--- a/ChangeLog	Fri Jul 10 21:49:21 2015 +0200
+++ b/ChangeLog	Mon Jul 13 17:19:00 2015 +0200
@@ -1,3 +1,53 @@
+2015-07-13  Jiri Vanek  <jvanek@redhat.com>
+
+	Added tests for unsigned applet/app using Permission attribute
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.html
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/srcs/META-INF/MANIFEST.MF
+	contains Permissions: all-permissions
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/srcs/SandboxUnsignedAllPerm.java
+	* tests/reproducers/unsigned/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java
+	testcases with permissions in manifest check on. There is probably an bug in impl.
+	The applet should not run at all, or javaws without permissions should runin sandbox too.
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.html
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/srcs/META-INF/MANIFEST.MF
+	contains Permissions: invalidValue
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/srcs/SandboxUnsignedInvalid.java
+	* tests/reproducers/unsigned/SandboxUnsignedInvalid/testcases/SandboxUnsignedInvalidTest.java
+	testcases with permissions in manifest check on
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.html
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/srcs/META-INF/MANIFEST.MF
+	does not contains Permissions
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/srcs/SandboxUnsignedMissing.java
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTest.java
+	testcases with permissions in manifest check on
+	* tests/reproducers/unsigned/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTestHighSecurity.java
+	testcases with permissions in manifest check on and on high security => interactive tests
+	with autoreply
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.html
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_security.jnlp
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/srcs/META-INF/MANIFEST.MF
+	contains Permissions: sandbox
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/srcs/SandboxUnsignedSandbox.java
+	* tests/reproducers/unsigned/SandboxUnsignedSandbox/testcases/SandboxUnsignedSandboxTest.java
+	testcases with permissions in manifest check on.
+	* tests/reproducers/cloneReproducer.sh: small fix to support blue/red background for
+	unsigned/signed html applets
+
 2015-07-10  Jiri Vanek  <jvanek@redhat.com>
 
 	Added script to clone reproducer skeleton

--- a/tests/reproducers/cloneReproducer.sh	Fri Jul 10 21:49:21 2015 +0200
+++ b/tests/reproducers/cloneReproducer.sh	Mon Jul 13 17:19:00 2015 +0200
@@ -9,12 +9,15 @@
 familyFrom=$3
 familyTo=$4
 #^simple,signed,signed2,custom (script will proabbly not work fine for custom)
-#run from this dir, or use absolute path
-top=.
-#top=/home/jvanek/hg/icedtea-web/tests/reproducers
+#run from this dir (tests/reproducers), or use absolute path
+top1=.
+#top1=/home/jvanek/hg/icedtea-web/tests/reproducers
+top2=$top1
+#top2=/home/jvanek/Desktop
 
-srcDir=$top/$familyFrom
-destDir=$top/$familyTo
+
+srcDir=$top1/$familyFrom
+destDir=$top2/$familyTo
 
 desc=$destDir/$to
 src=$srcDir/$from
@@ -30,12 +33,19 @@
 tree  $desc
 cp -vr $src/srcs/META-INF  $desc/srcs/
 SED1="sed s/$from/$to/g"
+SED2="sed s/a/a/"
+if [ \( $familyFrom = signed -o $familyFrom = signed2 \) -a $familyTo = simple ] ; then
+SED2='sed s/bgcolor=\"red\"/bgcolor=\"blue\"/g'
+fi;
+if [ \( $familyTo = signed -o $familyTo = signed2 \) -a $familyFrom = simple ] ; then
+SED2='sed s/bgcolor=\"blue\"/bgcolor=\"red\"/g'
+fi;
 
 for x in $drs ; do
 	files=`ls $src/$x/`
 	for f in $files ; do 
 		target=`echo $f | $SED1`
-		cat $src/$x/$f | $SED1  | sed "s/@Test/@Test FIXME!/g" >  $desc/$x/$target
+		cat $src/$x/$f | $SED1  | sed "s/@Test/@Test FIXME!/g" | $SED2 >  $desc/$x/$target
 	done
 done
 

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.html	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,42 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="blue">
+<p><applet code="SandboxUnsignedAllPerm.class" archive="SandboxUnsignedAllPerm.jar" codebase="." width="250" height="200">
+</applet></p>
+</body>
+</html>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedAllPerm.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedAllPerm</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedAllPerm</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedAllPerm.jar"/>
+    </resources>
+  <application-desc main-class="SandboxUnsignedAllPerm">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedAllPerm_applet.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedAllPerm</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedAllPerm</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedAllPerm.jar"/>
+    </resources>
+    <applet-desc
+      documentBase="."
+      name="SandboxUnsignedAllPerm"
+      main-class="SandboxUnsignedAllPerm"
+      width="250"
+      height="200">
+  </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+-->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedAllPerm_applet_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedAllPerm</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedAllPerm</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedAllPerm.jar"/>
+    </resources>
+    <security>
+        <all-permissions/>
+    </security>
+    <applet-desc
+        documentBase="."
+        name="SandboxUnsignedAllPerm"
+        main-class="SandboxUnsignedAllPerm"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,56 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedAllPerm_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedAllPerm</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedAllPerm</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedAllPerm.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+  <application-desc main-class="SandboxUnsignedAllPerm">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/srcs/META-INF/MANIFEST.MF	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Permissions: all-permissions
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/srcs/SandboxUnsignedAllPerm.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,57 @@
+
+import java.applet.Applet;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedAllPerm extends Applet {
+
+    @Override
+    public void init() {
+        confirm();
+    }
+
+    public static void main(String... s) {
+        confirm();
+    }
+
+    private static void confirm() {
+        System.out.println("*** applet running ***");
+        System.out.println(System.getProperty("user.home"));
+        System.out.println("*** APPLET FINISHED ***");
+    }
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,118 @@
+
+import java.io.IOException;
+import java.util.Arrays;
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.ManifestAttributesChecker;
+import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedAllPermTest extends BrowserTest {
+
+    private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier();
+    private static final StringBasedClosingListener aok = new AutoOkClosingListener();
+    private static final StringBasedClosingListener aer = new AutoErrorClosingListener();
+    private static final String confirmation = "*** applet running ***";
+
+    @BeforeClass
+    public static void setDeploymentManifestPermissionReadingOnly() throws IOException {
+        dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString());
+    }
+
+    @AfterClass
+    public static void restoreDeploymentProeprtiees() throws IOException {
+        dpm.restoreProperties();
+    }
+
+    @Test
+    //bug, should run in sandbox, see appletAllPermAllSecurity
+    public void javawsAllPermNoSecurity() throws Exception {
+        ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm.jnlp");
+        Assert.assertTrue(p.stdout.contains(confirmation));
+        Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+        Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+    @Test
+    public void javawsAllPermAllSecurity() throws Exception {
+        ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm_security.jnlp");
+        Assert.assertFalse(p.stdout.contains(confirmation));
+        Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+        Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+    @Test
+    //bug, should run in sandbox, see appletAllPermAllSecurity
+    public void javawsAppletAllPermNoSecurity() throws Exception {
+        ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}), "SandboxUnsignedAllPerm_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+        Assert.assertTrue(p.stdout.contains(confirmation));
+        Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+        Assert.assertTrue(p.stderr.contains(aer.getCondition())); //applets have exception flused only in verbose mode? strange...
+    }
+
+    @Test
+    public void javawsAppletAllPermAllSecurity() throws Exception {
+        ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+        Assert.assertFalse(p.stdout.contains(confirmation));
+        Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+        Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+    @Test
+    @TestInBrowsers(testIn = Browsers.one)
+    //or this one should fail
+    public void appletAllPermAllSecurity() throws Exception {
+        server.getBrowserLocation();
+        ProcessResult p = server.executeBrowser("SandboxUnsignedAllPerm.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+        Assert.assertTrue(p.stdout.contains(confirmation));
+        Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+        Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.html	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,42 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="red">
+<p><applet code="SandboxUnsignedInvalid.class" archive="SandboxUnsignedInvalid.jar" codebase="." width="250" height="200">
+</applet></p>
+</body>
+</html>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedInvalid.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedInvalid</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedInvalid</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedInvalid.jar"/>
+    </resources>
+  <application-desc main-class="SandboxUnsignedInvalid">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedInvalid_applet.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedInvalid</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedInvalid</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedInvalid.jar"/>
+    </resources>
+    <applet-desc
+        documentBase="."
+        name="SandboxUnsignedInvalid"
+        main-class="SandboxUnsignedInvalid"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedInvalid_applet_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxSignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedInvalid</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedInvalid.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+    <applet-desc
+        documentBase="."
+        name="SandboxUnsignedInvalid"
+        main-class="SandboxUnsignedInvalid"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,56 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedInvalid_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxSignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedInvalid</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedInvalid.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+  <application-desc main-class="SandboxUnsignedInvalid">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/srcs/META-INF/MANIFEST.MF	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Permissions: invalidValue
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/srcs/SandboxUnsignedInvalid.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,57 @@
+
+import java.applet.Applet;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedInvalid extends Applet {
+
+
+    @Override
+    public void init() {
+        confirm();
+    }
+
+    public static void main(String... s) {
+        confirm();
+    }
+
+    private static void confirm() {
+        System.out.println("*** applet running ***");
+        System.out.println(System.getProperty("user.home"));
+        System.out.println("*** APPLET FINISHED ***");
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedInvalid/testcases/SandboxUnsignedInvalidTest.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,115 @@
+
+import java.io.IOException;
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import static net.sourceforge.jnlp.browsertesting.BrowserTest.server;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.ManifestAttributesChecker;
+import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedInvalidTest extends BrowserTest {
+
+        private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier();
+        private static final StringBasedClosingListener aok = new AutoOkClosingListener();
+        private static final StringBasedClosingListener aer = new AutoErrorClosingListener();
+        private static final  String confirmation = "*** applet running ***";
+        
+        
+        @BeforeClass
+        public static void setDeploymentManifestPermissionReadingOnly() throws IOException{
+            dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString());
+        }
+        
+        @AfterClass
+        public static void restoreDeploymentProeprtiees() throws IOException{
+            dpm.restoreProperties();
+        }
+        
+    @Test
+    public void javawsAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid.jnlp");
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    @Test
+    public void javawsAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_security.jnlp");
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    @Test
+    public void javawsAppletAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    @Test
+    public void javawsAppletAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+     @Test 
+     @TestInBrowsers(testIn = Browsers.one)
+    public void appletAllPermAllSecurity() throws Exception{
+        server.getBrowserLocation();
+            ProcessResult p = server.executeBrowser("SandboxUnsignedInvalid.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.html	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,42 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="blue">
+<p><applet code="SandboxUnsignedMissing.class" archive="SandboxUnsignedMissing.jar" codebase="." width="250" height="200">
+</applet></p>
+</body>
+</html>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedMissing.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedMissing</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedMissing.jar"/>
+    </resources>
+  <application-desc main-class="SandboxUnsignedMissing">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedMissing_applet.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedMissing</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedMissing.jar"/>
+    </resources>
+      <applet-desc
+        documentBase="."
+        name="SandboxUnsignedMissing"
+        main-class="SandboxUnsignedMissing"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedMissing_applet_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedMissing</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedMissing.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+      <applet-desc
+        documentBase="."
+        name="SandboxUnsignedMissing"
+        main-class="SandboxUnsignedMissing"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,56 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedMissing_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedMissing</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedMissing.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+  <application-desc main-class="SandboxUnsignedMissing">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/srcs/META-INF/MANIFEST.MF	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/srcs/SandboxUnsignedMissing.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,57 @@
+
+import java.applet.Applet;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedMissing extends Applet {
+
+    @Override
+    public void init() {
+        confirm();
+    }
+
+    public static void main(String... s) {
+        confirm();
+    }
+
+    private static void confirm() {
+        System.out.println("*** applet running ***");
+        System.out.println(System.getProperty("user.home"));
+        System.out.println("*** APPLET FINISHED ***");
+    }
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTest.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,120 @@
+
+import java.io.IOException;
+import java.util.Arrays;
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import static net.sourceforge.jnlp.browsertesting.BrowserTest.server;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.ManifestAttributesChecker;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
+import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedMissingTest extends BrowserTest {
+
+        private static final DeploymentPropertiesModifier dpm1 = new DeploymentPropertiesModifier();
+        private static final DeploymentPropertiesModifier dpm2 = new DeploymentPropertiesModifier();
+        private static final StringBasedClosingListener aok = new AutoOkClosingListener();
+        private static final StringBasedClosingListener aer = new AutoErrorClosingListener();
+        private static final  String confirmation = "*** applet running ***";
+        
+        
+        @BeforeClass
+        public static void setDeploymentManifestPermissionReadingOnly() throws IOException{
+            dpm1.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString());
+            dpm2.setProperties(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ALLOW_UNSIGNED.toChars());
+        }
+        
+        @AfterClass
+        public static void restoreDeploymentProeprtiees() throws IOException{
+            dpm2.restoreProperties();
+            dpm1.restoreProperties();
+        }
+        
+    @Test
+    public void javawsAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing.jnlp");
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    @Test
+    public void javawsAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing_security.jnlp");
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    @Test
+    public void javawsAppletAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxUnsignedMissing_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange...
+    }
+    @Test
+    public void javawsAppletAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+     @Test 
+     @TestInBrowsers(testIn = Browsers.one)
+    public void appletAllPermAllSecurity() throws Exception{
+        server.getBrowserLocation();
+            ProcessResult p = server.executeBrowser("SandboxUnsignedMissing.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTestHighSecurity.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,177 @@
+
+import java.io.IOException;
+import java.util.Arrays;
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ProcessWrapper;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import static net.sourceforge.jnlp.browsertesting.BrowserTest.server;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.ManifestAttributesChecker;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
+import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedMissingTestHighSecurity extends BrowserTest {
+
+        private static final DeploymentPropertiesModifier dpm1 = new DeploymentPropertiesModifier();
+        private static final DeploymentPropertiesModifier dpm2 = new DeploymentPropertiesModifier();
+        private static final StringBasedClosingListener aok = new AutoOkClosingListener();
+        private static final StringBasedClosingListener aer = new AutoErrorClosingListener();
+        private static final  String confirmation = "*** applet running ***";
+        
+        
+        @BeforeClass
+        public static void setDeploymentManifestPermissionReadingOnly() throws IOException{
+            dpm1.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString());
+            dpm2.setProperties(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ASK_UNSIGNED.toChars());
+        }
+        
+        @AfterClass
+        public static void restoreDeploymentProeprtiees() throws IOException{
+            dpm2.restoreProperties();
+            dpm1.restoreProperties();
+        }
+        
+    @Test
+    public void javawsAllPermNoSecurityYes() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing.jnlp"));
+            pw.setWriter("YES\n");
+            ProcessResult p = pw.execute();
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    @Test
+    public void javawsAllPermNoSecurityNo() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing.jnlp"));
+            pw.setWriter("NO\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    @Test
+    public void javawsAllPermAllSecurityYes() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing_security.jnlp"));
+            pw.setWriter("YES\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+     @Test
+    public void javawsAllPermAllSecurityNo() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing_security.jnlp"));
+            pw.setWriter("NO\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+     @Test
+    public void javawsAppletAllPermNoSecurityYes() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless", "-verbose"),  server.getUrl("SandboxUnsignedMissing_applet.jnlp"));
+            pw.addStdOutListener(new AutoOkClosingListener());
+            pw.setWriter("YES\n");
+            ProcessResult p = pw.execute();
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange...
+    }
+    
+    @Test
+    public void javawsAppletAllPermNoSecurityNo() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless", "-verbose"),  server.getUrl("SandboxUnsignedMissing_applet.jnlp"));
+            pw.addStdErrListener(new AutoErrorClosingListener());
+            pw.addStdOutListener(new AutoOkClosingListener());
+            pw.setWriter("NO\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange...
+    }
+
+    @Test
+    public void javawsAppletAllPermAllSecurityYes() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing_applet_security.jnlp"));
+            pw.addStdOutListener(new AutoOkClosingListener());
+            pw.setWriter("YES\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    @Test
+    public void javawsAppletAllPermAllSecurityNo() throws Exception{
+            ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"),  server.getUrl("SandboxUnsignedMissing_applet_security.jnlp"));
+            pw.addStdErrListener(new AutoErrorClosingListener());
+            pw.addStdOutListener(new AutoOkClosingListener());
+            pw.setWriter("NO\n");
+            ProcessResult p = pw.execute();
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    //browser do not support headless dialogues
+    //@Test
+    //@TestInBrowsers(testIn = Browsers.one)
+    public void appletAllPermAllSecurity() throws Exception{
+        server.getBrowserLocation();
+            ProcessResult p = server.executeBrowser("SandboxUnsignedMissing.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertTrue(p.stdout.contains(aok.getCondition()));
+            Assert.assertFalse(p.stderr.contains(aer.getCondition()));
+    }
+
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.html	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,42 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="blue">
+<p><applet code="SandboxUnsignedSandbox.class" archive="SandboxUnsignedSandbox.jar" codebase="." width="250" height="200">
+</applet></p>
+</body>
+</html>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedSandbox.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedSandbox</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedSandbox</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedSandbox.jar"/>
+    </resources>
+  <application-desc main-class="SandboxUnsignedSandbox">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+-->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedSandbox_applet.jnlp" codebase=".">
+    <information>
+        <title>SandboxUnsignedSandbox</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedSandbox</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedSandbox.jar"/>
+    </resources>
+    <applet-desc
+        documentBase="."
+        name="SandboxUnsignedSandbox"
+        main-class="SandboxUnsignedSandbox"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedSandbox_applet_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxSignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedSandbox</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedSandbox.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+  <applet-desc
+        documentBase="."
+        name="SandboxUnsignedSandbox"
+        main-class="SandboxUnsignedSandbox"
+        width="250"
+        height="200">
+    </applet-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_security.jnlp	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,56 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="SandboxUnsignedSandbox_security.jnlp" codebase=".">
+    <information>
+        <title>SandboxSignedMissing</title>
+        <vendor>IcedTea</vendor>
+        <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+        <description>SandboxUnsignedSandbox</description>
+        <offline/>
+    </information>
+    <resources>
+        <j2se version="1.4+"/>
+        <jar href="SandboxUnsignedSandbox.jar"/>
+    </resources>
+  <security>
+      <all-permissions/>
+  </security> 
+  <application-desc main-class="SandboxUnsignedSandbox">
+  </application-desc>
+</jnlp>
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/srcs/META-INF/MANIFEST.MF	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Permissions: sandbox
+

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/srcs/SandboxUnsignedSandbox.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,57 @@
+
+import java.applet.Applet;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedSandbox extends Applet {
+
+
+    @Override
+    public void init() {
+        confirm();
+    }
+
+    public static void main(String... s) {
+        confirm();
+    }
+
+    private static void confirm() {
+        System.out.println("*** applet running ***");
+        System.out.println(System.getProperty("user.home"));
+        System.out.println("*** APPLET FINISHED ***");
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/SandboxUnsignedSandbox/testcases/SandboxUnsignedSandboxTest.java	Mon Jul 13 17:19:00 2015 +0200
@@ -0,0 +1,116 @@
+
+import java.io.IOException;
+import java.util.Arrays;
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import static net.sourceforge.jnlp.browsertesting.BrowserTest.server;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.ManifestAttributesChecker;
+import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* AppletTest.java
+ Copyright (C) 2011 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+public class SandboxUnsignedSandboxTest extends BrowserTest {
+
+        private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier();
+        private static final StringBasedClosingListener aok = new AutoOkClosingListener();
+        private static final StringBasedClosingListener aer = new AutoErrorClosingListener();
+        private static final  String confirmation = "*** applet running ***";
+        
+        
+        @BeforeClass
+        public static void setDeploymentManifestPermissionReadingOnly() throws IOException{
+            dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString());
+        }
+        
+        @AfterClass
+        public static void restoreDeploymentProeprtiees() throws IOException{
+            dpm.restoreProperties();
+        }
+        
+    @Test
+    public void javawsAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox.jnlp");
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    @Test
+    public void javawsAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox_security.jnlp");
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+    @Test
+    public void javawsAppletAllPermNoSecurity() throws Exception{
+            ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxUnsignedSandbox_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange...
+    }
+    @Test
+    public void javawsAppletAllPermAllSecurity() throws Exception{
+            ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
+            Assert.assertFalse(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+    
+     @Test
+     @TestInBrowsers(testIn = Browsers.one)
+    public void appletAllPermAllSecurity() throws Exception{
+        server.getBrowserLocation();
+            ProcessResult p = server.executeBrowser("SandboxUnsignedSandbox.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+            Assert.assertTrue(p.stdout.contains(confirmation));
+            Assert.assertFalse(p.stdout.contains(aok.getCondition()));
+            Assert.assertTrue(p.stderr.contains(aer.getCondition()));
+    }
+
+
+}