Since Java 7 Update 5 my Java Web Start application is requesting the permission to establish connections. The application is signed with a valid certificate.
A popup is displayed with the following text:
The application has requested permission to establish connections to www.example.com. Do you want to allow this action? [OK] [Cancel]
On rejecting the request I get this trace on the console:
Uncaught error fetching image:
java.lang.SecurityException
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
And here is the thread dump when the permission is requested:
"Image Fetcher 2" daemon prio=8 tid=0x04198000 nid=0xc24 in Object.wait() [0x0470e000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1d67b050> (a java.lang.Object)
at java.lang.Object.wait(Object.java:503)
at com.sun.javaws.ui.JavawsSysRun.delegate(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
at com.sun.deploy.util.DeploySysRun.execute(Unknown Source)
at com.sun.deploy.util.DeploySysRun$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.util.DeploySysRun.executePrivileged(Unknown Source)
at com.sun.deploy.ui.UIFactory.showApiDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromIdxFiles(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.net.DownloadEngine.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source)
- locked <0x12fd06d0> (a java.lang.Object)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0728> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
- locked <0x12fd09b8> (a sun.net.www.http.HttpClient)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0a40> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.dispatch(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
"AWT-EventQueue-0" prio=6 tid=0x0315f800 nid=0xc80 waiting on condition [0x037cf000]
java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for <0x1d6b46a8> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(Unknown Source)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(Unknown Source)
at java.awt.EventQueue.getNextEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
"javawsApplicationMain" prio=6 tid=0x040b4c00 nid=0x1198 in Object.wait() [0x0461f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1db95260> (a java.awt.MediaTracker)
at java.awt.MediaTracker.waitForID(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.loadImage(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.<init>(Unknown Source)
at javax.swing.ImageIcon.<init>(Unknown Source)
at com.mycompany.myapp.j.c(Unknown Source)
at com.mycompany.myapp.j.<init>(Unknown Source)
at com.mycompany.myapp.MainClass.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
"CacheCleanUpThread" daemon prio=6 tid=0x03232800 nid=0x1048 waiting for monitor entry [0x0390f000]
java.lang.Thread.State: BLOCKED (on object monitor)
at com.sun.deploy.net.CrossDomainXML.quickCheck(Unknown Source)
- waiting to lock <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.CleanupThread.getCurrentCacheSize(Unknown Source)
at com.sun.deploy.cache.CleanupThread.run(Unknown Source)
- locked <0x1d6b5518> (a java.lang.Object)
"Javaws Secure Thread" daemon prio=6 tid=0x03158c00 nid=0xb9c in Object.wait() [0x0377f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at java.lang.Object.wait(Object.java:503)
at java.awt.EventQueue.invokeAndWait(Unknown Source)
- locked <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at javax.swing.SwingUtilities.invokeAndWait(Unknown Source)
at com.sun.deploy.ui.DialogTemplate.setVisible(Unknown Source)
at com.sun.deploy.ui.UIFactory$10.execute(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.doWork(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.run(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
The application consists in a welcome screen that fetches images from a website, this screen is then dismissed and the main application window appears. The warning is displayed only before the welcome screen appears. Once the application is started no other warning is displayed despite several connections initiated by the application.
What is causing this issue? Is this a regression in Java 7u5 or a new feature? I haven't seen any reference to this in the release notes.
Thank you
A permission represents access to a system resource. In order for a resource access to be allowed for an applet (or an application running with a security manager), the corresponding permission must be explicitly granted to the code attempting the access.
The java. policy file installed with the JDK grants all permissions to standard extensions, allows anyone to listen on un-privileged ports, and allows any code to read certain "standard" properties that are not security-sensitive, such as the " os.name " and " file.
We're running into this as well combined with the security popup sometimes causing a deadlock. (due to other webstart bugs). This is most likely due to the 'fix' for 7177094 in 7u5 from the release notes. I tried to but this comment on your bug # 7177349, but comments on it were not available.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With