This has indeed changed… From the documentation
http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html
For sandbox RIAs,
URLPermission
is now used to allow connections back to the server from which they were started.URLPermissions
is granted based on protocol, host and port of the code source. This change has the following implications:
- For sandbox RIAs,
SocketPermissions
for the origin host is no longer granted. Calls from JavaScript code to the RIA are not grantedSocketPermissions
beginning with JDK 8.…
In other words, you cannot create a new Socket
in a sandbox anymore. You can only create a URL
using the same host, same port, and same protocol as the codebase from a fully sandboxed applet then.
Unless Oracle changes its mind, there is no way for a sandboxed applet to get around this (otherwise it would render the entire security concept broken).