Skip to Main Content

Java SE (Java Platform, Standard Edition)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Applet accidentally requests Java Core API classes from network

875478Jul 14 2011 — edited Aug 1 2011
Hi,

starting an applet from a customers client machine (IE7, Windows XP, Standard JRE Installation of Java 1.6.0_26), I see in the tomcat access log entries signalizing that core java api classes are accidentally requested from the server:

...
"GET /mywebapp/applet/java/lang/StringBuilder.class HTTP/1.1" 404 1156 0
"GET /mywebapp/applet/javax/swing/JPanel.class HTTP/1.1" 404 1141 0
"GET /mywebapp/applet/java/net/JarURLConnection.class HTTP/1.1" 404 1162 0
"GET /mywebapp/applet/java/util/jar/JarEntry.class HTTP/1.1" 404 1153 0
"GET /mywebapp/applet/java/util/jar/JarFile.class HTTP/1.1" 404 1150 0
...

Although tomcat responses with HTTP 404, the applet works fine.

Questions:
1. For me, it looks like a security risk when the browser tries to load system classes from the network instead of using the local files from the jre dir, doesn't it?
2. When starting the applet from my local machine (different network), no tomcat logfile entries are generated. An interesting fact is, that in the customer network, the applet "codebase" parameter in the HTML source gets modifed by a proxy server for whatever reason like the following:

<applet codebase="http://mydomain.org/mywebapp/applet">

becomes some kind of:

<applet codebase="http://mydomain.org/mywebapp/applet/+sgrkjkrlgjklJKLjekrr4jewlkfjkerlkrelkjgregkjerlkgljkeglkjgjelkLKJLKefjei55435ijjkl=+">

It seems that such codebases confuse the classloader. Any ideas about that?

Thank you so much for any hints!

Comments

Processing
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Aug 29 2011
Added on Jul 14 2011
2 comments
282 views