JDK-6957052 : Local drag-and-drop in applets is broken by unnecessary security check
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 6u10
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris_8,windows_xp
  • CPU: x86
  • Submitted: 2010-05-28
  • Updated: 2011-01-19
  • Resolved: 2010-06-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6-poolResolved
Related Reports
Duplicate :  
JDK-6945178 - SecurityException upon drag-and-drop
Description
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]

A DESCRIPTION OF THE PROBLEM :
Calls of Transferrable.getTransferData fail with security exception because the runtime checks for permission to access the system clipboard. It should not do that, as local drag-and-drop does not access data on the system clipboard, it works with data which belongs to the applet.

The bug exists in 1.6.0_19 and 1.6.0_20. The problem did not exists in update 18.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Any applet (or at least any unsigned applet?) fails with security exception (see the stack trace) when calling the getTransferData of the Transferrable when trying to complete a local drag-and-drop operation.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Local drag-and-drop within an applet should not check for any security permissions, as it operates on the data originating in the applet itself.
ACTUAL -
Calls of Transferrable.getTransferData fail with security exception.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.awt.AWTPermission accessClipboard)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkSystemClipboardAccess(Unknown Source)
	at sun.awt.dnd.SunDropTargetContextPeer.getTransferData(Unknown Source)
	at sun.awt.datatransfer.TransferableProxy.getTransferData(Unknown Source)
	at java.awt.dnd.DropTargetContext$TransferableProxy.getTransferData(Unknown Source)


REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
One can bypass the bug by not calling getTransferData at all. Instead an applet can store the drag data in internal data structures (at the moment when the drag operation is initiated) and use it later to handle the drop.

This is quite ugly as it completely ignores Java APIs for drag-and-drop and handling of multiple data flavors.

Release Regression From : 6u18
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.
Comments
EVALUATION This is a duplicate of 6945178. I have attached a test to verify the problem. 1. Compile the java class. 2. Run the applet with appletviewer. 3. Drag yellow panel into red panel. 4. In 6u20 stack trace is printed. 5. In the latst build of 6u21 "Text for transferring." string is printed in stdout stream (console).
24-06-2010