JDK-8023032 : Security Warnings are not 508 Compliant
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 7u21,8
  • Priority: P3
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: windows_7
  • Submitted: 2013-05-08
  • Updated: 2014-07-02
  • Resolved: 2014-07-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8u20Resolved
Related Reports
Duplicate :  
JDK-8049088 - Close icon not highlighted and no name/description readable by screen readers
Description
FULL PRODUCT VERSION :
JRE 1.7.0_21

ADDITIONAL OS VERSION INFORMATION :
Windows XP
Windows Vista - x32/x64
Windows 7 - x32/x64

A DESCRIPTION OF THE PROBLEM :
The security warning popups from the Applet security warning system are not recognized or read by adaptive screen reader technologies.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load any applet that requires additional security provisions with a computer running JAWS or another adaptive text technology.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The user should be alerted to a new popup, and read the text of the warning, and then prompted for action.
ACTUAL -
The user recieves either no notification, or a very simple alert liek 'run'.

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
No workaround currently exisys
Comments
There seems to be no issue with the JAWS. It reads "Do you want to run this application" in the Java Ferret. Another issue - Close icon not being highlighted and no name/description present for Screen Readers - is present. Opening a new bug for that issue and closing this bug as Not an issue.
02-07-2014
Release team: Approved for deferral.
06-12-2013
SQE-Ok to defer this issue to later releases
02-12-2013
Clearly we need to improve this situation, but this is not a regression in JDK 8 and needs to be deferred.
26-11-2013
In 8 (but not 7u) security has been locked down some, in these cases: 1) When the the JAB classes are loaded. In lib\security\java.security, "com.sun.java.accessibility." is specified in sections package.access and package.definition. 2) When the JAB loads its DLLs. A limited doPrivleged is now used using a new overload of doPrivileged to add security around the loadLibrary calls.
18-11-2013
If the dialog is an html dialog then there shouldn't be an issue because the screen reader would already be able to provide access via the AT support provided by the browser. If it's a native dialog the screen reader would also be able to provide access. The only problem is if the dialog is written in Java. That would be a problem because the accessibility support, i.e. the JAB, would not be loaded until after the user accepts the terms of the dialog.
18-11-2013
I was informed that setting priority is the responsibility of the component triage team using ILW so changing back to P3 and awaiting that team's decision.
18-11-2013