Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8096432

WebView rendering of Web Fonts requires unacceptable 'AllPermissions' granted by Security Manager

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Won't Fix
    • Affects Version/s: 8u25
    • Fix Version/s: None
    • Component/s: javafx
    • Labels:
      None
    • Subcomponent:
      web

      Description

      In 8u25, it seems that if our application ClassLoader is involved in the Permission check of a web font, then we need to grant "AllPermissions" to our application code to get this to work with the security manager on. It it not acceptable for us to grant this to the code that launches the WebView.

      For example, go here "http://fortawesome.github.io/Font-Awesome/icons/"

      The web font works fine with security manager off; but it shows the wrong font when the security manager is on (unless we add grant AllPermissions to our appliction).

      Here is the security manager debug; we are told that we need to add entry for our "testTest.jar" module which launches the browser (this is an unacceptable thing for us to add to our application):

      access: access denied ("java.security.AllPermission" "<all permissions>" "<all actions>")
      java.lang.Exception: Stack trace
      at java.lang.Thread.dumpStack(Thread.java:1329)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
      at java.security.AccessController.checkPermission(AccessController.java:884)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
      at com.sun.javafx.application.PlatformImpl.isSupported(PlatformImpl.java:481)
      at javafx.application.Platform.isSupported(Platform.java:166)
      at javafx.scene.Scene.<init>(Scene.java:329)
      at javafx.scene.Scene.<init>(Scene.java:181)
      at test.workbench.SimpleSwingBrowser$2.run(SimpleSwingBrowser.java:201)
      at com.sun.javafx.application.PlatformImpl.lambda$null$164(PlatformImpl.java:292)
      at com.sun.javafx.application.PlatformImpl$$Lambda$107/605914852.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sun.javafx.application.PlatformImpl.lambda$runLater$165(PlatformImpl.java:291)
      at com.sun.javafx.application.PlatformImpl$$Lambda$106/677804791.run(Unknown Source)
      at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)
      at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
      at com.sun.glass.ui.win.WinApplication.lambda$null$141(WinApplication.java:102)
      at com.sun.glass.ui.win.WinApplication$$Lambda$98/1683068293.run(Unknown Source)
      at java.lang.Thread.run(Thread.java:745)
      access: access allowed ("java.security.SecurityPermission" "getPolicy")
      access: access allowed ("java.io.FilePermission" "D:\niagara\r40\niagara_home\modules\testTest.jar" "read")
      access: domain that failed ProtectionDomain (file:/d:/niagara/r40/niagara_home/modules/testTest.jar <no signer certificates>)
       com.tridium.sys.module.ModuleClassLoader for testTest-Tridium-4.0.1 [sc798w]
       <no principals>
       java.security.Permissions@177667e5 (
       ("java.io.FilePermission" "C:\Users\e333930\AppData\Local\Temp\\-" "read,write,delete")
       ("java.io.FilePermission" "<<ALL FILES>>" "read,write")
       (unresolved java.lang.NetPermission getCookieHandler null)
       ("java.net.SocketPermission" "localhost:0" "listen,resolve")
       ("java.net.SocketPermission" "*:1-100000" "connect,resolve")
       ("java.util.logging.LoggingPermission" "control")
       ("java.util.PropertyPermission" "java.specification.version" "read")
       ("java.util.PropertyPermission" "java.version" "read")
       ("java.util.PropertyPermission" "os.arch" "read")
       ("java.util.PropertyPermission" "java.specification.vendor" "read")
       ("java.util.PropertyPermission" "java.vm.specification.name" "read")
       ("java.util.PropertyPermission" "*" "read")
       ("java.util.PropertyPermission" "java.vm.vendor" "read")
       ("java.util.PropertyPermission" "path.separator" "read")
       ("java.util.PropertyPermission" "os.version" "read")
       ("java.util.PropertyPermission" "file.separator" "read")
       ("java.util.PropertyPermission" "line.separator" "read")
       ("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
       ("java.util.PropertyPermission" "java.specification.name" "read")
       ("java.util.PropertyPermission" "java.vendor.url" "read")
       ("java.util.PropertyPermission" "java.vendor" "read")
       ("java.util.PropertyPermission" "java.vm.version" "read")
       ("java.util.PropertyPermission" "java.vm.name" "read")
       ("java.util.PropertyPermission" "java.vm.specification.version" "read")
       ("java.util.PropertyPermission" "os.name" "read")
       ("java.util.PropertyPermission" "java.class.version" "read")
       ("java.lang.RuntimePermission" "accessDeclaredMembers")
       ("java.lang.RuntimePermission" "accessClassInPackage.sun.util.logging.resources")
       ("java.lang.RuntimePermission" "exitVM.0")
       ("java.lang.RuntimePermission" "stopThread")
       ("java.awt.AWTPermission" "accessClipboard")
       ("java.awt.AWTPermission" "showWindowWithoutWarningBanner")
      )



        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kcr Kevin Rushforth
              Reporter:
              jfrankovijfx JJ Frankovich (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported: