Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8304079 | jfx17.0.7 | Johan Vos | P4 | Resolved | Fixed |
Description
When running in a secure context, trying to open the ColorChooser control from a WebView control fails.
To reproduce: Run the attached test with a secure context using the attached security policy (-Djava.security.manager -Djava.security.policy=java.policy), and press the button to open the ChooseColor control. It doesn't show and the following exception is thrown:
Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:/~/.m2/repository/org/openjfx/javafx-controls/20-ea+11/javafx-controls-20-ea+11-mac-aarch64.jar!/com/sun/javafx/scene/control/skin/modena/pattern-transparent.png" "read")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:756)
at java.base/java.io.File.exists(File.java:829)
at javafx.graphics@20-ea/javafx.scene.image.Image.validateUrl(Image.java:1130)
at javafx.graphics@20-ea/javafx.scene.image.Image.<init>(Image.java:628)
at javafx.graphics@20-ea/com.sun.javafx.css.StyleManager$ImageCache.getCachedImage(StyleManager.java:770)
at javafx.graphics@20-ea/com.sun.javafx.css.StyleManager.getCachedImage(StyleManager.java:846)
at javafx.graphics@20-ea/javafx.scene.layout.BackgroundConverter.convert(BackgroundConverter.java:97)
at javafx.graphics@20-ea/javafx.scene.layout.BackgroundConverter.convert(BackgroundConverter.java:42)
at javafx.graphics@20-ea/javafx.scene.CssStyleHelper.lookup(CssStyleHelper.java:1144)
at javafx.graphics@20-ea/javafx.scene.CssStyleHelper.transitionToState(CssStyleHelper.java:858)
at javafx.graphics@20-ea/javafx.scene.Node.doProcessCSS(Node.java:9723)
at javafx.graphics@20-ea/javafx.scene.Node$1.doProcessCSS(Node.java:482)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSSImpl(NodeHelper.java:194)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.superProcessCSSImpl(ParentHelper.java:93)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.superProcessCSS(ParentHelper.java:63)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1370)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1401)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1401)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Node.processCSS(Node.java:9605)
at javafx.graphics@20-ea/javafx.scene.Scene.doCSSPass(Scene.java:587)
at javafx.graphics@20-ea/javafx.scene.Scene.preferredSize(Scene.java:1786)
at javafx.graphics@20-ea/javafx.scene.Scene$2.preferredSize(Scene.java:411)
at javafx.graphics@20-ea/com.sun.javafx.scene.SceneHelper.preferredSize(SceneHelper.java:65)
at javafx.graphics@20-ea/javafx.stage.Window$12.invalidated(Window.java:1163)
at javafx.base@20-ea/javafx.beans.property.BooleanPropertyBase.markInvalid(BooleanPropertyBase.java:110)
at javafx.base@20-ea/javafx.beans.property.BooleanPropertyBase.set(BooleanPropertyBase.java:145)
at javafx.graphics@20-ea/javafx.stage.Window.setShowing(Window.java:1239)
at javafx.graphics@20-ea/javafx.stage.Window.show(Window.java:1254)
at javafx.graphics@20-ea/javafx.stage.Stage.show(Stage.java:277)
at javafx.controls@20-ea/com.sun.javafx.scene.control.CustomColorDialog.show(CustomColorDialog.java:198)
at javafx.web@20-ea/com.sun.webkit.ColorChooser.<init>(ColorChooser.java:66)
at javafx.web@20-ea/com.sun.webkit.ColorChooser.fwkCreateAndShowColorChooser(ColorChooser.java:70)
The exception points to: javafx.graphics@20-ea/javafx.scene.image.Image.validateUrl(Image.java:1130)
The check
if (new File(url).exists()) { } // line 1130
was added inJDK-8267551, by this commit:
https://github.com/openjdk/jfx/pull/508/files#diff-0d427794abc3bdc37d53c1e4abfe9dbaac32f2ba104087f035399d9e60cc30ecR1127
Therefore ColorChooser works up until JavaFX 16 and 17-ea+12, and fails since 17 (starting 17-ea+13).
In fact, this issue can be reproduced with any control that uses bundled resources, like the HTMLEditor control for instance.
There might be other places where the same exception is thrown, like com.sun.javafx.iio.common.ImageTools::createInputStream.
For now, the workaround to make this work is to allow file permissions, like:
permission java.io.FilePermission "jar:file:/${user.home}/.m2/repository/org/openjfx/-", "read";
To reproduce: Run the attached test with a secure context using the attached security policy (-Djava.security.manager -Djava.security.policy=java.policy), and press the button to open the ChooseColor control. It doesn't show and the following exception is thrown:
Exception in thread "JavaFX Application Thread" java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:/~/.m2/repository/org/openjfx/javafx-controls/20-ea+11/javafx-controls-20-ea+11-mac-aarch64.jar!/com/sun/javafx/scene/control/skin/modena/pattern-transparent.png" "read")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:756)
at java.base/java.io.File.exists(File.java:829)
at javafx.graphics@20-ea/javafx.scene.image.Image.validateUrl(Image.java:1130)
at javafx.graphics@20-ea/javafx.scene.image.Image.<init>(Image.java:628)
at javafx.graphics@20-ea/com.sun.javafx.css.StyleManager$ImageCache.getCachedImage(StyleManager.java:770)
at javafx.graphics@20-ea/com.sun.javafx.css.StyleManager.getCachedImage(StyleManager.java:846)
at javafx.graphics@20-ea/javafx.scene.layout.BackgroundConverter.convert(BackgroundConverter.java:97)
at javafx.graphics@20-ea/javafx.scene.layout.BackgroundConverter.convert(BackgroundConverter.java:42)
at javafx.graphics@20-ea/javafx.scene.CssStyleHelper.lookup(CssStyleHelper.java:1144)
at javafx.graphics@20-ea/javafx.scene.CssStyleHelper.transitionToState(CssStyleHelper.java:858)
at javafx.graphics@20-ea/javafx.scene.Node.doProcessCSS(Node.java:9723)
at javafx.graphics@20-ea/javafx.scene.Node$1.doProcessCSS(Node.java:482)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSSImpl(NodeHelper.java:194)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.superProcessCSSImpl(ParentHelper.java:93)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.superProcessCSS(ParentHelper.java:63)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1370)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1401)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Parent.doProcessCSS(Parent.java:1401)
at javafx.graphics@20-ea/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics@20-ea/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics@20-ea/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:147)
at javafx.graphics@20-ea/javafx.scene.Node.processCSS(Node.java:9605)
at javafx.graphics@20-ea/javafx.scene.Scene.doCSSPass(Scene.java:587)
at javafx.graphics@20-ea/javafx.scene.Scene.preferredSize(Scene.java:1786)
at javafx.graphics@20-ea/javafx.scene.Scene$2.preferredSize(Scene.java:411)
at javafx.graphics@20-ea/com.sun.javafx.scene.SceneHelper.preferredSize(SceneHelper.java:65)
at javafx.graphics@20-ea/javafx.stage.Window$12.invalidated(Window.java:1163)
at javafx.base@20-ea/javafx.beans.property.BooleanPropertyBase.markInvalid(BooleanPropertyBase.java:110)
at javafx.base@20-ea/javafx.beans.property.BooleanPropertyBase.set(BooleanPropertyBase.java:145)
at javafx.graphics@20-ea/javafx.stage.Window.setShowing(Window.java:1239)
at javafx.graphics@20-ea/javafx.stage.Window.show(Window.java:1254)
at javafx.graphics@20-ea/javafx.stage.Stage.show(Stage.java:277)
at javafx.controls@20-ea/com.sun.javafx.scene.control.CustomColorDialog.show(CustomColorDialog.java:198)
at javafx.web@20-ea/com.sun.webkit.ColorChooser.<init>(ColorChooser.java:66)
at javafx.web@20-ea/com.sun.webkit.ColorChooser.fwkCreateAndShowColorChooser(ColorChooser.java:70)
The exception points to: javafx.graphics@20-ea/javafx.scene.image.Image.validateUrl(Image.java:1130)
The check
if (new File(url).exists()) { } // line 1130
was added in
https://github.com/openjdk/jfx/pull/508/files#diff-0d427794abc3bdc37d53c1e4abfe9dbaac32f2ba104087f035399d9e60cc30ecR1127
Therefore ColorChooser works up until JavaFX 16 and 17-ea+12, and fails since 17 (starting 17-ea+13).
In fact, this issue can be reproduced with any control that uses bundled resources, like the HTMLEditor control for instance.
There might be other places where the same exception is thrown, like com.sun.javafx.iio.common.ImageTools::createInputStream.
For now, the workaround to make this work is to allow file permissions, like:
permission java.io.FilePermission "jar:file:/${user.home}/.m2/repository/org/openjfx/-", "read";
Attachments
Issue Links
- backported by
-
JDK-8304079 WebView's ColorChooser fails to initialize when running in security context
-
- Resolved
-
