security: Grant liveconnect connect perm for https://myserver/start.htm : java.security.Permissions@b7a91a (
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "browser.version" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
2) Even though applet is in operational, Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) still gives "undefined' .
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Downgrade ie, use JRE1.8update77 or below.
C:\Users\Administrator>java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b15)
Java HotSpot(TM) Client VM (build 25.91-b15, mixed mode, sharing)
C:\Users\Administrator>
ADDITIONAL OS VERSION INFORMATION :
This is applicable to window7/8/8.1/10
here is one from windows7
C:\Users\Administrator>ver
Microsoft Windows [Version 6.1.7601]
C:\Users\Administrator>
A DESCRIPTION OF THE PROBLEM :
The below issue is seen with latest JRE(java1.8update91or above) and with latest Firefox version(42 or above) on windows platform(win7/8/8.1/10).
There are two issue seen together
1) The signed applet permission("all-permissions") not requested/granted by JVM security system at first attempt even though applet is launched and in operation which is evident in JavaConsole log. But we do 'refresh' on Firefox browser, it goes fine.
Java Security warning ie, User-Consent prompt window (allow or not allow) is not shown to user at first attempt.
2) Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) gives 'undefined' even after "applet" comes to operational mode which is evident in JavaConsole log ie, we could see debug message from applet in Java console.
REGRESSION. Last worked in version 8u92
ADDITIONAL REGRESSION INFORMATION:
it worked till java1.8update77 or before.
C:\Users\Administrator>java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b15)
Java HotSpot(TM) Client VM (build 25.91-b15, mixed mode, sharing)
C:\Users\Administrator>
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) create a JavaApplet with below manifest and two public members(errorcode and status)
2) sign the jar and deploy it onto webserver
3) access webserver from client machine
4) Invoke applet by attaching <applet> tag into DOM like below
myapplettag = '<applet id="idJavaSun" name="idJavaSun" width="0" height="0" code="MyApplet.MyApplet" archive="binaries/myapplet.jar"><param name="version" value="ver1.0" MAYSCRIPT></applet>';
document.getElementById( "idDivMain" ).innerHTML = myapplettag;
5) start polling JavaApplet member( status or errorcode )
myapplet.mf
Manifest-Version: 1.0
Sealed: true
Trusted-Library: true
Permissions: all-permissions
Codebase: https://*
Application-Name: MyTestApplet
Implementation-Vendor: MyCompanyName.
Caller-Allowable-Codebase: *
Application-Library-Allowable-Codebase: *
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
1) At first attempt, The signed applet permission("all-permissions") should be requested/granted by JVM security system. The evidence would be "Java Security warning ie, User-Consent prompt window(allow or not allow)" and JavaConsole with similar lines as below.
security: Grant liveconnect connect perm for https://myserver/start.htm : java.security.Permissions@b7a91a (
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "browser.version" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
2) Once applet is in operational, Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) should not give "undefined' but to valid value.
ACTUAL -
1) At first attempt, The signed applet permission("all-permissions") not requested/granted by JVM security system. "Java Security warning ie, User-Consent prompt window(allow or not allow)" is not shown to user and JavaConsole DOES NOT HAVE similar lines as below.
security: Grant liveconnect connect perm for https://myserver/start.htm : java.security.Permissions@b7a91a (
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "browser.version" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
2) Even though applet is in operational, Accessing java applet public member in javascript ( for example, document.applets['myapplet'].status/errorcode ) still gives "undefined' .
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Downgrade ie, use JRE1.8update77 or below.