Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8044381

Verifying Https-connection during Applet-startup uses wrong URL

    Details

    • Subcomponent:
    • CPU:
      x86_64
    • OS:
      windows_7

      Description

      FULL PRODUCT VERSION :
      java version "1.7.0_55"
      Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
      Java HotSpot(TM) Client VM (build 24.55-b03, mixed mode)

      A DESCRIPTION OF THE PROBLEM :
      Plugin2Classloader.getPermissions(CodeSource paramCodeSource) uses SandboxSecurity with a wrong URL:
      In case the host equals the paramCodeSource's host, it uses "SandboxSecurity.getConnectPermission(getBaseURL());" instead of "SandboxSecurity.getConnectPermission(paramCodeSource.getLocation());"
      -> This leads to a request on the baseUrl, and not the jar-URL.

      It seems to be fixed in 8u05, but not in 7u60.

      REGRESSION. Last worked in version 7u51


      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Activity

            People

            • Assignee:
              stayer Kirill Kirichenko (Inactive)
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: