Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Signed Applets

clipboard security issues

Using jre 1.5.0_06 i can copy and paste to and from an unsigned applet using the keystrokes, with no special policy settings.

However if I try to access the system clipboard through the code i.e. Toolkit.getDefaultToolkit().getSystemClipboard()

I will get a security exception.

My hunch is that this is a bug due to the fact that Swing implements the copy and paste functionality, via the TransferHandler, for these components. Since the implementation accesses the system clipboard for me, and does it in a trusted package, it works with no security exception.

I am only a year out of school and still very much learning the details of Swing and Java, can anyone shed more light on this for me or at least point me towards a good source of information.

I can't seem to find a recent post about this in these forums.

Thanks in advance.

Rich

[892 byte] By [hellpa] at [2007-11-26 13:32:38]
«« Upgrade Java requirement for 32bit if 64 bit is all that is needed
»» Sun One Web Server
# 1

You really should pay more attention to the API documentation (you can find it online here: http://java.sun.com/j2se/1.5.0/docs/api/ and there is a download link somewhere to be found further up: http://java.sun.com/j2se/1.5.0/docs/).

Anyway, as stated in the API docs for the getSystemClipboard() method: Each actual implementation of this method should first check if there is a security manager installed. If there is, the method should call the security manager's checkSystemClipboardAccess method to ensure it's ok to to access the system clipboard..

For the record; its referencing to the java.lang.SecurityManager class here.

Lion-Oa at 2007-7-7 22:10:56 > top of Java-index,Security,Signed Applets...
# 2

Thanks for the link to the API even though I'm not sure if you were being condescending or you really didn't think I knew where the java api was.

Anyhow I think maybe my question wasn't clear.

I understand why getSystemClipboard() is causing the security exception. That is the behavior I expected. I'm wondering how come you can copy and paste using the action keys.

Thats what I thought might have been a bug.

The other thing I thought was that maybe it was the browser giving the capability and Java wasn't even involved.

Anyone know about this stuff?

richo13a at 2007-7-7 22:10:56 > top of Java-index,Security,Signed Applets...
# 3
If you have an input field in an applet and use a key combination (ctrl-v in Windows and some Linux/Unix GUI environments) then this is handled on another level; outside the applet scope and even outside the JVM scope. Not the JVM but the GUI handler(s) will be responsible for that.
Lion-Oa at 2007-7-7 22:10:56 > top of Java-index,Security,Signed Applets...
Security
Signed Applets

Security New Topic

Security Hot Topic

Security

All Classified