Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
813 views
in Technique[技术] by (71.8m points)

security - Why is Java 7 requesting network permissions for a signed application?

Since Java 7 Update 5 my Java Web Start application is requesting the permission to establish connections. The application is signed with a valid certificate.

A popup is displayed with the following text:

The application has requested permission to establish connections to www.example.com. Do you want to allow this action? [OK] [Cancel]

On rejecting the request I get this trace on the console:

Uncaught error fetching image:
java.lang.SecurityException
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkConnect(Unknown Source)
    at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
    at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
    at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
    at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
    at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
    at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
    at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
    at sun.awt.image.ImageFetcher.run(Unknown Source)

And here is the thread dump when the permission is requested:

"Image Fetcher 2" daemon prio=8 tid=0x04198000 nid=0xc24 in Object.wait() [0x0470e000]
   java.lang.Thread.State: WAITING (on object monitor)
        at java.lang.Object.wait(Native Method)
        - waiting on <0x1d67b050> (a java.lang.Object)
        at java.lang.Object.wait(Object.java:503)
        at com.sun.javaws.ui.JavawsSysRun.delegate(Unknown Source)
        - locked <0x1d67b050> (a java.lang.Object)
        at com.sun.deploy.util.DeploySysRun.execute(Unknown Source)
        at com.sun.deploy.util.DeploySysRun$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.util.DeploySysRun.executePrivileged(Unknown Source)
        at com.sun.deploy.ui.UIFactory.showApiDialog(Unknown Source)
        at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
        at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
        at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
        at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
        at com.sun.jnlp.ApiDialog.askConnect(Unknown Source)
        at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
        at java.net.InetAddress.getAllByName0(Unknown Source)
        at java.net.InetAddress.getAllByName(Unknown Source)
        at java.net.InetAddress.getByName(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
        at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntryFromIdxFiles(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
        at com.sun.deploy.net.DownloadEngine.isUpdateAvailable(Unknown Source)
        at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source)
        - locked <0x12fd06d0> (a java.lang.Object)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        - locked <0x12fd0728> (a sun.net.www.protocol.http.HttpURLConnection)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        - locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
        at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
        at sun.net.www.http.HttpClient.openServer(Unknown Source)
        - locked <0x12fd09b8> (a sun.net.www.http.HttpClient)
        at sun.net.www.http.HttpClient.<init>(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.http.HttpClient.New(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        - locked <0x12fd0a40> (a sun.net.www.protocol.http.HttpURLConnection)
        at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.dispatch(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.next(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
        at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
        at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
        at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
        at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
        at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
        at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
        at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
        at javax.xml.parsers.SAXParser.parse(Unknown Source)
        at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
        - locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
        at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
        at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
        at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
        at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
        at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
        at sun.awt.image.ImageFetcher.run(Unknown Source)

"AWT-EventQueue-0" prio=6 tid=0x0315f800 nid=0xc80 waiting on condition [0x037cf000]
   java.lang.Thread.State: WAITING (parking)
        at sun.misc.Unsafe.park(Native Method)
        - parking to wait for  <0x1d6b46a8> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
        at java.util.concurrent.locks.LockSupport.park(Unknown Source)
        at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(Unknown Source)
        at java.awt.EventQueue.getNextEvent(Unknown Source)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
        at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
        at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.awt.EventDispatchThread.run(Unknown Source)

"javawsApplicationMain" prio=6 tid=0x040b4c00 nid=0x1198 in Object.wait() [0x0461f000]
   java.lang.Thread.State: WAITING (on object monitor)
        at java.lang.Object.wait(Native Method)
        - waiting on <0x1db95260> (a java.awt.MediaTracker)
        at java.awt.MediaTracker.waitForID(Unknown Source)
        - locked <0x1db95260> (a java.awt.MediaTracker)
        at javax.swing.ImageIcon.loadImage(Unknown Source)
        - locked <0x1db95260> (a java.awt.MediaTracker)
        at javax.swing.ImageIcon.<init>(Unknown Source)
        at javax.swing.ImageIcon.<init>(Unknown Source)
        at com.mycompany.myapp.j.c(Unknown Source)
        at com.mycompany.myapp.j.<init>(Unknown Source)
        at com.mycompany.myapp.MainClass.main(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.javaws.Launcher.executeApplication(Unknown Source)
        at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
        at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
        at com.sun.javaws.Launcher.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

"CacheCleanUpThread" daemon prio=6 tid=0x03232800 nid=0x1048 waiting for monitor entry [0x0390f000]
   java.lang.Thread.State: BLOCKED (on object monitor)
        at com.sun.deploy.net.CrossDomainXML.quickCheck(Unknown Source)
        - waiting to lock <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
        at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
        at java.net.InetAddress.getAllByName0(Unknown Source)
        at java.net.InetAddress.getAllByName(Unknown Source)
        at java.net.InetAddress.getByName(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
        at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
        at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
        at com.sun.deploy.cache.CleanupThread.getCurrentCacheSize(Unknown Source)
        at com.sun.deploy.cache.CleanupThread.run(Unknown Source)
        - locked <0x1d6b5518> (a java.lang.Object)

"Javaws Secure Thread" daemon prio=6 tid=0x03158c00 nid=0xb9c in Object.wait() [0x0377f000]
   java.lang.Thread.State: WAITING (on object monitor)
        at java.lang.Object.wait(Native Method)
        - waiting on <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
        at java.lang.Object.wait(Object.java:503)
        at java.awt.EventQueue.invokeAndWait(Unknown Source)
        - locked <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
        at javax.swing.SwingUtilities.invokeAndWait(Unknown Source)
        at com.sun.deploy.ui.DialogTemplate.setVisible(Unknown Source)
        at com.sun.deploy.ui.UIFactory$10.execute(Unknown Source)
        at com.sun.javaws.ui.JavawsSysRun$SecureThread.doWork(Unknown Source)
        at com.sun.javaws.ui.JavawsSysRun$SecureThread.ru

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

We're running into this as well combined with the security popup sometimes causing a deadlock. (due to other webstart bugs). This is most likely due to the 'fix' for 7177094 in 7u5 from the release notes. I tried to but this comment on your bug # 7177349, but comments on it were not available.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...