JDK-6672250 : Regression: new jnlp.packEnabled property breaks sophisticated applets using LiveConnect
- Type: Bug
- Component: deploy
- Sub-Component: deployment_toolkit
- Affected Version: 6u10
- Priority: P2
- Status: Closed
- Resolution: Fixed
- OS: generic,windows_xp
- CPU: generic,x86
- Submitted: 2008-03-06
- Updated: 2013-01-10
- Resolved: 2008-05-15
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 |
|---|
6u10 b14Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
The introduction of client-side Pack200 selection in 6378311 has introduced a regression in sophisticated applets using LiveConnect because of the fact that the new code does not use AccessController.doPrivileged() to read the jnlp.packEnabled system property. If JavaScript calls into Java and causes a resource to be loaded, since the JavaScript frame on the stack does not have the permission to read the jnlp.packEnabled system property, a SecurityException will be raised deep in the deployment code and the application will return null for their call to ClassLoader.getResourceAsStream(). This regression was reproduced with NeuroDNA's product at http://www.neurodna.com/ and may affect other real-world applets. It is related to an earlier bug, 6665053.
Comments
|