18741 2008-04-25 06:59:15 -0700 Live connect throws security exceptions 2008-05-20 03:15:07 -0700 1 1 1 Unclassified WebKit Java 525.x (Safari 3.1) PC Windows XP RESOLVED WORKSFORME http://www.neurodna.com/test/LiveConnectTest.htm P3 Major --- 0 admin webkit-unassigned mrowe oldest_to_newest 78906 0 admin 2008-04-25 06:59:15 -0700 Opening an http connection when in a javascript to java call throws security exception. The origin of the connection is the same server where the applet comes from. Here is the full stack trace. java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.17:80 connect,resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at detectVM.greadC(detectVM.java:329) at detectVM.loginCheck(detectVM.java:177) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source) 78907 1 admin 2008-04-25 07:18:43 -0700 the Java plugin used is Java 6u10 beta 78924 2 mrowe 2008-04-25 11:13:19 -0700 Can you please provide the URL of an example that works correctly in other browsers but does not work correctly in WebKit? Does it work correctly in Safari without a nightly WebKit build? Also, what platform are you running on? The OS field indicates you are using Leopard but the Hardware field says you're not using a Mac which seems inconsistent. 78927 3 admin 2008-04-25 11:48:42 -0700 This weekend we will put a new release of our product which uses live connect to our web site. I will email a userid/password to you once it is deployed. I believe it will help you all a lot for tunning the performance and stability of Java live connect on Safari. Our initial test was on Safari for Windows. We have not yet tested a nightly WebKit. Are there any live connect improvements since Safari 3.1 at WebKit. 78929 4 mrowe 2008-04-25 12:23:31 -0700 I don't know that there have been any changes since Safari 3.1 -- I asked because the Version field indicated that you were using a nightly build of WebKit rather than a released version, so I was wondering if that was an important factor in the bug report. In the future it would be great if you could select accurate OS and Version values -- the implementation of Java support differs from platform to platform so it's important to make sure we're looking in the right place. Have you had an opportunity to test on Mac OS X at all? 78938 5 mrowe 2008-04-25 14:36:45 -0700 *** Bug 18742 has been marked as a duplicate of this bug. *** 78961 6 admin 2008-04-26 04:26:41 -0700 We have not yet tested on Mac OS X, but we used various Java plugins from 1.4.2 to the latest 1.6 beta build22. They all have the same problem. the interesting part is that, I am sure if this is because of a nightly we had installed on top of Safari 3.1. I will check up on that. On the other hand, on windows 2000 using Safari 3.0, everything works fine although windows 2000 is not listed as the prefered setup for Safari to run by Apple. 78965 7 admin 2008-04-26 05:15:39 -0700 I have just uninstalled and reinstalled latest Safari 3.1 on Windows XP and problem is there. So it is not a nightly webkit build. 78966 8 admin 2008-04-26 05:29:55 -0700 I have uninstalled Safari 3.1 and installed Safari 3.0 on XP that we used with Windows 2000. We get the same error. I am adding the following which was also reported on the duplicate bug. I will now install lastest nightly WebKit build and see. java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.17 resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at sun.plugin.security.ActivatorSecurityManager.checkConnect(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at com.neurodna.manager.NSendReceiveImp.streamPrivate(NSendReceiveImp.java:653) at com.neurodna.manager.NSendReceiveImp.access$200(NSendReceiveImp.java:95) at com.neurodna.manager.NSendReceiveImp$DefaultReceiver.runURLRequest(NSendReceiveImp.java:182) at com.neurodna.manager.NSendReceiveImp$DefaultReceiver.run(NSendReceiveImp.java:207) 78968 9 admin 2008-04-26 05:54:10 -0700 Latest webkit build has the exact same problem. 79563 10 20945 admin 2008-05-03 03:11:12 -0700 Created attachment 20945 Test case for the problem Sorry for the test case delay. We havent got the go for product demo so I am attaching a testcase. 80610 11 admin 2008-05-16 01:36:45 -0700 The problem only occurs when the applet is delivered from a remote server. It works fine when the applet is delivered from a locally running web server. The reason it was working fine on Windows 2000, because we were running the web server locally. We also always use IP numbers for the servers to access even from remote servers for security reasons. I was wondering if a plain IP address is tagged as insucure by the Safari sandbox. 80615 12 admin 2008-05-16 02:18:09 -0700 I have put the test case to our site, you may test it from there and confirm this bug. http://www.neurodna.com/test/LiveConnectTest.htm 80959 13 admin 2008-05-20 00:39:16 -0700 since this was left unconfirmed and we have found a different way to implement that part of our code. I am marking this works for me. 80960 14 mrowe 2008-05-20 00:47:28 -0700 All I saw when loading the test case was: java.lang.UnsupportedClassVersionError: Bad version number in .class file at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:675) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124) at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:163) at java.lang.ClassLoader.loadClass(ClassLoader.java:316) at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:119) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:591) at sun.applet.AppletPanel.createApplet(AppletPanel.java:723) at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1870) at sun.applet.AppletPanel.runLoader(AppletPanel.java:652) at sun.applet.AppletPanel.run(AppletPanel.java:326) at java.lang.Thread.run(Thread.java:613) logged to the system console and: Value undefined (result of expression document.getElementById("a").tryToFlood) is not object. http://www.neurodna.com/test/LiveConnectTest.htm (line 11) in the inspector console. 80966 15 admin 2008-05-20 03:15:07 -0700 The bug was filed for Windows XP, and the test case was compiled with JRE 6.0. For Mac, If there is Java 6.0 for MacOSX, you may need to install that. 20945 2008-05-03 03:11:12 -0700 2008-05-03 03:11:12 -0700 Test case for the problem test.zip application/x-zip-compressed 1679 admin UEsDBBQAAAAIAKdoozix46ePtwIAAL0EAAAKAAAAVGVzdC5jbGFzc51TXVPTQBQ92xa2TbeALQjh Q8TPgtoqimJAEIpotTgKhRnUl9AuUC1JJk1FfpHP+FBmZMZHnfGn+CPEu6m1VPtkkrm7e/fec889 2f3+8/MXAJNY0RDHJY7LYVzREMBVZZIaxjGhzDWO6xrCuMGR0qAhrczNCG5hUsNt3OGY0tCNuxz3 OKYZOmdLVsmbYwgmxzcYQhm7KBm6cyVLPq/ubUk3b26VyaN57kHeXi7bdpFhJZnN5t6a78102bR2 0mueW7J2Zv7Po6rG1jyz8G7FdPxiPrX71CGHwTFDDVEvxJtIrNlVtyCXS4pRJC8rXkrhCSTQyyB8 bEt66fXVHEP/ruc5Rjq9v7+fsmTVtYuWmSrYeyp6VuAB5ghfYB4PBRawyKD7+SU7nbWcqkf0pLm3 Ks2idFVKhuFsI2Cxur0tXVls7i4JPMIyx2OBJ8hyPBV4hlmGRLPfRx8K0vFKtiWQU3RDij9D3I8w HadMxBf8gaHnb5kaxX93l7EtSxYUWKNEK22GvmR7qbtsR1qn0weT47n20DMkaUV66xWZMQu7skKU k698jB3ptRTrb2C0siCAgWTbDYWSaG7VdfS9YdovqtPH0NtAPd1DqzYHFU9S/aBdJdH6/uC9oNAm h0QbNwN31KpMCnQ7dT8dwbxrFiTGcIbumHoCYOpske2j1QiNjMaOiSOwQ5rQXyHbWXeS7cdAPZQF EUSMvG+OEdiMB48QMrjOa+gwwno4WEOnHq6BG5FjhDf1yBEihnYMbVPXjhA1oswQerQGQYP4iugn xHRRQ5cuvp38+AitDtVz6Nd9iTzd54DPZI5moPsepTcOQWxiGEUXJsg/RU1NUyvzxG+JmOagU+4I ZQ9hA8N4TZE6ZWcROqHAGMcgYxxDp75hjhGOcxyjHOfJAyROwMH/CQWtxpQsF3wNL/4CUEsDBBQA AAAIAKVoozhsJlV57wAAAHgBAAATAAAATGl2ZUNvbm5lY3RUZXN0Lmh0bUWQy26DMBBF90j8w2hW IEWQTVc1WTRqpUhd5gcm9jRYMTaCIS2t+u/FPNKVz7zvtaqlcYc0UTWTiW+vO9vKRGnyMXgtNniw 3ool4SyHn1gAMEEPDXspriyvjiO+jCeTIWFeSDeew5sLwWT73X4X+wG/cIVxg+8Nbpg/p8nvFEz3 y4cAVW6aLsGMMMMgEvWYCi8IwWtn9a3Cf314OK0M7/bOcAzesxY4knOqXMbjImpbxzIvIgQdDFd4 5l4K7ajvET6tkbrCJ4Sa7bWWGRsaV3GqpY4a8NRMc480wp3cMGWkGxgPqlyuzFaihcXT8t9/UEsD BBQAAAAIAKVoozgqW0CPowEAAKADAAAJAAAAVGVzdC5qYXZhbZPPbtswDMbP81NwPTlD4dxX7LBl GzCgpzZ9AFqmG3WyZEhUnWDwu4+yHUdZpoNBkd/3E/XHuuudZ3jDd6yw7w1x9emh0FnW3qa0S5mi j7XRCpTBEGBPgYGOTLYJ8HUiwZ8CYBG9O90A+9Pe/TTONaW2DMf79D3dP7PX9hXwHNTnQJ2DZjOx ALZb+K4D1oYAI7sOWdieGu1JcYDWeUDo0Us6GvSgnLVS0c5OdmlgAS2wnSdkYcHL0+Nu1YKr3yRa cFJaLRJD9Aa+gKUhzcq7A3P/ebsdhkGOKnrXWKyU6+42D7krg4v/0paQZF65nuxFUmbeK3UViF8C 7VAdKEAJLZpAkKl/2T6yHBphBzrM8Mz+Spwpyv8bnwgb8mL3yzZva2WCZ+5vsW1JrmEp17FN0WL/ p1hO5GRe7ecH8KgtJVM05sJu3Bperk7GWb0sVkl7TUrlu5KhW1lx1n6c0bDJ61dMaeUUmLrKRa56 aYqNLSfzNXRcJyMMBy2v8WYN+T/mukJWByh/HBX1041TeswfpEbzEs+M6vfeo1pbHyGZx2Isir9Q SwECFAAUAAAACACnaKM4seOnj7cCAAC9BAAACgAAAAAAAAAAACAAtoEAAAAAVGVzdC5jbGFzc1BL AQIUABQAAAAIAKVoozhsJlV57wAAAHgBAAATAAAAAAAAAAEAIAC2gd8CAABMaXZlQ29ubmVjdFRl c3QuaHRtUEsBAhQAFAAAAAgApWijOCpbQI+jAQAAoAMAAAkAAAAAAAAAAQAgALaB/wMAAFRlc3Qu amF2YVBLBQYAAAAAAwADALAAAADJBQAAAAA=