InvocationTargetException when running signed applet locally with 7u45

Sun / Oracle bug ID # 8027396

Expected behavior: As when the signed Java applet above is run from the Web, when run locally the applet should report the user.home property to illustrate that it launched and was trusted. 

Actual behavior: When this applet is run from a local machine with Java 7 update 45, it fails to launch.  Small red text appears "Error, Click for details" in the applet space. Clicking the red text pops up an "Application Error" dialog box titled "RuntimeException" that lists "java.lang.reflect.InvocationTargetException".  The dialog has a button "Details" but clicking this just opens the Java Console, in which at the default trace level has no error messages.  However, if one sets the trace level to be high one sees:

java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
            at sun.plugin2.applet.Plugin2ClassLoader.defineClassHelper(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.access$100(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
            at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
            at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
            at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            ... 14 more
Caused by: java.lang.NullPointerException
            at sun.plugin2.applet.Plugin2ClassLoader.loadAllowedCodebases(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
            at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
            at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
            at java.security.SecureClassLoader.defineClass(Unknown Source)
            at java.net.URLClassLoader.defineClass(Unknown Source)
            ... 18 more

All was fine with Java 7 update 40.

Update: This appears to be fixed in Java 7 update 51, though one person is reporting that it is still not working.

This and other signed applets work locally with Java 8 build 111.  (There had initially been a problem with one particular signed applet running locally using Internet Explorer on Windows 8.1, but this turned out to be a separate problem with how "Mark of the Web" gets treated in that environment).

On Windows, unchecking "Enable the next-generation Java plug-in" in the Advanced tab of Java Control Panel fixes the problem for Internet Explorer but not for Firefox.  However, this carries the warning that the older plug-in will be removed in the next major release.

Using "jar cfm0" instead of "jar cfm" didn't help, though it did produce an uncompressed JAR file.

A workaround using JNLP is discussed at JNLPSignedAppletTest, but it doesn't seem to work except in circumstances in which the JNLP code is ignored and the applet runs under the same circumstances in which it runs without JNLP.

Steps to reproduce:

To try this locally, download and expand the SignedAppletTest.zip file. It contains a folder with the following files:

The applet code, used both on this page and on the index.html file in the zip file, is:

<APPLET code="SignedAppletTest.class" archive="SignedAppletTest.jar" width=700 height=60></APPLET>

The manifest.txt file has the following content:

Permissions: all-permissions
Codebase: *
Application-Name: SignedAppletTest

The applet source code is:

import java.awt.*;
import java.applet.*;

public class SignedAppletTest extends Applet {

public void init()
{
setBackground(new Color(255, 240, 200));
}

public void paint(Graphics g)
{
   try
   {
     String userHome = System.getProperty("user.home");
     g.drawString("Signing worked. The user.home property is: " + userHome, 10, 30);
   }
   catch (SecurityException e)
   {
     g.drawString("Signing didn't work. The SecurityException is: " + e.getMessage(), 10, 70);
   }
}
} // END OF Class SignedAppletTest

If you have any insights or comments about this page please contact Mickey Segal.  A listing of  many Java resources is at this link.