Since Java 7 Update 5 my Java Web Start application is requesting the permission to establish connections. The application is signed with a valid certificate.
A popup is displayed with the following text:
The application has requested permission to establish connections to www.example.com. Do you want to allow this action? [OK] [Cancel]
On rejecting the request I get this trace on the console:
Uncaught error fetching image:
java.lang.SecurityException
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
And here is the thread dump when the permission is requested:
"Image Fetcher 2" daemon prio=8 tid=0x04198000 nid=0xc24 in Object.wait() [0x0470e000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1d67b050> (a java.lang.Object)
at java.lang.Object.wait(Object.java:503)
at com.sun.javaws.ui.JavawsSysRun.delegate(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
at com.sun.deploy.util.DeploySysRun.execute(Unknown Source)
at com.sun.deploy.util.DeploySysRun$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.util.DeploySysRun.executePrivileged(Unknown Source)
at com.sun.deploy.ui.UIFactory.showApiDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.deploy.uitoolkit.impl.awt.ui.UIFactoryImpl.showMessageDialog(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askUser(Unknown Source)
at com.sun.jnlp.ApiDialog.askConnect(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromIdxFiles(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntry(Unknown Source)
at com.sun.deploy.net.DownloadEngine.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source)
- locked <0x12fd06d0> (a java.lang.Object)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0728> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
- locked <0x12fd09b8> (a sun.net.www.http.HttpClient)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
- locked <0x12fd0a40> (a sun.net.www.protocol.http.HttpURLConnection)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.dispatch(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
- locked <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
at sun.awt.image.ImageFetcher.run(Unknown Source)
"AWT-EventQueue-0" prio=6 tid=0x0315f800 nid=0xc80 waiting on condition [0x037cf000]
java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for <0x1d6b46a8> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(Unknown Source)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(Unknown Source)
at java.awt.EventQueue.getNextEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
"javawsApplicationMain" prio=6 tid=0x040b4c00 nid=0x1198 in Object.wait() [0x0461f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x1db95260> (a java.awt.MediaTracker)
at java.awt.MediaTracker.waitForID(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.loadImage(Unknown Source)
- locked <0x1db95260> (a java.awt.MediaTracker)
at javax.swing.ImageIcon.<init>(Unknown Source)
at javax.swing.ImageIcon.<init>(Unknown Source)
at com.mycompany.myapp.j.c(Unknown Source)
at com.mycompany.myapp.j.<init>(Unknown Source)
at com.mycompany.myapp.MainClass.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
"CacheCleanUpThread" daemon prio=6 tid=0x03232800 nid=0x1048 waiting for monitor entry [0x0390f000]
java.lang.Thread.State: BLOCKED (on object monitor)
at com.sun.deploy.net.CrossDomainXML.quickCheck(Unknown Source)
- waiting to lock <0x1d6fcf40> (a java.lang.Class for com.sun.deploy.net.CrossDomainXML)
at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.deploy.cache.Cache.getCurrentIP(Unknown Source)
at com.sun.deploy.cache.Cache.isCacheEntryIPValid(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.Cache.getCacheEntryFromFile(Unknown Source)
at com.sun.deploy.cache.CleanupThread.getCurrentCacheSize(Unknown Source)
at com.sun.deploy.cache.CleanupThread.run(Unknown Source)
- locked <0x1d6b5518> (a java.lang.Object)
"Javaws Secure Thread" daemon prio=6 tid=0x03158c00 nid=0xb9c in Object.wait() [0x0377f000]
java.lang.Thread.State: WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at java.lang.Object.wait(Object.java:503)
at java.awt.EventQueue.invokeAndWait(Unknown Source)
- locked <0x12fd1e58> (a java.awt.EventQueue$1AWTInvocationLock)
at javax.swing.SwingUtilities.invokeAndWait(Unknown Source)
at com.sun.deploy.ui.DialogTemplate.setVisible(Unknown Source)
at com.sun.deploy.ui.UIFactory$10.execute(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.doWork(Unknown Source)
at com.sun.javaws.ui.JavawsSysRun$SecureThread.run(Unknown Source)
- locked <0x1d67b050> (a java.lang.Object)
The application consists in a welcome screen that fetches images from a website, this screen is then dismissed and the main application window appears. The warning is displayed only before the welcome screen appears. Once the application is started no other warning is displayed despite several connections initiated by the application.
What is causing this issue? Is this a regression in Java 7u5 or a new feature? I haven't seen any reference to this in the release notes.
Thank you
The solution is to simply disable the security manager
System.setSecurityManager(null);