Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4220645

JEditorPane c-tor throws SecurityException

XMLWordPrintable

    • generic, sparc
    • solaris_2.5.1, solaris_2.6



      Name: akC57697 Date: 03/16/99




      The JEditorPane c-tor contradicts the javadoc. It throws
      SecurityException instead of documented IOException.

      javadoc states:

      "
      JEditorPane

      public JEditorPane(String url)
                  throws IOException

           Creates a JEditorPane based on a string containing a URL specification.
           Parameters:
               url - the URL
           Throws:
               IOException - if the URL is null or cannot be accessed <--!!!!

      "

      ----------------------8-<--------------------
      public class Test {
          public static void main(String argv[]) {
              SecurityManager sm = new SecurityManager();
              System.setSecurityManager(sm);
              try {
                  new javax.swing.JEditorPane("http://www.sun.com/index.html");
              } catch (Exception e) {
                  e.printStackTrace();
                  return;
              }
              System.out.println("OKAY");
          }
      }

      ----------------------8-<--------------------

      -------------------Output--------------------
      (###@###.###): java Test

      java.security.AccessControlException: access denied (java.lang.RuntimePermission setFactory )
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java, Compiled Code)
      at java.security.AccessController.checkPermission(AccessController.java, Compiled Code)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java, Compiled Code)
      at java.lang.SecurityManager.checkSetFactory(SecurityManager.java, Compiled Code)
      at java.net.HttpURLConnection.setFollowRedirects(HttpURLConnection.java, Compiled Code)
      at javax.swing.JEditorPane.getStream(JEditorPane.java, Compiled Code)
      at javax.swing.JEditorPane.setPage(JEditorPane.java, Compiled Code)
      at javax.swing.JEditorPane.setPage(JEditorPane.java, Compiled Code)
      at javax.swing.JEditorPane.<init>(JEditorPane.java, Compiled Code)
      at Test.main(Test.java, Compiled Code)


      java full version "JDK-1.2.1-K"

      ======================================================================

      ======================================================================

      This description is essentially incorrect. The problem is not that the
      contructor can throw a security exception, which as a runtime exception
      wouldn't be listed anyway. The underlying problem is that the
      JEditorPane.setPage() method in 1.2.x now calls setFollowRedirects()
      on the URL without putting that call in a doPrivileged() block.
      This prevents any unprivileged code -- e.g. any applet -- from using a
      JEditorPane in 1.2.2 (at least from 1.2.1-K through 1.2.2-pu).

      This should be considered a regression from 1.2, where such code worked.

      scott.oaks@East 1999-06-24

            rupashka Pavel Porvatov (Inactive)
            akuzminorcl Alexander Kuzmin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: