diff --git a/src/share/classes/sun/awt/SunToolkit.java b/src/share/classes/sun/awt/SunToolkit.java index 7be9b007f2a0cadeed817c2b187ab875a11341e5..350b4049df946a98b28fab79cd0efdd1592d98bc 100644 --- a/src/share/classes/sun/awt/SunToolkit.java +++ b/src/share/classes/sun/awt/SunToolkit.java @@ -50,6 +50,7 @@ import sun.misc.SoftCache; import sun.font.FontDesignMetrics; import sun.awt.im.InputContext; import sun.awt.image.*; +import sun.net.util.URLUtil; import sun.security.action.GetPropertyAction; import sun.security.action.GetBooleanAction; import java.lang.reflect.InvocationTargetException; @@ -720,7 +721,7 @@ public abstract class SunToolkit extends Toolkit if (sm != null) { try { java.security.Permission perm = - url.openConnection().getPermission(); + URLUtil.getConnectPermission(url); if (perm != null) { try { sm.checkPermission(perm); @@ -796,7 +797,7 @@ public abstract class SunToolkit extends Toolkit if (sm != null) { try { java.security.Permission perm = - url.openConnection().getPermission(); + URLUtil.getConnectPermission(url); if (perm != null) { try { sm.checkPermission(perm); diff --git a/src/share/classes/sun/awt/image/URLImageSource.java b/src/share/classes/sun/awt/image/URLImageSource.java index dcddeeb01dd2ddbd40d612bafdb230776900b627..2d4a07cce3d92802560d8f7190e301dc07753833 100644 --- a/src/share/classes/sun/awt/image/URLImageSource.java +++ b/src/share/classes/sun/awt/image/URLImageSource.java @@ -31,6 +31,7 @@ import java.net.HttpURLConnection; import java.net.URL; import java.net.URLConnection; import java.net.MalformedURLException; +import sun.net.util.URLUtil; public class URLImageSource extends InputStreamImageSource { URL url; @@ -43,7 +44,7 @@ public class URLImageSource extends InputStreamImageSource { if (sm != null) { try { java.security.Permission perm = - u.openConnection().getPermission(); + URLUtil.getConnectPermission(u); if (perm != null) { try { sm.checkPermission(perm); diff --git a/src/share/classes/sun/net/util/URLUtil.java b/src/share/classes/sun/net/util/URLUtil.java index 08c1e43ae0422456b4914f85b3388f21d9f70de9..305342b82ff8d9c2d70b2a94100338125f85a1c7 100644 --- a/src/share/classes/sun/net/util/URLUtil.java +++ b/src/share/classes/sun/net/util/URLUtil.java @@ -25,7 +25,10 @@ package sun.net.util; +import java.io.IOException; import java.net.URL; +import java.net.URLPermission; +import java.security.Permission; /** * URL Utility class. @@ -76,5 +79,26 @@ public class URLUtil { return strForm.toString(); } + + public static Permission getConnectPermission(URL url) throws IOException { + String urlStringLowerCase = url.toString().toLowerCase(); + if (urlStringLowerCase.startsWith("http:") || urlStringLowerCase.startsWith("https:")) { + return getURLConnectPermission(url); + } else if (urlStringLowerCase.startsWith("jar:http:") || urlStringLowerCase.startsWith("jar:https:")) { + String urlString = url.toString(); + int bangPos = urlString.indexOf("!/"); + urlString = urlString.substring(4, bangPos > -1 ? bangPos : urlString.length()); + URL u = new URL(urlString); + return getURLConnectPermission(u); + // If protocol is HTTP or HTTPS than use URLPermission object + } else { + return url.openConnection().getPermission(); + } + } + + private static Permission getURLConnectPermission(URL url) { + String urlString = url.getProtocol() + "://" + url.getAuthority() + url.getPath(); + return new URLPermission(urlString); + } }