[Bug 2472] ITW: networking same origin policy not in sync with Oracle Java 8
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Wed Jun 24 15:01:04 UTC 2015
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2472
--- Comment #1 from Tomas Hoger <thoger at redhat.com> ---
Created attachment 1371
--> http://icedtea.classpath.org/bugzilla/attachment.cgi?id=1371&action=edit
SOP test case
A simple test applet that can be used to test Socket and URLConnection SOP.
For testing, I have /etc/hosts entry for host1 and host2 both resolving to the
same IP address.
When applet is instructed to connect to host1:80, the result is:
- Oracle JDK7 and ITW with OpenJDK 7 or 8:
Socket connection to host1:80 was allowed.
URLConnection to http://host1:80 was allowed.
- Oracle JDK8:
Socket connection to host1:80 was denied:
java.security.AccessControlException: access denied
("java.net.SocketPermission" "host1" "resolve")
URLConnection to http://host1:80 was allowed.
When applet is instructed to connect to host2:80, the result is:
- Oracle JDK7 and ITW with OpenJDK 7 or 8:
Socket connection to host2:80 was allowed.
URLConnection to http://host2:80 was allowed.
- Oracle JDK8:
Socket connection to host2:80 was denied:
java.security.AccessControlException: access denied
("java.net.SocketPermission" "host2" "resolve")
URLConnection to http://host2:80 was denied:
java.security.AccessControlException: access denied
("java.net.SocketPermission" "host2:80" "connect,resolve")
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150624/814de09e/attachment.html>
More information about the distro-pkg-dev
mailing list