Java applet security model incompatibility between OS X JREs 6 and 7: any workaround?

Question

I'm the author of Wordle, one of the few surviving Java applets in the wild.

Recently, I received user reports of warnings that my (signed) applet would soon be blackballed by the JRE because it did not explicitly specify a "Permissions" attribute in its manifest. So, now the MANIFEST.MF correctly specifies

    Permissions: sandbox

and the <applet> tag includes the magical

    <param name="permissions" value="sandbox" />

param, as documented.

Now, folks who have bent over backwards to install the OS X JRE 7 can run Wordle with no difficulty, but folks (like many school IT admins) stuck on JRE 6 cannot run the applet at all; they get

java.lang.SecurityException: JAR manifest requested to run in sandbox only:
http://wordle.appspot.com/j/v1390/wordle.jar
    at com.sun.deploy.security.DeployManifestChecker.verify(DeployManifestChecker.java:106)
    at com.sun.deploy.security.DeployManifestChecker.verify(DeployManifestChecker.java:84)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:319)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:280)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:270)
    at sun.plugin2.applet.Plugin2Manager.isAppletSigned(Plugin2Manager.java:3289)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Plugin2Manager.java:3207)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1536)
    at java.lang.Thread.run(Thread.java:695)`

The symptom suggests that the Java 6 plugin assumes that the signed applet should run in all-permissions mode, and thinks that the request for sandbox in the manifest is an error. It ignores, in other words, the permissions param in the applet tag.

Does anyone know of any way for me to help my users other than setting the applet to run in all-permissions mode? I'd prefer to stay sandboxed, both because I don't want people to be afraid to use Wordle, and because I don't want to create an attack surface.

Answer 1

Reply from Apple to my bug report.

Apple Developer Relations15-Aug-2014 05:12 PM

Engineering has determined that this is an issue for a third party to resolve based on the following:

This issue is with the Oracle manifest checker, which is in conflict with the instructions Oracle has given developers to run applets in Java 7.

We delivered Oracle's Java SE 6 security checker, as they designed in our version of Java SE 6. It is mutually incompatible with future versions of Java, but there is nothing Apple will do to address it, since we are no longer support Java SE 6 on 10.6.8.

We are now closing this bug report.

If you have questions regarding the resolution of this issue, please update your bug report with that information.

Please be sure to regularly check new Apple releases for any updates that might affect this issue.

In other words, they don't support Apple Java any more (even though anyone with OS X 10.6.8 or earlier is forced to use Apple Java), so they're blaming this on Oracle's original spec - which apparently Oracle themselves didn't follow, or this same bug would exist for Oracle Java 6.

Answer 2

Okay, I tried A LOT! If not everything! I'm pretty sure there is NO WAY to let a self signed applet run in sandbox mode with the latest update (1.6.0_65-b14-462-10M4609). The only chance I had was to

• downgrade to 1.6.0_51
• remove Permissions tag and param completely from manifest and applet-tag