The introduction of client-side Pack200 selection in 6378311 has
introduced a regression in sophisticated applets using LiveConnect
because of the fact that the new code does not use
AccessController.doPrivileged() to read the jnlp.packEnabled system
permission to read the jnlp.packEnabled system property, a
SecurityException will be raised deep in the deployment code and the
application will return null for their call to
ClassLoader.getResourceAsStream(). This regression was reproduced with
NeuroDNA's product at http://www.neurodna.com/ and may affect other
real-world applets. It is related to an earlier bug, 6665053.
Fixed this by properly using AccessController.doPrivileged() to fetch
this system property in the PluginURLJarFileCallBack. Also refactored
code in the new plug-in to grant the default set of permissions for
as coming from untrusted code hosted at the document base.