Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8277457

AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: openjfx14, openjfx17
    • Fix Version/s: openjfx18
    • Component/s: javafx
    • Labels:
    • Subcomponent:
      web

      Backports

        Description

        When a Policy and a SecurityManager are set, loading an URL from WebView throws this (non-fatal) exception several times:

        Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
                at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
                at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
                at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
                at java.base/java.net.CookieHandler.getDefault(CookieHandler.java:80)
                at javafx.web@18-ea/com.sun.webkit.network.CookieJar.fwkGet(CookieJar.java:65)
                at javafx.web@18-ea/com.sun.webkit.network.URLLoaderBase.twkDidFinishLoading(Native Method)
                at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.notifyDidFinishLoading(HTTP2Loader.java:578)
                at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:441)
                at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
                at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
                at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
                at javafx.graphics@18-ea/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)

        WebView calls CookieHandler.getDefault(); in several places (like in https://github.com/openjdk/jfx/blob/master/modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java#L65).

        This happens since the support for HTTP2 was introduced by JDK-8211308, right before 14-ea+4 was released, using JDK greater than 11, on any platform (tested on MacOS 11.6, Windows 10 and Ubuntu 20.04).

        While the JavaDoc (https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/CookieHandler.html#getDefault()) is really clear about this case:

        Throws: SecurityException – If a security manager has been installed and it denies NetPermission("getCookieHandler")

        adding such permission doesn't solve the issue.

        The attached test reproduces the issue. It sets the policy and permissions by code, but running it with -Djava.security.manager and -Djava.security.policy=<file> instead gives the same results.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                kcr Kevin Rushforth
                Reporter:
                jpereda Jose Pereda
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: