JDK-4181905 : doPriviledge()s missing from several getResource() calls in Swing
  • Type: Bug
  • Component: client-libs
  • Sub-Component: javax.swing
  • Affected Version: 1.0_fcs,1.2.0,1.2.1
  • Priority: P1
  • Status: Resolved
  • Resolution: Fixed
  • OS:
    generic,solaris_2.5.1,solaris_2.6,windows_95,windows_nt generic,solaris_2.5.1,solaris_2.6,windows_95,windows_nt
  • CPU: generic,x86,sparc
  • Submitted: 1998-10-15
  • Updated: 1999-05-04
  • Resolved: 1999-05-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.2.2 1.2.2Fixed
Related Reports
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Relates :  
Description
JEditorPane instances fail to initialize properly the HTML EditorKit when the initialization is triggered from non-privileged code.

There are at least 2 calls to getResourceAsStream() that are not properly surrounded by a doPrivilege() call: one gets the CSS file, the other gets the .bdtd file.  Without this the HTML factory throws a bad exception.

A visual inspection of the code using grep showed 2-3 other places where getResource() was being used without a doPrivilege() call.  It was not immediate whether these places needed the extra calls.

	- eduardo

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.2.2 FIXED IN: 1.2.2 INTEGRATED IN: 1.2.2
14-06-2004

PUBLIC COMMENTS Snapshots should be updated to new GUIs
10-06-2004

EVALUATION Yep, these should be added. The loading of the resources is lazy so it will happen with the applets code in the call stack. Since we are trying to get rid of the use of munge for 1.2 specific code, this will need to be done more carefully than simply adding the doPriviledge() calls. This has been ok'd for the next dot release. timothy.prinzing@eng 1998-10-17 A class with 1.2 specific security manager code called ResourceLoader was added to the javax.swing.text.html and javax.swing.text.html.parser packages. These two classes are only built on 1.2. HTMLEditorKit now has a package private method called getResourceAsStream that will try to load the 1.2 ResourceLoader class and use reflection to call it if successfully loaded. If the 1.2 class can't be successfully called, the call is routed to the HTMLEditorKit.class.getResourceAsStream directly. The ImageView class was updated to use the package private method on HTMLEditorKit to load the two default images. The ParserDelegator class got a getResourceAsStream method that works in the same way to load the binary DTD resource. timothy.prinzing@eng 1999-02-08
08-02-1999