United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6227159 Can't create HTTPS URLs in applets when logged in as guest
JDK-6227159 : Can't create HTTPS URLs in applets when logged in as guest

Details
Type:
Bug
Submit Date:
2005-02-09
Status:
Closed
Updated Date:
2011-02-16
Project Name:
JDK
Resolved Date:
2005-08-01
Component:
deploy
OS:
windows_xp
Sub-Component:
plugin
CPU:
x86
Priority:
P3
Resolution:
Duplicate
Affected Versions:
5.0
Fixed Versions:

Related Reports
Duplicate:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When logged into windows as the user 'Guest' an ExceptionInInitializer exception is thrown when creating a URL object with the 'https' protocol.

This seems to be caused by the native method generateSeed in com.sun.deploy.security.WSeedGenerator returning null.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the applet.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A valid URL object.
ACTUAL -
An exception is thrown.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.ExceptionInInitializerError
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at java.net.URL.getURLStreamHandler(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at HTTPSTest.init(HTTPSTest.java:87)
        at sun.applet.AppletPanel.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NullPointerException
        at java.security.SecureRandom.nextBytes(Unknown Source)
        at java.security.SecureRandom.next(Unknown Source)
        at java.util.Random.nextInt(Unknown Source)
        at com.sun.deploy.net.protocol.https.Handler$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.net.protocol.https.Handler.<clinit>(Unknown Source)
        ... 9 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.applet.Applet;
import java.net.URL;
import java.net.MalformedURLException;
public class HTTPSTest extends Applet
{

  public void init()
  {
    try
    {
      URL url = new URL("https://www.verisign.com/");
    }
    catch (MalformedURLException itsNot)
    {
    }
  }

}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
I don't think there's a workaround unless the applet is signed.

If it's signed you can force it to use Sun's implementation of the https handler either by adding the line:

System.setProperty("java.protocol.handler.pkgs", "sun.net.www.protocol");

before creating the URL object or by passing the handler to the constructor:

URL url = new URL("https", "www.verisign.com", -1, "", new sun.net.www.protocol.https.Handler());
###@###.### 2005-2-09 12:15:20 GMT

                                    

Comments
EVALUATION

Can't reproduce the bug by using appletviewer, java version 1.5.0_02.

Another thing is about windows guest account. By default, it's disabled. Below is how to enable it: 
  1. enable it in 'local users and groups'
  2. In Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Deny logon locally, remove guest account from the list.
###@###.### 2005-06-14 10:18:31 GMT

Dont know if there really is a bug here, but I'm reassiging to plugin
so they can look at it before closing it. Exception seems to come from
a deploy class.
###@###.### 2005-06-15 15:52:49 GMT

This is the same issue as reported in bug 6243108, it has been fixed in 5.0u3. I will close it as a duplicate of 6243108.
                                     
2005-06-14



Hardware and Software, Engineered to Work Together