Bug ID: JDK-4181905 doPriviledge()s missing from several getResource() calls in Swing

Type: Bug
Component: client-libs
Sub-Component: javax.swing
Affected Version: 1.0_fcs,1.2.0,1.2.1

Priority: P1
Status: Resolved
Resolution: Fixed
OS:
generic,solaris_2.5.1,solaris_2.6,windows_95,windows_nt generic,solaris_2.5.1,solaris_2.6,windows_95,windows_nt
CPU: generic,x86,sparc

Submitted: 1998-10-15
Updated: 1999-05-04
Resolved: 1999-05-04

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
1.2.2 1.2.2Fixed

JEditorPane instances fail to initialize properly the HTML EditorKit when the initialization is triggered from non-privileged code.

There are at least 2 calls to getResourceAsStream() that are not properly surrounded by a doPrivilege() call: one gets the CSS file, the other gets the .bdtd file.  Without this the HTML factory throws a bad exception.

A visual inspection of the code using grep showed 2-3 other places where getResource() was being used without a doPrivilege() call.  It was not immediate whether these places needed the extra calls.

	- eduardo

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.2.2 FIXED IN: 1.2.2 INTEGRATED IN: 1.2.2

14-06-2004

PUBLIC COMMENTS Snapshots should be updated to new GUIs

10-06-2004

EVALUATION Yep, these should be added. The loading of the resources is lazy so it will happen with the applets code in the call stack. Since we are trying to get rid of the use of munge for 1.2 specific code, this will need to be done more carefully than simply adding the doPriviledge() calls. This has been ok'd for the next dot release. timothy.prinzing@eng 1998-10-17 A class with 1.2 specific security manager code called ResourceLoader was added to the javax.swing.text.html and javax.swing.text.html.parser packages. These two classes are only built on 1.2. HTMLEditorKit now has a package private method called getResourceAsStream that will try to load the 1.2 ResourceLoader class and use reflection to call it if successfully loaded. If the 1.2 class can't be successfully called, the call is routed to the HTMLEditorKit.class.getResourceAsStream directly. The ImageView class was updated to use the package private method on HTMLEditorKit to load the two default images. The ParserDelegator class got a getResourceAsStream method that works in the same way to load the binary DTD resource. timothy.prinzing@eng 1999-02-08

08-02-1999

Duplicate :	JDK-4181936 - NullPointerException in ParagraphView.getLaoutViewCount while running in browser
Duplicate :	JDK-4202117 - JEditorPane does not properly display HTML content in an applet
Duplicate :	JDK-4184833 - JEditorPane renders HTML differently in applets
Duplicate :	JDK-4229279 - JEditorPane with HTMLEditorKit is unusable in an Applet
Duplicate :	JDK-4202127 - JEditorPane does not properly display HTML content in JApplet
Duplicate :	JDK-4222731 - Swing 1.2 produces invalid html content
Duplicate :	JDK-4194562 - JEditorPane in JApplet throws a java.lang.Error
Relates :	JDK-4181934 - AccessControlException generated in ImageView within browsers