Bug ID: 6582571 Webcam applets failure after updating JRE to 6u02/6u03/6u10 works with 1.4.2

6582571 : Webcam applets failure after updating JRE to 6u02/6u03/6u10 works with 1.4.2_14

Details

Type:	Bug	Submit Date:	2007-07-19
Status:	Closed	Updated Date:	2010-11-03
Project Name:	JDK	Resolved Date:	2008-06-18
Component:	deploy	OS:	windows_vista,windows_xp
Sub-Component:	plugin	CPU:	x86
Priority:	P3
Resolution:	Fixed
Affected Versions:	5.0,6,6u2,6u3,6u10
Fixed Versions:	6u10

Related Reports

Backport:	JDK-2199052 - Webcam applets failure after updating JRE to 6u02/6u03/6u10 works with 1.4.2_14
Relates:	JDK-6729677 - popcap- applet games fail to load

Sub Tasks

Description

FULL PRODUCT VERSION :
Version 1.6.0 (build 1.6.0_02-b06)

FULL OS VERSION :
Operating system Xp sp2 All updates completed to date
ATI RADEON X1600

BROWSER VERSION:
Internet Explorer IE7

Problem Details:

Webcam hosting and Webcam Network sites using Java applets fails to work properly after updating to latest JRE release Version 1.6.0 (build 1.6.0_02-b06).

Actual Behavior:
Launch a web cam applet site, for example:
http://www.paris-live.com/paris_webcam/eiffel_tower_cam4.htm
Note: Ensure Java Sun (JRE) is enabled for Internet Explorer under Advanced settings. Also Plug-in is listed enabled in IE Add-ons

Applet display the initial image and remaining steadfast/stuck thereafter without any further movement. This is a general behavior among common webcam applets and across different browser(s) including Firefox/Mozilla etc. Also note that all the sites I tried to run are listed as trusted/safe, so that they loads without permission and any active x extras can be installed. Normal Java applet loads correctly.

This seems to be a regression since testing with 1.4.2_14, applets performed fine.

Some example web sites (applets) exhibiting problem:

1. http://www.paris-live.com/paris_webcam/eiffel_tower_cam4.htm
2. http://www.standrews.com/webcams/oldcourse.htm
Note: for some reason the Edinburgh City Centre does work
3 Many cams at http://www.networkwebcams.co.uk/
Few more applets with failures reported after updating to 6u03:
4. http://www.highcountrywebcams.com/webcameras_sprucepine.htm
5. http://www.highcountrywebcams.com/webcameras_BeechSlopeside.htm
6. http://www.highcountrywebcams.com/webcameras_appalachian.htm

Tested with java version "1.6.0_10-ea" release:
Applets still failed to work.
This is confirmed to fail with latest available JRE version at java.com that is 6u03 and latest available Java Kernel release 6u10ea at java.net

Expected Behavior:
Applets should be able to provide live feed/pictures continually.

Comments

EVALUATION

Basically, there are two issues:

1.) Since java 1.6, the image source of an image created by plugin was changed to a byte array from a url. When an image is flushed and reconstructed, it is constructed from the in-memory byte array instead of opening the url and reading from the web.

2). Java plugin cache checks and downloads resources from web only once per browser session. This prevents updated image files on webserver being checked and downloaded.

The fix is to change url as the image source and flush plugin cache entry when image.flush() is called. This works for the classic 1.6 plugin and the new out-of-process plugin (avail in 6u10). The new plugin supports to run applets in earlier java vms (for example, 1.5 and 1.4.2). There is one scenario that the problem may still happen which is when applets are run in the new plugin and 1.4.2 jvm. Note this is not common user case. And none of the current webcam applets fall into this scenario. To workaround it, webmasters of those applets need configure their web servers to send "No-Cache" or "Expires" directives in HTTP header to tell java plugin not to cache those files.

2008-03-04

EVALUATION

The webcam applet (use http://www.highcountrywebcams.com/webcameras_BannerElk.htm as an example) depends on Image.flush() to update images from the server. The image on the server has the same file name and supposed to be updated by the webcam frequently. Plugin implementation of AppletContext.getImage() cache images in a hash map. If Image.flush() does not nullify the cached image, the cached version will always be painted.

In the new OOPP plugin, there appears to be a separate security issue. The security manager does not permit to resove host name. In the old plugin, it has no this issue.

Exception in OOPP

access: access denied (java.net.SocketPermission www.highcountrywebcams.com resolve)
basic: Removed progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@13bad12
Exception in thread "thread applet-View.class-1" java.security.AccessControlException: access denied (java.net.SocketPermission www.highcountrywebcams.com resolve)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkConnect(Unknown Source)
        at sun.plugin2.applet.Applet2Manager$AppletContextImpl.getImage(UnknownSource)
        at java.applet.Applet.getImage(Unknown Source)
        at java.applet.Applet.getImage(Unknown Source)
        at View.refreshImage(View.java:105)
        at View.init(View.java:81)
        at sun.plugin2.applet.Applet2Manager$AppletExecutionRunnable.run(UnknownSource)
        at java.lang.Thread.run(Unknown Source)

Domain permissions in old plugin:
 (java.net.SocketPermission www.highcountrywebcams.com connect,accept,resolve)

2008-02-05

EVALUATION

The security exception in the new OOPP seems to be caused by a applet class (View.class) on the desktop. It looks that plugin loads the View.class from the Destktop and the applet ProtecionDomain is the Desktop which has no permission connectiong the http server. After I deleted the View.class from the Desktop, it worked fine connecting to the server.

2008-02-05

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together