Java (security-)applet won't load when opening page

RESOLVED WORKSFORME

Status

Core Graveyard
Java: OJI
RESOLVED WORKSFORME
14 years ago
8 years ago

People

(Reporter: frits van veeningen, Assigned: Kyle Yuan)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed_in_tiger, URL)

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
User-Agent:       
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124

Postbank, one of the largest Dutch banks, uses a Java-applet for security at
logon on their internet banking application. It seems it is used for encryption. 

Reproducible: Always
Steps to Reproduce:
1. Go to https://www.p3.postbank.nl/sesam/SesamLoginServlet
2. Fill in anything in 'Gebruikersnaam' (=username)
3. Fill in anything in 'Wachtwoord' (=password)
4. Hit <Enter>

Actual Results:  
If the applet failed to load, you'll get a pop-up saying something like this:

"Inloggen Mijn Postbank.nl
U kunt niet inloggen op Mijn Postbank.nl
Om gebruik te maken van Mijn Postbank.nl, moet u beschikken over:
– Windows 95, 98, ME, 2000, NT en XP in combinatie met Internet Explorer 4.01 of
hoger of MAC OS 10 in combinatie met Netscape 7.0.

[...]" 


Expected Results:  
In case the applet is loaded, you'll probably will get some error message on the
same page, or get logged on if you managed to enter a correct combination of
user-id and password.

The applet is loaded using the following code:

<applet code="CA.class" codebase="/sesam" name="CryptoApplet" id="CryptoApplet"
archive="ca.jar" align="bottom" width="0" height="0" id="CryptoApplet">
<param name="CABBASE" value="ca.cab">
</applet>

Apparently, there is an option to use ActiveX as well, but obviously, that is
not something a Linux user needs. 

Strange thing is that it seems to work with some distro's (i.e. Red Hat 9, Moz
1.2.1 and Sun Java 1.4.2), but on my Fedora Core 1 box, it has never worked, no
matter which version or vendor i use for the Java plugin. From this thread at
Webwereld.nl ( http://webwereld.nl/nieuws/reactie_compleet.phtml?id=17697 ) i
gather i'm not the only one, though. 

<speculation>I think it has something to do with the plugin size being zero
height and zero width, but i can imagine the applet is supposed to be
invisible.</speculation>

The only workaround i found, is using Opera. Now, that's not what we want, is it?
(Reporter)

Comment 1

14 years ago
Created attachment 140972 [details]
Pop-up window

Attachment shows the pop-up window one gets when trying to log on when the
applet is not loaded.

Comment 2

14 years ago
WFM Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206
Firefox/0.8
Java Plug-in 1.5.0

After a couple of seconds, I get a java security dialog.  After I accept that,
the page seems to work fine, with an error message at the top saying that my
username/pass is incorrect.
(Reporter)

Comment 3

14 years ago
I tried to compare the behavior of Mozilla in Fedora to that in RedHat 9, using
the Java Console. When the trace level is set to 5, in RedHat, at loading the
page, the console starts printing stuff like:

Trace level set to 5: basic, net, security, ext, liveconnect ... completed.
setWindow: call before applet exists:37750421
Referencing classloader: sun.plugin.ClassLoaderInfo@e2291, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
Connecting https://www.p3.postbank.nl/sesam/ca.jar with no proxy
Connecting https://www.p3.postbank.nl/sesam/ca.jar with cookie "AppletType=java;
ns_cookietest=true; ns_session=true; ACSpeed=42055;
sesessionid=0002E0NCRXABTNVY3XO2NXKZ0DQ"
Loading Root CA certificates from
/usr/lib/jvm/java-1.4.2-sun-1.4.2.01/jre/lib/security/cacerts
[...]

Whereas with Fedora, also with trace level set to 5, the console prints _nothing
at all_:
Trace level set to 5: basic, net, security, ext, liveconnect ... completed.

<nothing>

So it seems the browser doesn't even attempt to load the applet.
(Before anyone asks: 

Java(TM) Plug-in 1.4.2_02-b03

    File name: libjavaplugin_oji.so
    Java(TM) Plug-in 1.4.2_02
)
(Reporter)

Comment 4

14 years ago
One of the differences between my RedHat-box and Fedora turned out to be the
java-vm version. On the first one 1.4.2_01-b06 is installed, on the latter it
was 1.4.2_02-b03. So i de-installed 1.4.2_02-b03, and installed 1.4.2_01-b06.
And now it works. 

Still, it should work on the others as well. 

Comment 5

14 years ago
(In reply to comment #4)
> One of the differences between my RedHat-box and Fedora turned out to be the
> java-vm version. On the first one 1.4.2_01-b06 is installed, on the latter it
> was 1.4.2_02-b03. So i de-installed 1.4.2_02-b03, and installed 1.4.2_01-b06.
> And now it works. 

I tested a number of different java versions with Firebird 0.7, and
1.4.2_01-b06 seems to be the last version that works:

1.4.2-b28       OK
1.4.2_01-b06    OK
1.4.2_02-b03    NOK
1.4.2_03-b02    NOK
1.5.0-beta-b32c NOK

Comment 6

14 years ago
(In reply to comment #0)
> <speculation>I think it has something to do with the plugin size being zero
> height and zero width, but i can imagine the applet is supposed to be
> invisible.</speculation>

I think you are correct. I used a proxy script that changes
  width="0" height="0" id="CryptoApplet"
into:
  width="1" height="1" id="CryptoApplet"
and now the newer plugin version work as well! So, at least we have a workaround
for the Postbank.

When I look through the release notes of 1.4.2_02 at:

  http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#PriorRels

there is one bug fix that is related to the applet size:

4798569 Mozilla cannot correctly display Java applet with relative "width"
attribute.

Perhaps the current problem was introduced in that fix?
(Reporter)

Comment 7

14 years ago
Yep. I stumbled upon that bug earlier today. More details at 
http://developer.java.sun.com/developer/bugParade/bugs/4798569.html

Here's a quote:

"* Whether it is legal to call SetWindow with 0 width and 0 height"

Another:

"Since AWT does not allow width/height to be 0, we will add this restriction to
JPI code to filter that."

So basically, the bug was fixed by prohibiting zero sized applets. In other
words: an applet cannot be invisible anymore...

Comment 8

14 years ago
(In reply to comment #7)
> So basically, the bug was fixed by prohibiting zero sized applets. In other
> words: an applet cannot be invisible anymore...

The funny thing is that the previous online banking system of the Postbank
(Girotel Online, https://gto.postbank.nl/), uses a size of 2x2:

<applet NAME="g3" CODE="PBGN.class" WIDTH="2" HEIGHT="2" ALIGN="BOTTOM"
ARCHIVE="PBGN.jar">
(Assignee)

Comment 9

14 years ago
For the zero-size applet, please see bug 188454 comment 10.

Comment 10

14 years ago
This is not a Mozilla problem, so setting Product to Tech Evangelism.
Status: UNCONFIRMED → NEW
Component: Java: OJI → Dutch
Ever confirmed: true
Product: Browser → Tech Evangelism
Hardware: PC → All
Version: Trunk → unspecified

Comment 11

14 years ago
Kyle, do you still wish to be the assignee for this bug?
Otherwise feel free to change assignment to dutch@evangelism.bugs.
(Assignee)

Comment 12

14 years ago
Actually, I don't think this belongs to Tech Evangelism. This is a regression of
mozilla and/or Java plugin. Zero-size applet should be supported and we are
trying to figure out a way to do that right now.
Component: Dutch → Java: OJI
Product: Tech Evangelism → Browser
Version: unspecified → Trunk
(Assignee)

Updated

14 years ago
Depends on: 188454

Updated

14 years ago
Flags: blocking-aviary1.0RC1+

Comment 13

14 years ago
Would appreciate it if this bug could be nominated for 1.0, as this affects a
huge amount of Dutch Mozilla/Firefox users.
Flags: blocking-aviary1.0RC1+
(Assignee)

Comment 14

14 years ago
> Would appreciate it if this bug could be nominated for 1.0, as this affects a
> huge amount of Dutch Mozilla/Firefox users.

This is not a mozilla/firefox bug. It has already been fixed in jre 1.5.
Whiteboard: fixed_in_tiger
(Reporter)

Comment 15

14 years ago
Moreover, Postbank changed the applet size a while ago into 1x1. So it's fixed
at all sides now. 
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED

Comment 16

14 years ago
> Zero-size applet should be supported and we are
> trying to figure out a way to do that right now.

> This is not a mozilla/firefox bug. It has already
> been fixed in jre 1.5.

Confusing over whether this is Mozilla or Evangelism.  In any case, no bug/patch
has been referenced here as something (from a Mozilla standpoint) that caused
things to work again.  If it really WAS just fixed by the Web site this should
be moved back to Evangelism again...

->WORKSFORME
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Updated

14 years ago
Status: REOPENED → RESOLVED
Last Resolved: 14 years ago14 years ago
Resolution: --- → WORKSFORME

Updated

8 years ago
Component: Java: OJI → Java: OJI
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.