P4
Name: gm110360 Date: 01/22/2004
FULL PRODUCT VERSION :
Windows:
java version "1.4.2_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_01-b06)
Java HotSpot(TM) Client VM (build 1.4.2_01-b06, mixed mode)
FULL OS VERSION :
RedHat Linux 9 (I cannot boot into it right now to get the version)
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Netscape 7.01
A DESCRIPTION OF THE PROBLEM :
I have an jar file for a Java applet that is installed into the lib/ext
directory of the jre. Trying to access the public methods of the Applet via
JavaScript produces an OriginNotAllowedException:
The bug has also been entered much earlier in Mozilla's bug database as http://bugzilla.mozilla.org/show_bug.cgi?id=178359; but there has been no progress there.
This works as we would like in Internet Explorer using Java 2. It is a bug because we have a signed applet that is installed and so it should have no security issues.
We have been using this technique of installing a signed applet and then using JavaScript to manipulate it in several releases of our product (http://www.mapguide.com). We are now trying to utilize the Java 2 support available in browsers, however this problem severly limits the functionality of our product.
We will not be able to support a Linux version of our product until this problem is resolved.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Steps to Reproduce:
1.MyApplet.html - make this page available via a web server so that it can be
accessed as http://localhost/MyApplet.html or something like that (the problem
doesn't happen when the page is opened as a local file)
2.Put the MyApplet.jar file into the lib/ext directory of the JRE (e.g.,
c:/J2SDK1.4.1_01/jre/lib/ext). If I cannot attach the MyApplet.jar to this report then you will have to create it by compiling MyApplet.java and then creating a jar file from the class.
3.Open http://localhost/MyApplet.html (or whatever is required to open the page from step 1).
4. Press the Make Red button.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No exception and the screen should have turned red. You can see the expected
behavior by putting the MyApplet.jar file in the same directory as the
MyApplet.html directory; and deleting the MyApplet.jar file from the lib/ext
directory.
ACTUAL -
A OriginNotAllowedException is reported in the Java Console.
Although the attached applet is not signed, our signed applet also exhibits this problem.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code, caller=http://localhost, callee=file:/C:/Program%20Files/Java/j2re1.4.2_01/lib/ext/MyApplet.jar
at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$000(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$300(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$CallMethodThread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
MyApplet.html:
<html>
<body>
<script>
function redify() {
document.applet.makeRed();
}
</script>
<applet code=MyApplet name="applet" archive=MyApplet.jar width=640 height=480>
</applet>
<br>
<input type=button value="Make red" onclick=redify()>
</body>
<html>
MyApplet.java:
import java.awt.*;
import java.applet.*;
import java.net.*;
public class MyApplet extends Applet {
private Color background = Color.blue;
public void paint(Graphics g) {
super.paint(g);
Dimension dim = getSize();
System.out.println(background);
g.setColor(background);
g.fillRect(0,0,dim.width,dim.height);
}
/** API: intended to be called via JavaScript */
public void makeRed() {
background = Color.red;
repaint();
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The Applet jar file could be downloaded from the website of the HTML page, but since our real one is 2Mb in size, this will not be acceptable. Especially when the laptop is connected using a wireless 1X or GPRS network where the user has to pay by the byte.
(Incident Review ID: 216278)
======================================================================
FULL PRODUCT VERSION :
Windows:
java version "1.4.2_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_01-b06)
Java HotSpot(TM) Client VM (build 1.4.2_01-b06, mixed mode)
FULL OS VERSION :
RedHat Linux 9 (I cannot boot into it right now to get the version)
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Netscape 7.01
A DESCRIPTION OF THE PROBLEM :
I have an jar file for a Java applet that is installed into the lib/ext
directory of the jre. Trying to access the public methods of the Applet via
JavaScript produces an OriginNotAllowedException:
The bug has also been entered much earlier in Mozilla's bug database as http://bugzilla.mozilla.org/show_bug.cgi?id=178359; but there has been no progress there.
This works as we would like in Internet Explorer using Java 2. It is a bug because we have a signed applet that is installed and so it should have no security issues.
We have been using this technique of installing a signed applet and then using JavaScript to manipulate it in several releases of our product (http://www.mapguide.com). We are now trying to utilize the Java 2 support available in browsers, however this problem severly limits the functionality of our product.
We will not be able to support a Linux version of our product until this problem is resolved.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Steps to Reproduce:
1.MyApplet.html - make this page available via a web server so that it can be
accessed as http://localhost/MyApplet.html or something like that (the problem
doesn't happen when the page is opened as a local file)
2.Put the MyApplet.jar file into the lib/ext directory of the JRE (e.g.,
c:/J2SDK1.4.1_01/jre/lib/ext). If I cannot attach the MyApplet.jar to this report then you will have to create it by compiling MyApplet.java and then creating a jar file from the class.
3.Open http://localhost/MyApplet.html (or whatever is required to open the page from step 1).
4. Press the Make Red button.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No exception and the screen should have turned red. You can see the expected
behavior by putting the MyApplet.jar file in the same directory as the
MyApplet.html directory; and deleting the MyApplet.jar file from the lib/ext
directory.
ACTUAL -
A OriginNotAllowedException is reported in the Java Console.
Although the attached applet is not signed, our signed applet also exhibits this problem.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code, caller=http://localhost, callee=file:/C:/Program%20Files/Java/j2re1.4.2_01/lib/ext/MyApplet.jar
at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$000(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$300(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$CallMethodThread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
MyApplet.html:
<html>
<body>
<script>
function redify() {
document.applet.makeRed();
}
</script>
<applet code=MyApplet name="applet" archive=MyApplet.jar width=640 height=480>
</applet>
<br>
<input type=button value="Make red" onclick=redify()>
</body>
<html>
MyApplet.java:
import java.awt.*;
import java.applet.*;
import java.net.*;
public class MyApplet extends Applet {
private Color background = Color.blue;
public void paint(Graphics g) {
super.paint(g);
Dimension dim = getSize();
System.out.println(background);
g.setColor(background);
g.fillRect(0,0,dim.width,dim.height);
}
/** API: intended to be called via JavaScript */
public void makeRed() {
background = Color.red;
repaint();
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The Applet jar file could be downloaded from the website of the HTML page, but since our real one is 2Mb in size, this will not be acceptable. Especially when the laptop is connected using a wireless 1X or GPRS network where the user has to pay by the byte.
(Incident Review ID: 216278)
======================================================================
- duplicates
-
JDK-4857726 Problems with Java to JavaScript communication in Netscape 6 & 7
-
- Closed
-