Bug 108940

Summary: SecurityManager throws AccessControlException without asking
Product: [Applications] konqueror Reporter: Christoph Tornau <tornau>
Component: kjavaAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:

Description Christoph Tornau 2005-07-11 19:31:21 UTC 
Version:            (using KDE KDE 3.4.0)
Installed from:    SuSE RPMs
OS:                Linux

When using the securtyManager for signed applets the securityManager asks for access permission for some events which are happening on the file system. This is done by the user interface. You can give access permissions by clicking on the right buttons. 

Our applet opens a simply java fileSelection dialog. Now a AccessControlException is thrown by it without questioning the user. So no file list is displayed by the dialog.

There are also some other AccessControlExceptions which are thrown without questioning:

When you use the applet at http://www.radinks.com/upload/applet.php you will get the following exception:

java.security.AccessControlException: access denied (java.awt.AWTPermission accessClipboard)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
	at java.security.AccessController.checkPermission(AccessController.java:401)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
	at org.kde.kjas.server.KJASSecurityManager.checkPermission(KJASSecurityManager.java:64)
	at java.lang.SecurityManager.checkSystemClipboardAccess(SecurityManager.java:1368)
	at sun.awt.motif.MToolkit.getSystemClipboard(MToolkit.java:438)
	at u.paste(Unknown Source)
	at l.actionPerformed(Unknown Source)
	at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
	at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
	at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
	at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
	at javax.swing.AbstractButton.doClick(AbstractButton.java:289)
	at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:1113)
	at javax.swing.plaf.basic.BasicMenuItemUI$MouseInputHandler.mouseReleased(BasicMenuItemUI.java:943)
	at java.awt.Component.processMouseEvent(Component.java:5100)
	at java.awt.Component.processEvent(Component.java:4897)
	at java.awt.Container.processEvent(Container.java:1569)
	at java.awt.Component.dispatchEventImpl(Component.java:3615)
	at java.awt.Container.dispatchEventImpl(Container.java:1627)
	at java.awt.Component.dispatchEvent(Component.java:3477)
	at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
	at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
	at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
	at java.awt.Container.dispatchEventImpl(Container.java:1613)
	at java.awt.Component.dispatchEvent(Component.java:3477)
	at java.awt.EventQueue.dispatchEvent(EventQueue.java:456)
	at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
	at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)


It seems that the list of access types in the security manager is incomplete.


If you disable the SecurityManager everything works fine. If you use Firefox everything works fine with the applet, too.
Comment 1 Koos Vriezen 2005-07-25 23:54:52 UTC 
Yes, this is still incomplete indeed. IMO first the chain of certificates should work properly to continue with this.
Unfortunately, I'm not into that stuff ATM. I've ask for help, but no one offered any until now :(

*** This bug has been marked as a duplicate of 65602 ***