Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4290757

Image fetching throws SecurityException with redirected URL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: P4 P4
    • None
    • 1.2.2
    • security-libs



      Name: mc57594 Date: 11/11/99


      Fetching an image from a URL via Toolkit.getDefaultToolkit().getImage() ends up throwing a SecurityException in the image fetching code if the URL for the image does a redirect.

      The problem appears to be that sun.awt.image.ImageRepresentation.imageComplete() calls sun.awt.image.URLImageSource.checkSecurity(null, false) which calls SecurityManager.checkConnect with the null context and SecurityManager.checkConnect always throws an exception if context is null.

      Compile the attached Java app and run it as follows with the attached policy file and URL (which does a redirect):

      java -Djava.security.policy=policy LoadImage http://ad.doubleclick.net/ad/N541.ups.cnet/B6954.2;sz=468x60;sc=cnetfx;ord=1999.10.06.08.38.19?


      Here is LoadImage.java:

      import java.awt.*;
      import java.net.*;
      public class LoadImage extends Frame {
      Image m_img;
      public static void main(String args[]) throws Exception {
      System.setSecurityManager(new SecurityManager());
      URL url = new URL(args[0]);
      System.out.println(url.getHost());
      Image img = Toolkit.getDefaultToolkit().getImage(url);
      System.out.println(img);
      Frame frm = new LoadImage(img);
      frm.setSize(200, 200);
      frm.setVisible(true);
      System.out.println("done");
      }
      LoadImage(Image img) {
      m_img = img;
      }
      public void paint(Graphics g) {
      g.drawImage(m_img, 5, 20, this);
      }
      }



      Here is the policy file "policy":

      grant {
      permission java.net.SocketPermission "ad.doubleclick.net", "connect, accept, listen, resolve";
      permission java.net.SocketPermission "m.doubleclick.net", "connect, accept, listen, resolve";
      };


      Here is the exception:

      Uncaught error fetching image:
      java.lang.SecurityException
              at java.lang.SecurityManager.checkConnect(SecurityManager.java:1073)
              at sun.awt.image.URLImageSource.checkSecurity(URLImageSource.java:91)
              at sun.awt.image.ImageRepresentation.imageComplete(ImageRepresentation.java:551)
              at sun.awt.image.InputStreamImageSource.errorConsumer(InputStreamImageSource.java:138)
              at sun.awt.image.InputStreamImageSource.setDecoder(InputStreamImageSource.java:321)
              at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:246)
              at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:221)
              at sun.awt.image.ImageFetcher.run(ImageFetcher.java:189)
      (Review ID: 96368)
      ======================================================================

            claisunw Charlie Lai (Inactive)
            mchamnessunw Mark Chamness (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: