Closed Bug 93403 Opened 23 years ago Closed 23 years ago

java security access when running an applet

Categories

(Core Graveyard :: Java: OJI, defect)

x86
Linux
defect
Not set
critical

Tracking

(Not tracked)

CLOSED INVALID
mozilla0.9.7

People

(Reporter: pasm6000, Assigned: sep)

Details

Attachments

(2 files)

I'm developing a site and testing it with Netscape 6 under Windows 2000 y Netscape 6PR1 under Linux. Well, the page contains an applet that makes a java.net.URLConnection to a server and try to perform an HTTP GET method to a Servlet. While Netscape 6 in Windows works properly. Netscape 6PR1 in Linux generates a java security access. If you are interested in reproducing bug you can try the sendGetMessage in HTTPMessage class found in com.oreilly.servlet package (www.servlets.com) in an applet. In the other hand here is bit of code that works on both flavours of Netscape: java.net.URL url = new java.net.URL(getWebServerURL() + getServlet()); System.out.println("postObjects: " + url); java.net.URLConnection con = url.openConnection(); con.setDoInput(true); con.setDoOutput(true); con.setUseCaches(false); con.setRequestProperty("Content-Type", "application/x-java-serialized-object"); // Write the arguments as post data java.io.ObjectOutputStream out = new java.io.ObjectOutputStream(con.getOutputStream()); int numObjects = objs.length; for (int x = 0; x < numObjects; x++) { out.writeObject(objs[x]); } out.flush(); out.close(); return new java.io.ObjectInputStream(con.getInputStream()); But here is a bit of code that fails on Linux but works on Windows (return line: con.getInputStream()): String argString = ""; // default if (args != null) { argString = "?" + toEncodedString(args); } URL url = new URL(servlet.toExternalForm() + argString); System.out.println("sendGetMessage: " + url); // Turn off caching URLConnection con = url.openConnection(); con.setUseCaches(false); // Send headers sendHeaders(con); return con.getInputStream(); I thank you in advance if one of you can help me to workaround this problem
Not sure if this helps you but the jsse (security for java) is not included by default with the linux java run time environment.
moving to oji
Assignee: idk → edburns
Component: Java-Implemented Plugins → OJI
Reassign to Joe as I'm leaving the role of OJI module owner.
Status: UNCONFIRMED → NEW
QA Contact: avm → pmac
Target Milestone: --- → mozilla0.9.5
Ressign to Joe Chou, as I am no longer working officially on OJI.
Assignee: edburns → joe.chou
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Re-assign to sep.
Assignee: joe.chou → sep
Status: NEW → UNCONFIRMED
Target Milestone: mozilla0.9.6 → mozilla0.9.7
Status: UNCONFIRMED → NEW
Ever confirmed: true
Pablo, could you represent the complete java code that fails on Linux ? Please describe all steps that I should make to reproduce the bug.
Attached file testcase
HTML testcase
Attached file applet testcase
Applet testcase which create instance of HttpMessage and invokes method sendGetMessage(). After that the obtained InputStream is checked to be not NULL.
I downloaded package mentioned in the description and create applet (Attachment #59684 [details]). Applet creates instance of HttpMessage and invokes method sendGetMessage(). After that the obtained InputStream is checked to be not NULL. In all cases I got NOT null InputStream. I tested applet on Mozilla branch 095 on Linux Redhat 6.2 with JRE1.3.0_01, JRE1.3.1 and JRE1.4.0: applet works. Then I tested this applet on Linux Redhat 7.1: for all same JREs APPLETVIEWER displays java security exception. Reporter would you please tell what Linux release did you use. Anyway from my point of view this is not Mozilla bug: that maybe specific security java bug for Linux Redhat 7.1.
Unfortunetly I lost the code that generated the error because I had to workaround and that code was never sent to CVS. When I had the error the linux distribution was Slackware 7.1 running JRE1.3.0 from Sun Microsytems with Mozilla 0.9.3. I think I could reproduce the error again but I have not enough time for now. Recently some one here reported a similar problem running Blackdown JRE 1.3.1 on Slackware 7.1 and Red Hat 7.0
I filed bug number #4533426 against java_security. And I propose to close this bug as INVALID because this is not Mozilla bug.
Resolve, going to close as invalid.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Close as proposed. Reporter: if you disagree, feel free to reopen.
Status: RESOLVED → CLOSED
One more comment. Actually this is not a bug: neither browser bug nor java bug. In 'your_java.policy' file you should add the following permission: permission java.net.SocketPermission "site_where_to_connect", "connect"; And then run ControlPanel of your java plugin and add the following runtime option: -Djava.security.policy='your_java.policy'. Just remember that you must set full path to 'your_java.policy'.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: