JDK-6675802 : Regression: heavyweight popups cause SecurityExceptions in applets
  • Type: Bug
  • Component: client-libs
  • Sub-Component: javax.swing
  • Affected Version: 6u10,7
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic,windows_xp
  • CPU: generic,x86
  • Submitted: 2008-03-14
  • Updated: 2011-03-07
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u10Fixed 7 b27Fixed
Related Reports
Relates :  
JDK-6580930 - Swing Popups should overlap taskbar
Relates :  
JDK-6691503 - Malicious applet can show always-on-top popup menu which has whole screen size
Description
The fix for 6580930, to cause Swing popups to overlap the Windows taskbar, has caused a regression in sandboxed applications or applets which cause a heavyweight popup to be raised:

Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.awt.AWTPermission setWindowAlwaysOnTop)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
	at java.security.AccessController.checkPermission(AccessController.java:546)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
	at java.awt.Window.setAlwaysOnTop(Window.java:2014)
	at javax.swing.Popup$HeavyWeightWindow.<init>(Popup.java:215)
	at javax.swing.Popup.createComponent(Popup.java:192)
	at javax.swing.Popup.reset(Popup.java:130)
	at javax.swing.PopupFactory$HeavyWeightPopup.getHeavyWeightPopup(PopupFactory.java:328)
	at javax.swing.PopupFactory.getHeavyWeightPopup(PopupFactory.java:257)
	at javax.swing.PopupFactory.getPopup(PopupFactory.java:218)
	at javax.swing.PopupFactory.getPopup(PopupFactory.java:163)
	at javax.swing.plaf.PopupMenuUI.getPopup(PopupMenuUI.java:44)
	at javax.swing.JPopupMenu.getPopup(JPopupMenu.java:784)
	at javax.swing.JPopupMenu.setVisible(JPopupMenu.java:737)
	at javax.swing.JPopupMenu.show(JPopupMenu.java:910)
	at com.altio.examples.applets.PopupTest$3.actionPerformed(PopupTest.java:60)
	at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
	at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
	at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
	at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
	at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
	at java.awt.Component.processMouseEvent(Component.java:6099)
	at javax.swing.JComponent.processMouseEvent(JComponent.java:3265)
	at java.awt.Component.processEvent(Component.java:5864)
	at java.awt.Container.processEvent(Container.java:2058)
	at java.awt.Component.dispatchEventImpl(Component.java:4466)
	at java.awt.Container.dispatchEventImpl(Container.java:2116)
	at java.awt.Component.dispatchEvent(Component.java:4296)
	at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322)
	at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3986)
	at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916)
	at java.awt.Container.dispatchEventImpl(Container.java:2102)
	at java.awt.Component.dispatchEvent(Component.java:4296)
	at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:284)
	at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
	at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

The attached test case from a customer illustrates the problem. This problem was reported on the 6uN early access forum:
  http://forums.java.net/jive/thread.jspa?threadID=38012&tstart=0
Comments
WORK AROUND There is no a good workaround. However, you can grant the needed permission by signing your applet or modifying local security policies.
23-04-2008
SUGGESTED FIX webrevs: http://sa.sfbay.sun.com/projects/swing_data/7/6675802/ test: test/javax/swing/JPopupMenu/6675802/bug6675802.java --- src/share/classes/javax/swing/Popup.java *** 227,238 **** --- 227,245 ---- setFocusableWindowState(false); setName("###overrideRedirect###"); // Popups are typically transient and most likely won't benefit // from true double buffering. Turn it off here. getRootPane().setUseTrueDoubleBuffering(false); + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction<Object>() { + public Object run() { setAlwaysOnTop(true); + return null; } + } + ); + } public void update(Graphics g) { paint(g); }
18-04-2008
EVALUATION Thanks to ###@###.###, who has already wrote that the problem is in the Popup class. Wrapping setAlwaysOnTop(true) in AccessController.doPrivileged() solves the problem.
16-04-2008
EVALUATION I reproduced the bug. Certainly, it is a regression of 6580930.
15-04-2008
SUGGESTED FIX Use AccessController.doPrivileged() around the call to setAlwaysOnTop(true), if this is appropriate and isn't a security risk.
14-03-2008