Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8277457

AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: openjfx14, openjfx17
    • Fix Version/s: openjfx18
    • Component/s: javafx
    • Labels:
    • Subcomponent:
      web

      Description

      When a Policy and a SecurityManager are set, loading an URL from WebView throws this (non-fatal) exception several times:

      Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.net.NetPermission" "getCookieHandler")
              at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
              at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
              at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
              at java.base/java.net.CookieHandler.getDefault(CookieHandler.java:80)
              at javafx.web@18-ea/com.sun.webkit.network.CookieJar.fwkGet(CookieJar.java:65)
              at javafx.web@18-ea/com.sun.webkit.network.URLLoaderBase.twkDidFinishLoading(Native Method)
              at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.notifyDidFinishLoading(HTTP2Loader.java:578)
              at javafx.web@18-ea/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:441)
              at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
              at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
              at javafx.graphics@18-ea/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
              at javafx.graphics@18-ea/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)

      WebView calls CookieHandler.getDefault(); in several places (like in https://github.com/openjdk/jfx/blob/master/modules/javafx.web/src/main/java/com/sun/webkit/network/CookieJar.java#L65).

      This happens since the support for HTTP2 was introduced by JDK-8211308, right before 14-ea+4 was released, using JDK greater than 11, on any platform (tested on MacOS 11.6, Windows 10 and Ubuntu 20.04).

      While the JavaDoc (https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/CookieHandler.html#getDefault()) is really clear about this case:

      Throws: SecurityException – If a security manager has been installed and it denies NetPermission("getCookieHandler")

      adding such permission doesn't solve the issue.

      The attached test reproduces the issue. It sets the policy and permissions by code, but running it with -Djava.security.manager and -Djava.security.policy=<file> instead gives the same results.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kcr Kevin Rushforth
              Reporter:
              jpereda Jose Pereda
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: