Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8277457

AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • P4
    • Resolution: Fixed
    • jfx14, jfx17
    • jfx18
    • javafx
    • web

    Backports

      Description

        When a Policy and a SecurityManager are set, loading an URL from WebView throws this (non-fatal) exception several times:

        Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
                at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
                at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
                at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
                at java.base/java.net.CookieHandler.getDefault(CookieHandler.java:80)
                at javafx.web@18-ea/com.sun.webkit.network.CookieJar.fwkGet(CookieJar.java:65)
                at javafx.web@18-ea/com.sun.webkit.network.URLLoaderBase.twkDidFinishLoading(Native Method)
                at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.notifyDidFinishLoading(HTTP2Loader.java:578)
                at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:441)
                at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
                at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
                at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
                at javafx.graphics@18-ea/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)

        WebView calls CookieHandler.getDefault(); in several places (like in https://github.com/openjdk/jfx/blob/master/modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java#L65).

        This happens since the support for HTTP2 was introduced by JDK-8211308, right before 14-ea+4 was released, using JDK greater than 11, on any platform (tested on MacOS 11.6, Windows 10 and Ubuntu 20.04).

        While the JavaDoc (https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/CookieHandler.html#getDefault()) is really clear about this case:

        Throws: SecurityException – If a security manager has been installed and it denies NetPermission("getCookieHandler")

        adding such permission doesn't solve the issue.

        The attached test reproduces the issue. It sets the policy and permissions by code, but running it with -Djava.security.manager and -Djava.security.policy=<file> instead gives the same results.

        Attachments

          Issue Links

            Activity

              People

                kcr Kevin Rushforth
                jpereda Jose Pereda
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: