P2
getResource() in the following applet is returning a valid URL in Beta3 Build G.
In beta2, it returned null as expected. This has a security implications.
This is a test from the appletattack test suite.
import java.awt.*;
import java.util.*;
import java.applet.*;
import java.io.*;
import java.net.URL;
public class GetResourceTest extends Applet {
public void paint(Graphics g) {
g.drawString("This a test Satya", 25, 25);
String str = "/home/satyad/tmp/tst/loading-msg.gif";
boolean caught = false;
try {
URL url = this.getClass().getResource(str);
if (url == null) {
caught = true;
}
else {
Object obj = url.getContent();
g.drawImage((Image)obj, 0, 0, this);
}
} catch (Exception e) {
e.printStackTrace();
}
if (caught) {
throw new SecurityException("Caught security exception getting resource
named: " + str);
}
}
}
BETA 2 Output:
/usr/local/java/jdk1.2beta2/solaris/bin/appletviewer http://javaweb.eng/~satyad/beta3test/test.html
Exception occurred during event dispatching:
java.lang.SecurityException: Caught security exception getting resource named: /home/satyad/tmp/tst/loading-msg.gif
at GetResourceTest.paint(GetResourceTest.java:31)
at java.awt.Component.dispatchEventImpl(Component.java:1865)
at java.awt.Container.dispatchEventImpl(Container.java:934)
at java.awt.Component.dispatchEvent(Component.java:1824)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:160)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
BETA3 output:
appletviewer http://javaweb.eng/~satyad/beta3test/test.html
java.lang.ClassCastException: sun.net.www.MeteredStream
at GetResourceTest.paint(GetResourceTest.java:24)
at java.awt.Component.dispatchEventImpl(Component.java:1997)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
edward.jucevic@eng 1998-06-15
This is still apparent in JDK1.2beta4-I. This is affecting the b5 application SAP.
In beta2, it returned null as expected. This has a security implications.
This is a test from the appletattack test suite.
import java.awt.*;
import java.util.*;
import java.applet.*;
import java.io.*;
import java.net.URL;
public class GetResourceTest extends Applet {
public void paint(Graphics g) {
g.drawString("This a test Satya", 25, 25);
String str = "/home/satyad/tmp/tst/loading-msg.gif";
boolean caught = false;
try {
URL url = this.getClass().getResource(str);
if (url == null) {
caught = true;
}
else {
Object obj = url.getContent();
g.drawImage((Image)obj, 0, 0, this);
}
} catch (Exception e) {
e.printStackTrace();
}
if (caught) {
throw new SecurityException("Caught security exception getting resource
named: " + str);
}
}
}
BETA 2 Output:
/usr/local/java/jdk1.2beta2/solaris/bin/appletviewer http://javaweb.eng/~satyad/beta3test/test.html
Exception occurred during event dispatching:
java.lang.SecurityException: Caught security exception getting resource named: /home/satyad/tmp/tst/loading-msg.gif
at GetResourceTest.paint(GetResourceTest.java:31)
at java.awt.Component.dispatchEventImpl(Component.java:1865)
at java.awt.Container.dispatchEventImpl(Container.java:934)
at java.awt.Component.dispatchEvent(Component.java:1824)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:160)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
BETA3 output:
appletviewer http://javaweb.eng/~satyad/beta3test/test.html
java.lang.ClassCastException: sun.net.www.MeteredStream
at GetResourceTest.paint(GetResourceTest.java:24)
at java.awt.Component.dispatchEventImpl(Component.java:1997)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
edward.jucevic@eng 1998-06-15
This is still apparent in JDK1.2beta4-I. This is affecting the b5 application SAP.