Bug Tracker item #3418256, was opened at 2011-10-04 03:14
Message generated for change (Comment added) made by bphinz
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126848&aid=3418256&group_id=254363
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Java viewer
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: D. R. Commander (dcommander)
Assigned to: Brian Hinz (bphinz)
Summary: New Java viewer does not start when loaded from Xvnc
Initial Comment:
The new Java viewer in trunk aborts with:
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
when served from Xvnc's embedded HTTP server running on a Linux host. This may
have always been the case, as previously, I've only tested the Java viewer by
invoking it in standalone mode.
----------------------------------------------------------------------
>Comment By: Brian Hinz (bphinz)
Date: 2011-10-05 07:40
Message:
Thanks, I kept seeing that null pointer issue but strangely only if the
applet was launched from chromium, it worked fine in firefox! I chalked it
up to chromium caching an old copy of the applet but obviously that was
wrong. I just committed a slightly different fix (just used a cast rather
than toString like all the other variables).
Can you provide some more detail about OpenJDK's jarsigner? I'm using it
and it seems fine.
As far as clipboard access goes, I think it's working just the same as
TurboVNC. It may be due to the signer certificate being untrusted, but I'm
not sure. Looking at the security policy file it seems like some of the
AccessControlExceptions should not have been thrown in the first place.
I'll have to take a closer look at that tonight.
----------------------------------------------------------------------
Comment By: D. R. Commander (dcommander)
Date: 2011-10-05 04:04
Message:
I added the signing functionality to the CMake Java build. Note that the
OpenJDK jarsigner appears to be broken, so I am having to use the Oracle
JDK jarsigner to sign the JAR. I found several web pages indicating that
others have had the same problem.
I also had to apply
Index: UserPrefs.java
===================================================================
--- UserPrefs.java (revision 4696)
+++ UserPrefs.java (working copy)
@@ -160,7 +160,7 @@
final public static String getFileSeperator() {
String seperator = null;
try {
- seperator =
System.getProperties().get("file.separator").toString();
+ seperator =
Character.toString(java.io.File.separatorChar);
} catch(java.security.AccessControlException e) {
System.out.println("Cannot access file.separator system
property");
}
in order to keep the applet from throwing a NullPointerException. If that
seems like an innocuous patch, then I'll go ahead and commit it.
Unfortunately, clipboard access still doesn't work, nor does the
Configuration File "Save As" button, but I can't make them work in
standalone mode either.
----------------------------------------------------------------------
Comment By: Brian Hinz (bphinz)
Date: 2011-10-04 20:07
Message:
I just looked at the TurboVNC Makefile and that's a really cool trick to
generate a signing key. I thought that the authenticity of the signer
certs needed to be verified against a CA, but I guess not. I'll duplicate
what you did for TurboVNC and re-enable clipboard access for applets.
Thanks!
----------------------------------------------------------------------
Comment By: Brian Hinz (bphinz)
Date: 2011-10-04 19:41
Message:
Yeah, I'm not thrilled with this solution either. Yes, signing the applet
would fix the problem.
----------------------------------------------------------------------
Comment By: D. R. Commander (dcommander)
Date: 2011-10-04 19:38
Message:
Urrr, but wait a second... Accessing the clipboard from the applet is kind
of crucial. TurboVNC can do that as long as the applet is signed. Would
signing the applet fix that for TigerVNC as well?
----------------------------------------------------------------------
Comment By: Brian Hinz (bphinz)
Date: 2011-10-04 18:54
Message:
Patch committed in r4693 that should fix this. Need to verify that this
patch does not disable access to the clipboard for applets launched via
Java WebStart (regular applets, even signed ones, cannot access the
clipboard but JWS applets can.)
----------------------------------------------------------------------
Comment By: Brian Hinz (bphinz)
Date: 2011-10-04 06:30
Message:
I think that this is because by default applets cannot access the
filesystem and the new viewer wants to load a preferences file. I only
ever use it standalone, so I hadn't noticed this. Should be a pretty easy
fix, I'll take a look today.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126848&aid=3418256&group_id=254363
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
