Loading...

XML

Word

Printable

Type: Bug
Resolution: Not an Issue
Priority: P4
Fix Version/s: None
Affects Version/s: 1.2.2
Component/s: tools
Labels:
- webbug

Subcomponent:
appletviewer
CPU:

x86
OS:

windows_nt

Name: mc57594 Date: 06/24/99

Note:
This bug seems to be the same as the following two:
4152916 URLClassLoader.getPermissions doesn't work for "jar:file:..." URLs
4132547 AppletClassLoader is not granting enough permissions to file:/blah/foo.jar

Both of which have been closed as "fixed unverified".
I concur with that evaluation, since it is still a bug in 1.2.2.
Bug has been reproduced on Solaris.
-chamness
======================================
When I entitle an applet with extra rights (via security policy
file), it does not get those rights granted by appletviewer when
the class file that executes the privileged code is loaded from
a JAR file.

Everything is fine when I run the applet without the archive
parameter because the class file in the directory is loaded,
which will get correct permissions.

Ok, here's the reproduction :
-----------------------------
I have 4 files in a directory:
mypolicy - policyfile
fw.java - applet source
fw.class - applet bytecode
create.html - HTML page that loads applet
---------------------
D:\demo>type mypolicy
/* AUTOMATICALLY GENERATED ON Wed Jun 23 23:21:13 CDT 1999*/
/* DO NOT EDIT */

grant codeBase "file://create.html" {
  permission java.io.FilePermission "<<ALL FILES>>", "write";
};
------------------------
D:\demo>type create.html
<applet code="fw.class" archive="b.jar" height="200" width="400">
</applet>
--------------------
D:\demo>type fw.java
import java.applet.Applet;
import java.io.*;

public class fw extends Applet
{
    private FileWriter fw;

    public void init() {
        try {
            File file = new File("foo");
            fw = new FileWriter(file);
            fw.close();
            System.out.println("Success");
        }
        catch(IOException ioe) {
            System.out.println("I/O exception");
        }
        catch(SecurityException se) {
            System.out.println("Security exception");
        }
    }
}
--------------------------
Now let's do some stuff...
--------------------------------
D:\demo>appletviewer create.html
Security exception
------------------------------------------------------------------
D:\demo>appletviewer -J-Djava.security.policy=mypolicy create.html
Success
------------------------------
D:\demo>jar cvf b.jar fw.class
added manifest
adding: fw.class (in=774) (out=488) (deflated 36%)
--------------------------------
D:\demo>appletviewer create.html
Security exception
------------------------------------------------------------------
D:\demo>appletviewer -J-Djava.security.policy=mypolicy create.html
Security exception
--------------------------------------------------------------------------

While the first security exception is expected (no policy file)
the last certainly isn't ! Running with the -D switch succeeds
in writing the file as it should in the second example. Why not
in the last ?

I checked the bugparade before submitting this as a new bug and
found that the issue maybe related to bugs #4123421, #4214785.

System:
NT 4.0 SP4, P-II 400, 256 MB
Using JDK 1.2
D:\demo>java -version
java version "1.2.1"
HotSpot VM (1.0fcs, mixed mode, build E)
D:\demo>java -fullversion
java full version "JDK-1.2.1-A"
(Review ID: 84769)
======================================================================

relates to

JDK-4408538 V1.3.0_01 appletviewer fails to load class from JAR/UNC Path; plugin DOES work

Closed

JDK-4152916 URLClassLoader.getPermissions doesn't work for "jar:file:..." URLs

Closed

Assignee:: Dmitry Cherepanov

Reporter:: Mark Chamness (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 1999-06-24 14:12

Updated:: 2006-05-16 00:45

Resolved:: 2006-05-16 00:45

Imported:: 15/Sep/12 12:10 PM

Indexed:: 17/Jul/12 9:52 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates