Closed
Bug 126535
Opened 23 years ago
Closed 11 years ago
[OSX] security exception when trying to load redirect urls via java
Categories
(Core Graveyard :: Java: OJI, defect, P3)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
Future
People
(Reporter: mozilla, Assigned: peterl-bugs)
References
Details
using an applet(signed, given net permissions) that called to an url to get an image, where the url is a redirect, we get a security exception and fail to load the image. here is the stack trace of the exception: java.lang.SecurityException at java.lang.SecurityManager.checkPermission(SecurityManager.java:583) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1092) at sun.awt.image.URLImageSource.checkSecurity(URLImageSource.java:84) at sun.awt.image.ImageRepresentation.imageComplete(ImageRepresentation.java:722) at sun.awt.image.InputStreamImageSource.errorConsumer(InputStreamImageSource.java:134) at sun.awt.image.InputStreamImageSource.setDecoder(InputStreamImageSource.java:330) at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:255) at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:217) at sun.awt.image.ImageFetcher.run(ImageFetcher.java:185) there is a similar exception during a call to Image.flush(), although I don't have a stack from that handy. I can post a sample applet here if needed.
Comment 1•23 years ago
|
||
Joe, is this a security feature (i.e., by design) or a bug? In either case, what would be the workaround?
Reporter | ||
Comment 2•23 years ago
|
||
After some more digging, what I am seeing is not a problem with redirects, those seem to be ok, it is perhaps with the fact that the url is from a different website than the applet. But I thought that with all permissions granted it would be ok. going to do some more digging...
Comment 3•23 years ago
|
||
sample URL causing problem http://ad.doubleclick.net/ad/N2885.CompuServeservice/B949755;sz=468x60;dcove=r;ord=1731190501192002.02.20.01.35.02
Reporter | ||
Comment 4•23 years ago
|
||
It appears the problem may not be the redirection, but the use of cookies by double click to get permission. The headers from the link marek posted come back as follows: HTTP/1.0 302 Moved Temporarily Content-Length: 0 Date: Thu, 21 Feb 2002 22:52:42 GMT Location: http://m.doubleclick.net/viewad/722389/1-468_mechanic.gif Cache-Control: private, max-age=0, no-cache Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Thu, 21 Feb 2002 23:07:42 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Note the Set-Cookie and the CheckForPermission with a domain of .doubleclick.net I'm going to run a test and see if giving doubleclick.net permissions will make this problem go away.
Reporter | ||
Comment 5•23 years ago
|
||
Nope. Gave codeBase "http://www.doubleclick.net/" permissions and the security check is still failing.
Comment 7•22 years ago
|
||
-->peterl
Assignee: beard → peterl
Depends on: 135840
Summary: security exception when trying to load redirect urls via java → [OSX] security exception when trying to load redirect urls via java
Updated•22 years ago
|
Priority: -- → P3
Target Milestone: --- → Future
Comment 8•11 years ago
|
||
Mass-closing bugs in the "OJI" component: OJI plugin integration was replaced with npruntime long ago, and these bugs appear to be irrelevant now. If there is in fact a real bug that remains, please file it new in the "Core" product, component "Plug-ins".
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•