Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6957050

Applets no longer work with PKI enabled web servers

    Details

    • Subcomponent:
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      FULL PRODUCT VERSION :
      1.6.0_20

      ADDITIONAL OS VERSION INFORMATION :
      5.1.2600

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      I thought I had submitted this a few weeks ago, but I came back to check status and couldn't find it in the database. I apologize if it's a repeat.

      A DESCRIPTION OF THE PROBLEM :
      Applets executing against PKI enabled web sites have stopped working. It appears that the plug-in no longer has access to the Windows certificate store. I also loaded my PKI credentials directly into the java keystore and that no longer works either.

      PKI support (using the Windows certificate store) was just introduced on 1.6.0. It has worked correctly through 1.6.0_18. It is broken in updates 19 and 20.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Configure any applet to run against a PKI enabled web site. Attempt to connect to the site via the applet to perform any function

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The plugin should prompt the user to select a PKI certificate and should then proceed when a valid certificate ahs been selected and presented.
      ACTUAL -
      No certificate selection form is displayed. The applet fails to connect.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
              at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
              at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
              at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
              at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
              at java.lang.Thread.run(Unknown Source)
      Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
      java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
              at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
              at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
              at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
              at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
              at java.lang.Thread.run(Unknown Source)
      Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://xxxxxxx


      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      Revert to JRE 1.6.0_18. This is no longer a viable option, particularly for Govt users, as there have been security issues reported against the previous updates.

      Release Regression From : 6u19
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Activity

            People

            • Assignee:
              dgu Dennis Gu (Inactive)
              Reporter:
              igor Igor Nekrestyanov (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: