| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8281655 | jfx17.0.3 | Kevin Rushforth | P4 | Resolved | Fixed | |
| JDK-8281973 | jfx11.0.15 | Kevin Rushforth | P4 | Resolved | Fixed |
When a Policy and a SecurityManager are set, loading an URL from WebView throws this (non-fatal) exception several times:
Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
at java.base/java.net.CookieHandler.getDefault(CookieHandler.java:80)
at javafx.web@18-ea/com.sun.webkit.network.CookieJar.fwkGet(CookieJar.java:65)
at javafx.web@18-ea/com.sun.webkit.network.URLLoaderBase.twkDidFinishLoading(Native Method)
at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.notifyDidFinishLoading(HTTP2Loader.java:578)
at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:441)
at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
at javafx.graphics@18-ea/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
WebView calls CookieHandler.getDefault(); in several places (like in https://github.com/openjdk/jfx/blob/master/modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java#L65).
This happens since the support for HTTP2 was introduced byJDK-8211308, right before 14-ea+4 was released, using JDK greater than 11, on any platform (tested on MacOS 11.6, Windows 10 and Ubuntu 20.04).
While the JavaDoc (https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/CookieHandler.html#getDefault()) is really clear about this case:
Throws: SecurityException – If a security manager has been installed and it denies NetPermission("getCookieHandler")
adding such permission doesn't solve the issue.
The attached test reproduces the issue. It sets the policy and permissions by code, but running it with -Djava.security.manager and -Djava.security.policy=<file> instead gives the same results.
Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
at java.base/java.net.CookieHandler.getDefault(CookieHandler.java:80)
at javafx.web@18-ea/com.sun.webkit.network.CookieJar.fwkGet(CookieJar.java:65)
at javafx.web@18-ea/com.sun.webkit.network.URLLoaderBase.twkDidFinishLoading(Native Method)
at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.notifyDidFinishLoading(HTTP2Loader.java:578)
at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:441)
at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
at javafx.graphics@18-ea/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
WebView calls CookieHandler.getDefault(); in several places (like in https://github.com/openjdk/jfx/blob/master/modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java#L65).
This happens since the support for HTTP2 was introduced by
While the JavaDoc (https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/CookieHandler.html#getDefault()) is really clear about this case:
Throws: SecurityException – If a security manager has been installed and it denies NetPermission("getCookieHandler")
adding such permission doesn't solve the issue.
The attached test reproduces the issue. It sets the policy and permissions by code, but running it with -Djava.security.manager and -Djava.security.policy=<file> instead gives the same results.
- backported by
-
JDK-8281655 AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
-
- Resolved
-
-
-
- Resolved
-
- links to
-
Commit
openjdk/jfx11u/6ab043f9
-
Commit
openjdk/jfx17u/0ab83722
-
Commit
openjdk/jfx/5bd72a7c
-
Review
openjdk/jfx11u/70
-
Review
openjdk/jfx17u/30
-
Review
openjdk/jfx/681
(3 links to)