[
https://issues.apache.org/jira/browse/PDFBOX-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14159589#comment-14159589
]
Bertrand GILLIS commented on PDFBOX-2397:
-----------------------------------------
You have indeed understood the flow perfectly.
When an applet is signed, the applet will be able to access any protected
resource as soon as the source code accessing the protected resource asks the
access through the _AccessController_; in particular through the method
_AccessController.doPrivileged()_. But if the applet is not signed, you will
not be able to access the protected resource even if you use this way of coding.
When signing an applet, you will sign it by specifying the "permissions"
attribute.
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions
In my case, the applet is signed with the "permissions" attribute set to
"all-permissions".
If the permissions parameter is not present, signed applets default to
"all-permissions" and unsigned applets default to "sandbox".
When a signed applet is run the first time, the user will have to trust it (the
signing certificate in fact).
If he doesn't trust the certificate, the applet will not be able to access any
protected resource (equivalent to an unsigned applet).
If you need more information about this subject please find it hereby:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/doprivileged.html
So the following code should be the appropriate way of coding:
{code}
private static volatile Color iccOverrideColor = null;
static
{
AccessController.doPrivileged(new PrivilegedAction()
{
public Object run()
{
iccOverrideColor =
Color.getColor("org.apache.pdfbox.ICC_override_color");
return null;
}
});
}
{code}
You don't need to put it between a try/catch statement as it doesn't throw any
exception.
http://docs.oracle.com/javase/7/docs/api/java/security/AccessController.html#doPrivileged%28java.security.PrivilegedAction%29
An even better way of coding would be
{code}
private static volatile Color iccOverrideColor = AccessController
.doPrivileged(new PrivilegedAction() {
public Color run() {
return
Color.getColor("org.apache.pdfbox.ICC_override_color");
}
});
{code}
> Running within an Applet throws an AccessControlException
> ---------------------------------------------------------
>
> Key: PDFBOX-2397
> URL: https://issues.apache.org/jira/browse/PDFBOX-2397
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel
> Affects Versions: 1.8.7
> Environment: JRE 7u67 or JRE 6u45 (Windows 7 SP1 64bit)
> Reporter: Bertrand GILLIS
> Assignee: Tilman Hausherr
> Fix For: 1.8.8
>
>
> As soon as PDFBox is embedded in a signed applet, the following exception is
> thrown when I try to print a PDF document through PDFBox:
> {code}
> Caused by: java.security.AccessControlException: access denied
> ("java.util.PropertyPermission" "org.apache.pdfbox.ICC_override_color" "read")
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown
> Source)
> at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
> at java.lang.System.getProperty(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at java.awt.Color.getColor(Unknown Source)
> at java.awt.Color.getColor(Unknown Source)
> at
> org.apache.pdfbox.pdmodel.graphics.color.PDColorState.<clinit>(PDColorState.java:50)
> {code}
> This issue was also in previous PDFBox versions for the following instruction:
> {code:title=BaseParser.java}
> FORCE_PARSING = Boolean.getBoolean("org.apache.pdfbox.forceParsing");
> {code}
> But it was fixed in later versions:
> {code:title=BaseParser.java}
> static {
> try {
> FORCE_PARSING = Boolean.getBoolean("org.apache.pdfbox.forceParsing");
> }
> catch (SecurityException e) {}
> }
> {code}
> This fixed is unfortunately not set for the current property:
> {code:title=PDColorState.java}
> private static volatile Color iccOverrideColor =
> Color.getColor("org.apache.pdfbox.ICC_override_color");
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
