Closed Bug 59983 Opened 25 years ago Closed 24 years ago

win.getMembers("document") gives access denied and a security violation

Categories

(Core Graveyard :: Java: Live Connect, defect, P3)

Product:
Core Graveyard
Component:
Java: Live Connect
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 59447

People

(Reporter: gary.kind, Assigned: jeff.dyer)

Details

Attachments

(1 file)

Reporter's test case
3.62 KB, application/zip
Details
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) BuildID: Using liveconnect, I can easily get the DOM window by calling JSObject.getWindow (this) in an Applet's method other than init(). However if I follow this up with the following statement: JSObject myDoc = (JSOBject) win.getMember("document"); I get an "access denied" and a security violation in the java console. Being able to do a getMember on any JSObject is critical for our Oracle products. I consider this a showstopper and it needs to be addressed as quickly as your schedule permits. Reproducible: Always Steps to Reproduce: 1.write a simple html file that contains the following <applet ID="App1" name="lcApplet" CODE="myclasses.liveConnect" MAYSCRIPT > </applet> <script> function showAlert() { alert ("JavaScript 'showAlert': called from applet.load() "); } document.lcApplet.load(); 2.Write a simple Applet called liveConnect.java in a "myclasses" folder below the folder that contains your html file. It should contain a public void method "load" with no args. 3.Of course, at the top, import netscape.javascript.*; to get the JSObject.class. 4. Put the following 3 lines in the load method: // Get the DOM window from JavaScript JSObject myWin = JSObject.getWindow(this); // Call the JavaScipt function ShowAlert myWin.call("ShowAlert", null); // Get the DOM document object from JavaScript JSObject myDoc = (JSObject) win.getMember("document"); 5. Compile the .java Applet file into a .class file 6. Bring up the Netscape 6 or Mozilla Browser and open the Java Console. 7. enter the URL to the simple html file you created in step 1. 8. You should see the access denied and security violation when the JSObject myDoc = (JSObject) win.getMember("document"); statement is executed Actual Results: The following is a dump of what came up in my Java Console: ******* textjava.security.AccessControlException: access denied (java.lang.RuntimePermission getProtectionDomain) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.Class.getProtectionDomain(Unknown Source) at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source) at sun.plugin.liveconnect.SecureInvocation.ConstructObject(Unknown Source) at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native Method) at sun.plugin.javascript.navig5.JSObject.getMember(Unknown Source) at myclasses.liveConnect.setString(liveConnect.java:43) at java.lang.reflect.Method.invoke(Native Method) at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source) java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException: java.security.AccessControlException: access denied (java.lang.RuntimePermission getProtectionDomain) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.Class.getProtectionDomain(Unknown Source) at sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(Unknown Source) at sun.plugin.liveconnect.SecureInvocation.ConstructObject(Unknown Source) at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native Method) at sun.plugin.javascript.navig5.JSObject.getMember(Unknown Source) at myclasses.liveConnect.setString(liveConnect.java:43) at java.lang.reflect.Method.invoke(Native Method) at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source) Expected Results: I would have expected no errors and a valid DOM document returned to the applet's method as a JSObject.
Before I follow these instructions, you don't happen to have all this stuff that you can put together in a testcase, and attach to this bug, do you? Gerv
Unzip the test case, bring up the Java console, edit the text and click the button. The console shows an error. I'm happy to confirm this bug happens - whether it's a real bug or not, I'm not qualified to say :-) rogerl? Gerv P.S. Reporter - to attach a file to a bug, visit it and use the "Create New Attachment" link.
Status: UNCONFIRMED → NEW
Ever confirmed: true
cc'ing Patrick, Jeff, and Mitch. Is this the right component for this bug? Or should it be under the Security component? Also: gary.kind@oracle.com, has this testcase ever worked in Mozilla? If so, can you say how recently it stopped working? Thanks -
It is not clear where the fault is. The problem is that the applet is making liveconnect calls without a script running, and so the security manager can't find the principal to validate the call. Calling function getDocument() { return window.document; } works fine since a script is running when caps need to find a principal on the js stack. Keep it in LC, but reassign to me for further analysis.
The workaround function "getDocument()" returns a document to Java. However, nothing can be done with it, most likely for the same reason. If I turn around and call, in Java, document.call("write", <txt arg>); I get another security violation. How do I keep the "Principal" around? The point is that getMembers doesn't seem to be working on ANY JSObject! That's what needs to be fixed.
Reassigning to Jeff, as he requested above - (thanks!)
Assignee: rogerl → jeff.dyer
*** This bug has been marked as a duplicate of 59447 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verifying as duplicate -
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: