Bug ID: 6732753 HTTPS redirect does not work in Java Web Start

Community
Java Embedded
Java Card
Java DB
Java EE
JavaFX
Java Magazine
Java ME
Java SE Advanced & Suite
Java SE
Java SE Support
Java Advanced
Java TV
New to Java
Web Tier

6732753 : HTTPS redirect does not work in Java Web Start

Details

Type:	Enhancement	Submit Date:	2008-08-01
Status:	Open	Updated Date:	2012-01-03
Project Name:	JDK	Resolved Date:
Component:	deploy	OS:	generic,windows_xp,windows_7
Sub-Component:	webstart	CPU:	x86,generic
Priority:	P3
Resolution:	Unresolved
Affected Versions:	6u10,7
Targeted Versions:	7-pool

Related Reports

Sub Tasks

Description

customer claim HTTPS redirect does not work in mulitple version of java web start.

Comments

EVALUATION

I don't think there is any security concern by allowing redirect from http to https, by looking our source code, we prohibit redirect from http to https, the implementation is in HttpURLConnection class since JRE 1.2, therefore this is not a regression and we should consider to change this behavior in JDK7.

2010-08-12

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together