Test scenario: FX app trys to access a host http://kgb.us.oracle.com in multiple threads. And this domain is allowed since cross domain xml file has <allow-access-from domain="*" secure="true"> element for this app. But with 8u20-b16, app fail to connect to http://kgb.us.oracle.com duet to: java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve") ENV: win7/x86 and x64/jre8u20-b16 Steps to reproduce: 1) Import self.valid.cert to JCP-Security-"Manage Certificates"-"Singer CA" to have a valid cert: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/lib/self.valid.cert 2) Launch a fx app that setting crossdomain file by specified runtime args java_vm_args=-Djnlp.altCrossDomainXMLFiles=http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml in jnlp: javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/jnlp/testFXCrossDomainMultiThreads.jnlp 3) The contents in crossdomain file http://kgb.us.oracle.com/CrossDomainSetup/GOOD_XML_ALLOWED/crossdomain.xml: <cross-domain-policy> <allow-access-from domain="*" secure="true"/> <allow-http-request-headers-from domain="*" headers="Authorization,X-HTTP-Method-Override" secure="true"/> </cross-domain-policy> 4) In this app, it trys to access "http://kgb.us.oracle.com" in multiple threads 5) A warning dialog will show up. Accept it 6) If "Test FAILed" shows up(this meas connecting to "http://kgb.us.oracle.com" fails), then this bug is reproduce. The following exception will show up In log: network: Connecting http://kgb.us.oracle.com/ with proxy=DIRECT Connection fail to: http://kgb.us.oracle.com/ due to java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve") java.security.AccessControlException: access denied ("java.net.SocketPermission" "kgb.us.oracle.com:80" "connect,resolve") at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.makeConnection(TestFXCrossDomainMultiThreads.java:90) at deploy.sqe.TestFXCrossDomainMultiThreads$ConnectionThread.run(TestFXCrossDomainMultiThreads.java:82) Expected results: "Test PASSed" should show up. This means connecting to "http://kgb.us.oracle.com" succeeds SRC: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXCrossDomain/src/TestFXCrossDomainMultiThreads.java Note: above app will succeed with jre8u5-b13
|