JDK-6907171 : PhotoFlockr JavaFX app shows security dialog for net access even though crossdomain allows access
  • Type: Bug
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 6u17
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2009-12-03
  • Updated: 2010-09-16
  • Resolved: 2009-12-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u19 b01Fixed 7Fixed
Description
An unsigned PhotoFlockr JavaFX app shows several security dialog for accessing content from farm3.static.flickr.com even though
that site has a crossdomain file allowing any domain access:

http://farm3.static.flickr.com/crossdomain.xml 

This should work without a security dialog since we added support for cross domain in 6u10.

The PhotoFlockr sample on javafx.com is currently signed. We are in the process of unsigning some of them in order to give a better user experience. 

See comments for more info on how to reproduce this.
Comments
EVALUATION This bug is caused by a race condition in CrossDomainXML class, when url is null, sometimes the quickFullCheck and changed variable didn't return correct value due to outside the synchronzied block, this looks like related to bug fix 6794977, which didn't cover this case.
18-12-2009
EVALUATION It looks like the unsigned applet is working (images seems to be displayed correctly), but for some reason, we are still poping up the security dialog for network connection. (applet seems working still even if you cancel the dialog) Need to find out what's causing the pop up.
04-12-2009