Closed Bug 126535 Opened 23 years ago Closed 12 years ago

[OSX] security exception when trying to load redirect urls via java

Categories

(Core Graveyard :: Java: OJI, defect, P3)

Product:
Core Graveyard
Component:
Java: OJI
Platform:
PowerPC
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE
Milestone:
Future

People

(Reporter: mozilla, Assigned: peterl-bugs)

References

Details

using an applet(signed, given net permissions) that called to an url to get an image, where the url is a redirect, we get a security exception and fail to load the image. here is the stack trace of the exception: java.lang.SecurityException at java.lang.SecurityManager.checkPermission(SecurityManager.java:583) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1092) at sun.awt.image.URLImageSource.checkSecurity(URLImageSource.java:84) at sun.awt.image.ImageRepresentation.imageComplete(ImageRepresentation.java:722) at sun.awt.image.InputStreamImageSource.errorConsumer(InputStreamImageSource.java:134) at sun.awt.image.InputStreamImageSource.setDecoder(InputStreamImageSource.java:330) at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:255) at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:217) at sun.awt.image.ImageFetcher.run(ImageFetcher.java:185) there is a similar exception during a call to Image.flush(), although I don't have a stack from that handy. I can post a sample applet here if needed.
Joe, is this a security feature (i.e., by design) or a bug? In either case, what would be the workaround?
After some more digging, what I am seeing is not a problem with redirects, those seem to be ok, it is perhaps with the fact that the url is from a different website than the applet. But I thought that with all permissions granted it would be ok. going to do some more digging...
It appears the problem may not be the redirection, but the use of cookies by double click to get permission. The headers from the link marek posted come back as follows: HTTP/1.0 302 Moved Temporarily Content-Length: 0 Date: Thu, 21 Feb 2002 22:52:42 GMT Location: http://m.doubleclick.net/viewad/722389/1-468_mechanic.gif Cache-Control: private, max-age=0, no-cache Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Thu, 21 Feb 2002 23:07:42 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Note the Set-Cookie and the CheckForPermission with a domain of .doubleclick.net I'm going to run a test and see if giving doubleclick.net permissions will make this problem go away.
Nope. Gave codeBase "http://www.doubleclick.net/" permissions and the security check is still failing.
Mac bug, re-assign to Patrick.
Assignee: joe.chou → beard
QA Contact: pmac → petersen
-->peterl
Assignee: beard → peterl
Depends on: 135840
Summary: security exception when trying to load redirect urls via java → [OSX] security exception when trying to load redirect urls via java
Priority: -- → P3
Target Milestone: --- → Future
Product: Core → Core Graveyard
Mass-closing bugs in the "OJI" component: OJI plugin integration was replaced with npruntime long ago, and these bugs appear to be irrelevant now. If there is in fact a real bug that remains, please file it new in the "Core" product, component "Plug-ins".
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.