United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6784894 Regression: applets loaded from local disk can not access co-located resources
JDK-6784894 : Regression: applets loaded from local disk can not access co-located resources

Details
Type:
Bug
Submit Date:
2008-12-13
Status:
Closed
Updated Date:
2010-11-03
Project Name:
JDK
Resolved Date:
2009-01-30
Component:
deploy
OS:
generic,windows_xp
Sub-Component:
plugin
CPU:
x86,generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u11,6u12
Fixed Versions:
6u12 (b03)

Related Reports
Backport:
Backport:
Backport:
Duplicate:

Sub Tasks

Description
The fix for 6716217 has introduced a regression where a developer's applet can no longer access its resources when loaded from the local disk. This issue is described on the forum thread http://forums.java.net/jive/thread.jspa?threadID=54799&tstart=0 .

A test case is attached. Navigate to the included HTML file. With 6u10 and earlier the applet will load. With 6u11 and later the applet will throw an AccessControlException that can be seen on the Java Console.

The directory setup is as follows:

   testcase/
            index.html
            jars/applet.jar
            images/image.jpg

The index.html references applet.jar in the applet tag. The codebase for the applet is set to be the "testcase" directory. The applet attempts to load the resource "images/image.jpg". With 6u11 and later this is throwing an AccessControlException because the applet is only receiving permissions to read recursively under the directory from which the jar was actually loaded rather than the codebase as in earlier releases.

This compatibility issue may impact an unknown number of developers.

One possible solution would involve granting permissions to read recursively under the document base of the applet.

                                    

Comments
EVALUATION

We are investigating how to fix the regression w/o undoing fix to 6716217
                                     
2008-12-17
EVALUATION

Fix:  

1.  Check for "file" protocol URL specifically for document base, and only grant recursive codebase read permission to this.

2.  If the document base file url is a unc url (contains hostname), do not grant recursive codebase read permission

3.  If document base is null, do not grant recursive codebase read permission

4.  to grant recursive codebase file read permission, the codesource url must either be a directory (class file case), or the codesource url must ends with .jar or .zip.

5.  Include same changes for old plugin
                                     
2008-12-18



Hardware and Software, Engineered to Work Together