JDK-6227159 : Can't create HTTPS URLs in applets when logged in as guest
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2005-02-09
  • Updated: 2011-02-16
  • Resolved: 2005-08-01
Related Reports
Duplicate :  
JDK-6243108 - Loading 1.4 plugin from HTTPS page fails for Win2K user with mandatory profile
Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When logged into windows as the user 'Guest' an ExceptionInInitializer exception is thrown when creating a URL object with the 'https' protocol.

This seems to be caused by the native method generateSeed in com.sun.deploy.security.WSeedGenerator returning null.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the applet.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A valid URL object.
ACTUAL -
An exception is thrown.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.ExceptionInInitializerError
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at java.net.URL.getURLStreamHandler(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at java.net.URL.<init>(Unknown Source)
        at HTTPSTest.init(HTTPSTest.java:87)
        at sun.applet.AppletPanel.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NullPointerException
        at java.security.SecureRandom.nextBytes(Unknown Source)
        at java.security.SecureRandom.next(Unknown Source)
        at java.util.Random.nextInt(Unknown Source)
        at com.sun.deploy.net.protocol.https.Handler$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.net.protocol.https.Handler.<clinit>(Unknown Source)
        ... 9 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.applet.Applet;
import java.net.URL;
import java.net.MalformedURLException;
public class HTTPSTest extends Applet
{

  public void init()
  {
    try
    {
      URL url = new URL("https://www.verisign.com/");
    }
    catch (MalformedURLException itsNot)
    {
    }
  }

}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
I don't think there's a workaround unless the applet is signed.

If it's signed you can force it to use Sun's implementation of the https handler either by adding the line:

System.setProperty("java.protocol.handler.pkgs", "sun.net.www.protocol");

before creating the URL object or by passing the handler to the constructor:

URL url = new URL("https", "www.verisign.com", -1, "", new sun.net.www.protocol.https.Handler());
###@###.### 2005-2-09 12:15:20 GMT
Comments
EVALUATION Can't reproduce the bug by using appletviewer, java version 1.5.0_02. Another thing is about windows guest account. By default, it's disabled. Below is how to enable it: 1. enable it in 'local users and groups' 2. In Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Deny logon locally, remove guest account from the list. ###@###.### 2005-06-14 10:18:31 GMT Dont know if there really is a bug here, but I'm reassiging to plugin so they can look at it before closing it. Exception seems to come from a deploy class. ###@###.### 2005-06-15 15:52:49 GMT This is the same issue as reported in bug 6243108, it has been fixed in 5.0u3. I will close it as a duplicate of 6243108.
14-06-2005