Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6957052

Local drag-and-drop in applets is broken by unnecessary security check

    XMLWordPrintable

    Details

    • Subcomponent:
    • CPU:
      x86
    • OS:
      solaris_8, windows_xp

      Description

      FULL PRODUCT VERSION :
      java version "1.6.0_20"
      Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
      Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7600]

      A DESCRIPTION OF THE PROBLEM :
      Calls of Transferrable.getTransferData fail with security exception because the runtime checks for permission to access the system clipboard. It should not do that, as local drag-and-drop does not access data on the system clipboard, it works with data which belongs to the applet.

      The bug exists in 1.6.0_19 and 1.6.0_20. The problem did not exists in update 18.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Any applet (or at least any unsigned applet?) fails with security exception (see the stack trace) when calling the getTransferData of the Transferrable when trying to complete a local drag-and-drop operation.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Local drag-and-drop within an applet should not check for any security permissions, as it operates on the data originating in the applet itself.
      ACTUAL -
      Calls of Transferrable.getTransferData fail with security exception.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.awt.AWTPermission accessClipboard)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkSystemClipboardAccess(Unknown Source)
      at sun.awt.dnd.SunDropTargetContextPeer.getTransferData(Unknown Source)
      at sun.awt.datatransfer.TransferableProxy.getTransferData(Unknown Source)
      at java.awt.dnd.DropTargetContext$TransferableProxy.getTransferData(Unknown Source)


      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      One can bypass the bug by not calling getTransferData at all. Instead an applet can store the drag data in internal data structures (at the moment when the drag operation is initiated) and use it later to handle the drop.

      This is quite ugly as it completely ignores Java APIs for drag-and-drop and handling of multiple data flavors.

      Release Regression From : 6u18
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              denis Denis Fokin (Inactive)
              Reporter:
              igor Igor Nekrestyanov (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: