Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7102914

REGRESSION: secure cookies is always dropped if network connection is triggered via liveconnect

    Details

      Backports

        Description

        J2SE Version (please include all output from java -version flag):
        6u29

        Does this problem occur on J2SE 1.5.x or 6ux? Yes / No (pick one)
        No, works fine on 6u29 build03
         and all previous releases

        Bug Description:

        Our application consists of an applet and servlets that
        communicate with each other.

        The browser loads the applet, and the applet contacts our servelts directly.
        These communications are now broken in the latest JRE release (1.6.0_29).
        Attached logs for the latest JRE and the prerelease u28
        (before version name change) as well.

        The only difference between the successful case and the failed case is the
        JRE being used, all other environmental factors are unchanged. That said,
        my test environment does not have a proxy or firewall enabled.

        Our servlets require the session ID that was set in a previous communication,
        but it seems the JRE is restricting the cookies that are sent with applet
        initiated HTTPS connections to our servlets. Not sure why the restriction
        is happening, the applet is contacting the same site that it came from,
        so it should be trusted.

        This is affecting all our customers that upgrade to JRE 1.6.0_29.
        They are unable to authenticate themselves in their organizations.

        We are seeing the following errors, something about a
        SecureCokiePermission permission:


        java.security.AccessControlException: access denied (com.sun.deploy.security.SecureCookiePermission origin.https://<someurl>)
        another instance of this bug is related to use of MS remote proxy scripting:

        https://forums.oracle.com/forums/thread.jspa?forumID=953&threadID=2300815

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ngthomas Thomas Ng (Inactive)
                  Reporter:
                  tyao Ting-Yun Ingrid Yao (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: