FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.0.6000]
A DESCRIPTION OF THE PROBLEM :
The current Mustang release note (http://java.sun.com/javase/6/webnotes/index.html) claims that:
"On a Windows OS other than Windows Vista, when running a signed applet, a user is prompted with a security warning dialog box and must respond. If "Yes" is clicked, the applet will have AllPermissions to run on the user's machine. This includes permission to write/delete a file from the local disk.
On a Windows Vista OS, this is no longer true. Instead, AllPermissions is limited to Java Applet scope, not Windows scope. Because a process running in IE has a low integrity level, it will not be able to write/delete a file from a medium/high integrity level directory. "
This is true, but there is a well documented design to allow IE add-ins access the file system from the user's normal (Medium) Integrity level, rather the IE's Low Integrity level: implement an Internet Explorer Broker Process. E.g. Adobe Flash do this (http://blogs.msdn.com/ie/archive/2006/11/17/flash-player-9-update.aspx). Sun need to implement such a process for the IE Java plugin. Without it, Sun's implementation of file access (particularly via the AWT FileDialog) is unusable for ordinary users.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a signed Java applet that accesses the file system outside IE's virtualized file system (e.g. access a file in c:\users\<user name>). Either load, or save a file to this directory. The broker process should be used to access the file, so that the file access works - the current Java plugin lacks this, so the file access is constrained to the IE Low Integrity, which does not have write access to this directory.
EXPECTED VERSUS ACTUAL BEHAVIOR :
Signed Java applets should be able to access all files that a Medium Integrity process can access, rather than just files that IE's Low Integrity process can. Note that this also applies to the AWT FileDialog and Swing file chooser dialogs.
This bug can be reproduced always.