Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4112386

getResource() is returning valid URL from an applet.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P2 P2
    • 1.2.0
    • 1.2.0
    • core-libs
    • 1.2beta3
    • generic
    • solaris_2.5.1
    • Not verified

      getResource() in the following applet is returning a valid URL in Beta3 Build G.
      In beta2, it returned null as expected. This has a security implications.
      This is a test from the appletattack test suite.

      import java.awt.*;
      import java.util.*;
      import java.applet.*;
      import java.io.*;
      import java.net.URL;

      public class GetResourceTest extends Applet {

          public void paint(Graphics g) {

            g.drawString("This a test Satya", 25, 25);

            String str = "/home/satyad/tmp/tst/loading-msg.gif";
            boolean caught = false;

            try {

              URL url = this.getClass().getResource(str);
              if (url == null) {
                caught = true;
              }
              else {
                Object obj = url.getContent();
                g.drawImage((Image)obj, 0, 0, this);
              }
            } catch (Exception e) {
              e.printStackTrace();
            }

            if (caught) {
              throw new SecurityException("Caught security exception getting resource
      named: " + str);
            }
          }
      }

      BETA 2 Output:

      /usr/local/java/jdk1.2beta2/solaris/bin/appletviewer http://javaweb.eng/~satyad/beta3test/test.html
      Exception occurred during event dispatching:
      java.lang.SecurityException: Caught security exception getting resource named: /home/satyad/tmp/tst/loading-msg.gif
              at GetResourceTest.paint(GetResourceTest.java:31)
              at java.awt.Component.dispatchEventImpl(Component.java:1865)
              at java.awt.Container.dispatchEventImpl(Container.java:934)
              at java.awt.Component.dispatchEvent(Component.java:1824)
              at java.awt.EventQueue.dispatchEvent(EventQueue.java:160)
              at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
      BETA3 output:

      appletviewer http://javaweb.eng/~satyad/beta3test/test.html

      java.lang.ClassCastException: sun.net.www.MeteredStream
              at GetResourceTest.paint(GetResourceTest.java:24)
              at java.awt.Component.dispatchEventImpl(Component.java:1997)
              at java.awt.Container.dispatchEventImpl(Container.java:912)
              at java.awt.Component.dispatchEvent(Component.java:1951)
              at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
              at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)


      edward.jucevic@eng 1998-06-15
      This is still apparent in JDK1.2beta4-I. This is affecting the b5 application SAP.

            michaelm Michael McMahon
            sndodda Satya Dodda
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: