1

My application will show documents using java applet viewer and it is working perfectly with Java6. From Java7 and above version, i am not able to view the docs as applet is failing to load the doc. The attributes, which i am using is mentioned below. Could any one suggest me the changes required if any

ANT script:

<target name="build.applet.manifest">
    <tstamp>
        <format property="build.time" pattern="MMMM dd yyyy" />
    </tstamp>

    <manifest file="${vfiles}/work/MANIFEST.MF">
        <attribute name="Built-By" value="${user.name}" />
        <attribute name="Class-Path" value="" />
        <attribute name="Trusted-Library" value="true" />
        <attribute name="Permissions" value="all-permissions" />
        <attribute name="Codebase" value="*" />
        <attribute name="Application-Name" value="${product.cea}" />
        <attribute name="Caller-Allowable-Codebase" value="*.com *.net" />
        <attribute name="Application-Library-Allowable-Codebase" value="*" />
        <attribute name="Implementation-Vendor" value="${imp-vendor}" />
        <attribute name="Implementation-Title" value="${product.cea}" />
        <attribute name="Implementation-Version" value="${project.version} build ${buildNumber} ${build.time}" />
    </manifest>
</target>

Java console output:

network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png : null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/redact-view_disabled.png
cache: registerReference:com.sun.deploy.cache.MemoryCache$CachedResourceReference@a86d6866: 1
 liveconnect: Security Exception: JavaScript from             http://11.22.33.44:8080/myapplication_penn/daeja/show?CwI4rkFs%2FPfsP3Iv9TKaY6kyx3ki8t4UTxVQFbMj7Bx9V7QRa%2BKhCKhvOKvd7oKUIHoTjWvV9GdnZJQzjDR%2FNtR6%2B3%2Bkud0dI%2FQIh3J%2FrSIkctHBhAiV7mkZH0uCuty0 attempted to access a resource it has no rights to. -a1> 4 ji.v1event.k$a -a1 - jiDocumentEvents 15 Sep 2015, 15:58:13, IST (000000000/000000000): Error processing : null
netscape.javascript.JSException: JavaScript error while calling "handleEvent"
            at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)
            at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)
            at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source)
            at ji.applet.support.d.a(Unknown Source)
            at ji.applet.support.d.a(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.a(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.b(Unknown Source)
            at ji.applet.ViewONE_AppletImpl.javaScriptUpdate(Unknown Source)
            at ji.document.t.b(Unknown Source)
            at ji.document.t.a(Unknown Source)
            at ji.v1event.k.c(Unknown Source)
            at ji.v1event.k.a(Unknown Source)
            at ji.v1event.k$a.a(Unknown Source)
            at ji.v1event.k$a.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            at ji.awt.y.run(Unknown Source)
network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png : null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_enabled.png
 cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@4b156f58: 1
network: Cache entry found [url: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png
cache: Resource http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png has expired.
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png with proxy=DIRECT
network: Connecting http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png with cookie "JSESSIONID=7567CD6257EE33B405C94F2C4B14EAE0"
network: ResponseCode for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png : 304
network: Encoding for http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png :  null
network: Disconnect connection to http://11.22.33.44:8080/myapplication_penn/mudoc/image/annot-prev_disabled.png
cache: registerReference:         com.sun.deploy.cache.MemoryCache$CachedResourceReference@286491db: 1
Naresh
  • 147
  • 4
  • 14
  • Does the Java console show an exception? If it does, include the full stack trace in your question. (To enable the Java console, bring up the Java control panel, select the "Advanced" tab, and look for the "Java console" section in the options.) – VGR Sep 15 '15 at 16:31
  • Hi VGR, I have updated the question with java console log – Naresh Sep 15 '15 at 17:22
  • Is the applet deployed to a site that matches your `Caller-Allowable-Codebase` attribute value? I think this will depend on the actual URL that you entered in the browser. – VGR Sep 15 '15 at 18:01
  • Hi VGR, My first query is, Can we have both Caller-Allowable-Codebase and Trusted-Library in manifest file for Java7 and 8 ? This application is working perfectly on Java6 and with Java7&8 getting issues. – Naresh Sep 15 '15 at 18:21
  • Most of these manifest attributes were added in Java 7. According to http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html those two attributes have no relationship to each other: Caller-Allowable-Codebase is for Javascript calls, which seems to be the cause of your exception, while Trusted-Library means all classes in the application must be signed, even in other codebases. – VGR Sep 15 '15 at 18:27

1 Answers1

2

From Oracle Java 7 docs

The Caller-Allowable-Codebase attribute is used to identify the domains from which JavaScript code can make calls to your RIA without security prompts.

You have *.com and *.net in your manifest while your are calling your applet from ip:8080. The error appears in the log.

As a short term fix you should include your IP in the attribute list in the manifest. As a long term fix you should really specify the domains that are trusted and run your applet from there.

FYI this attribute has been added to lower the risk of having your applet stolen and run from another website.

Mathieu Fortin
  • 1,048
  • 7
  • 17