United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: 6675802 Regression: heavyweight popups cause SecurityExceptions in applets
6675802 : Regression: heavyweight popups cause SecurityExceptions in applets

Details
Type:
Bug
Submit Date:
2008-03-14
Status:
Closed
Updated Date:
2011-03-07
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
client-libs
OS:
generic,windows_xp
Sub-Component:
javax.swing
CPU:
x86,generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u10,7
Fixed Versions:
7

Related Reports
Backport:
JDK-2160179 - Regression: heavyweight popups cause SecurityExceptions in applets
Relates:
JDK-6691503 - Malicious applet can show always-on-top popup menu which has whole screen size
Relates:
JDK-6580930 - Swing Popups should overlap taskbar

Sub Tasks

Description
The fix for 6580930, to cause Swing popups to overlap the Windows taskbar, has caused a regression in sandboxed applications or applets which cause a heavyweight popup to be raised:

Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.awt.AWTPermission setWindowAlwaysOnTop)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
	at java.security.AccessController.checkPermission(AccessController.java:546)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
	at java.awt.Window.setAlwaysOnTop(Window.java:2014)
	at javax.swing.Popup$HeavyWeightWindow.<init>(Popup.java:215)
	at javax.swing.Popup.createComponent(Popup.java:192)
	at javax.swing.Popup.reset(Popup.java:130)
	at javax.swing.PopupFactory$HeavyWeightPopup.getHeavyWeightPopup(PopupFactory.java:328)
	at javax.swing.PopupFactory.getHeavyWeightPopup(PopupFactory.java:257)
	at javax.swing.PopupFactory.getPopup(PopupFactory.java:218)
	at javax.swing.PopupFactory.getPopup(PopupFactory.java:163)
	at javax.swing.plaf.PopupMenuUI.getPopup(PopupMenuUI.java:44)
	at javax.swing.JPopupMenu.getPopup(JPopupMenu.java:784)
	at javax.swing.JPopupMenu.setVisible(JPopupMenu.java:737)
	at javax.swing.JPopupMenu.show(JPopupMenu.java:910)
	at com.altio.examples.applets.PopupTest$3.actionPerformed(PopupTest.java:60)
	at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
	at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
	at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
	at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
	at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
	at java.awt.Component.processMouseEvent(Component.java:6099)
	at javax.swing.JComponent.processMouseEvent(JComponent.java:3265)
	at java.awt.Component.processEvent(Component.java:5864)
	at java.awt.Container.processEvent(Container.java:2058)
	at java.awt.Component.dispatchEventImpl(Component.java:4466)
	at java.awt.Container.dispatchEventImpl(Container.java:2116)
	at java.awt.Component.dispatchEvent(Component.java:4296)
	at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322)
	at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3986)
	at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916)
	at java.awt.Container.dispatchEventImpl(Container.java:2102)
	at java.awt.Component.dispatchEvent(Component.java:4296)
	at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:284)
	at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
	at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
	at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

The attached test case from a customer illustrates the problem. This problem was reported on the 6uN early access forum:
  http://forums.java.net/jive/thread.jspa?threadID=38012&tstart=0

Comments
WORK AROUND

There is no a good workaround. However, you can grant the needed permission by signing your applet or modifying local security policies.
2008-04-23 
SUGGESTED FIX

webrevs: http://sa.sfbay.sun.com/projects/swing_data/7/6675802/
test: test/javax/swing/JPopupMenu/6675802/bug6675802.java
---
src/share/classes/javax/swing/Popup.java
*** 227,238 ****
--- 227,245 ----
              setFocusableWindowState(false);
              setName("###overrideRedirect###");
              // Popups are typically transient and most likely won't benefit
              // from true double buffering.  Turn it off here.
              getRootPane().setUseTrueDoubleBuffering(false);
+             java.security.AccessController.doPrivileged(
+                     new java.security.PrivilegedAction<Object>() {
+                         public Object run() {
                              setAlwaysOnTop(true);
+                             return null;
                          }
+                     }
+             );
+         }
  
          public void update(Graphics g) {
              paint(g);
          }
2008-04-18 
EVALUATION

Thanks to ###@###.###, who has already wrote that the problem is in the Popup class. Wrapping setAlwaysOnTop(true) in AccessController.doPrivileged() solves the problem.
2008-04-16 
EVALUATION

I reproduced the bug. Certainly, it is a regression of 6580930.
2008-04-15 
SUGGESTED FIX

Use AccessController.doPrivileged() around the call to setAlwaysOnTop(true), if this is appropriate and isn't a security risk.
2008-03-14


Hardware and Software, Engineered to Work Together