bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

There is no hook to determine when a call from JS into Java has finished

RESOLVED INCOMPLETE

Status

Core Graveyard
Java: Live Connect
RESOLVED INCOMPLETE
17 years ago
7 years ago

People

(Reporter: Timothy J. Wood, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
The map_js_context_to_jsj_thread hook can be used to determine that a 
call from JS into Java is beginning, but there is currently no hook that lets 
the embedding application know that the call has finished.

This is important if you want to implement a security policy correctly.  For 
example, if I evaluate the script:

var file = new java.io.File("/tmp/foo");
file.createNewFile();

then when the SecurityManager/AccessController tries to determine 
whether this is valid, it only has the following stack to work from:

java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1005)
        at 
java.security.AccessControlContext.checkPermission(AccessControlCont
ext.java:230)
        at 
java.security.AccessController.checkPermission(AccessController.java:3
99)
        at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
        at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
        at java.io.File.createNewFile(File.java:692)


  Since netscape.javascript.JSObject doesn't appear on the stack, 
permission is granted.

  I would like to get notified of entrance and exit of calls from JavaScript to 
Java so that I can amend the class stack context here to include the copy 
of netscape.javascript.JSObject for the class loader attached to this 
window.

  It doesn't really seem right to use the map_js_context_to_jsj_thread for 
entrance notification either since that might not get called if 
jsj_SetJavaJSJEnv() has been called.

  There really need to be two additional hooks:

void (*enter_java_from_js)(JNIEnv *, JSContext *, unsigned int depth);
void (*exit_java_from_js)(JNIEnv *, JSContext *, unsigned int depth);

  This would mirror the enter_js_from_java and exit_js hooks and would 
involve only trivial changes to jsj_EnterJava and jsj_ExitJava (and using 
two of the reserved slots in the callback struct).

  Please advise if this is OK and if so I'll submit a patch.

Comment 1

17 years ago
Formally confirming bug. Reassigning to Patrick; cc'ing Brendan, rogerl,
and mstoltz  for consideration of this issue.
Assignee: rogerl → beard
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

12 years ago
-> default assignee for old netscape assigned bugs.
Assignee: beard → live-connect

Updated

8 years ago
Component: Java: Live Connect → Java: Live Connect
Product: Core → Core Graveyard

Comment 3

7 years ago
Firefox code moved from custom Liveconnect code to the NPAPI/NPRuntime bridge a while back. Mass-closing the bugs in the liveconnect component which are likely invalid. If you believe that this bug is still relevant to modern versions of Firefox, please reopen it and move it the "Core" product, component "Plug-Ins".
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.