Closed Bug 126535 Opened 23 years ago Closed 11 years ago

[OSX] security exception when trying to load redirect urls via java

Categories

(Core Graveyard :: Java: OJI, defect, P3)

Product:
Core Graveyard
Component:
Java: OJI
Platform:
PowerPC
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE
Milestone:
Future

People

(Reporter: mozilla, Assigned: peterl-bugs)

References

Details

using an applet(signed, given net permissions) that called to an url to get an
image, where the url is a redirect, we get a security exception and fail to load
the image. here is the stack trace of the exception:

java.lang.SecurityException
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:583)
	at java.lang.SecurityManager.checkConnect(SecurityManager.java:1092)
	at sun.awt.image.URLImageSource.checkSecurity(URLImageSource.java:84)
	at sun.awt.image.ImageRepresentation.imageComplete(ImageRepresentation.java:722)
	at
sun.awt.image.InputStreamImageSource.errorConsumer(InputStreamImageSource.java:134)
	at sun.awt.image.InputStreamImageSource.setDecoder(InputStreamImageSource.java:330)
	at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:255)
	at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:217)
	at sun.awt.image.ImageFetcher.run(ImageFetcher.java:185)

there is a similar exception during a call to Image.flush(), although I don't
have a stack from that handy.

I can post a sample applet here if needed.
Joe, is this a security feature (i.e., by design) or a bug? In either case, what
would be the workaround?
After some more digging, what I am seeing is not a problem with redirects, those
seem to be ok, it is perhaps with the fact that the url is from a different
website than the applet. But I thought that with all permissions granted it
would be ok. going to do some more digging...
It appears the problem may not be the redirection, but the use of cookies by
double click to get permission. The headers from the link marek posted come back
as follows:

HTTP/1.0 302 Moved Temporarily
Content-Length: 0
Date: Thu, 21 Feb 2002 22:52:42 GMT
Location: http://m.doubleclick.net/viewad/722389/1-468_mechanic.gif
Cache-Control: private, max-age=0, no-cache
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net;
expires=Thu, 21 Feb 2002 23:07:42 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC
NOI DSP COR"

Note the Set-Cookie and the CheckForPermission with a domain of .doubleclick.net

I'm going to run a test and see if giving doubleclick.net permissions will make
this problem go away.
Nope. Gave codeBase "http://www.doubleclick.net/" permissions and the security
check is still failing.
Mac bug, re-assign to Patrick.
Assignee: joe.chou → beard
QA Contact: pmac → petersen
-->peterl
Assignee: beard → peterl
Depends on: 135840
Summary: security exception when trying to load redirect urls via java → [OSX] security exception when trying to load redirect urls via java
Priority: -- → P3
Target Milestone: --- → Future
Product: Core → Core Graveyard
Mass-closing bugs in the "OJI" component: OJI plugin integration was replaced with npruntime long ago, and these bugs appear to be irrelevant now. If there is in fact a real bug that remains, please file it new in the "Core" product, component "Plug-ins".
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.