Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8066402

There is no AccessControlException thrown when try to access secure cookies from different host



    • Subcomponent:
    • CPU:
    • OS:


      Testsuite:cookies in plugin
      Test name(s):SecureConnectionCookieGetSetMixedIPTest
      Product(s) tested:Jre9b40 32bit
      from http://jre.us.oracle.com/java/re/jdk/9-jigsaw-m2/nightly/b40_2014-11-21-1021_1764/bundles/
      OS/architecture:Ubuntu12.04 x86

      Reproducible: Always
      Reproducible on machine:egtc

      Is it a Regression:Not sure.

      Test result on the last GAed release for this train:

      [if Fail] Test result on FCS:

      Is it a platform specific issue:Not sure.

      Exception/Error from Log:http://aurora-ds3.us.oracle.com:9502/runs%2F648109.ManualSubmit-1/cookiesScenarios/SecureConnectionCookieGetSetMixedIPTest.jtr

      Copy JDF workspace,install test jre,and run this case
      Steps to reproduce:

      1.Close browser session and clear deployment cache by running "javaws -uninstall"
       2.For JRE less than 8u20, security level to Medium level. For 8u20 and above add your machine_name and port inside the Exception Site list under Security tab of Java Control panel. For example if machine name is "jijising-pc" then ESL enteries will be https://jijising-pc:8443/ and http://jijising-pc:8080/
       3.Make sure that proxy connection is set to "none"
      4.Try to load test applet using following URL by replacing test_server_name with the host_name of machine under test. https://test_server_name:8443/cookies/html/testHTTPGetSetCookieMixedIPSecure.html
       For example if one is running test on jijising-pc then test URL will become https://jijising-pc:8443/cookies/html/testHTTPGetSetCookieMixedIPSecure.html
       5.Accept Security Warning from Browser e.g. on IE click "Continue to this website (not recommended)" while on Firefox click on "I Understand the Risks" followd by "Add Exception" and then "Confirm Security Exception"
       6.There should be Security Warning pop-up from Java since we are trying to make secure https connection. Accept the warning
       7.There should be Security warning dialog since applet is not signed. This dialog will be there for jdk version 7u11 and later. Click "Run" to accept. With JDK 7u21 and above dialog is going to be multi-click i.e. one need to first check the checkbox "I accept the risk...." in order to enable the "Run" button .But if ESL file (8u20 and above) is setup then this unsigned warning could not be Multi Click i.e. one can directly click on Run button
       8.For JRE version earlier then JRE8, make sure that applet is getting loaded fine and is not able to read secure cookies i.e. test can be marked as passed if cookie MyTestSecure=5 is not read by an applet. For JRE8 and above java.security.AccessControlException will be thrown by an applet
      The actual result:
      There is no java.security.AccessControlException thown for JRE9b40.Please refer to SecureConnectionCookieGetSetMixedIPTest.txt




            almatvee Alexander Matveev
            michaelw Michael Wang (Inactive)
            0 Vote for this issue
            3 Start watching this issue