import java.applet.Applet;
import java.lang.*;
import java.io.*;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.*;
public class Doc extends Applet {
public void init() {
String docString = "Hello World";
InputStream is = new ByteArrayInputStream(docString.getBytes());
try {
DocumentBuilder builder =
DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document document = builder.parse(is);
} catch (Throwable t) {
System.out.println( "Error occurred");
t.printStackTrace();
}
System.out.println("Tried and got here");
}
}
I get the same error with IE and mozilla for 1.4.1_03:
Error occurred
java.security.AccessControlException: access denied
(java.util.PropertyPermission entityExpansionLimit read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at org.apache.crimson.parser.Parser2.init(Unknown Source)
at org.apache.crimson.parser.Parser2.parse(Unknown Source)
at org.apache.crimson.parser.XMLReaderImpl.parse(Unknown Source)
at org.apache.crimson.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at Doc.init(Doc.java:16)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Tried and got here
Try it out for yourself here:
http://demo.capmon.dk/~pvm/docbug/doc.html
http://demo.capmon.dk/~pvm/docbug/ contains .html, .java and .class files.
With 1.4.1_02, it finishes with this exception, which is fine.
org.xml.sax.SAXParseException: Document root element is missing
But 1.4.1_03 throws a
java.security.AccessControlException: access denied
Which is not fine as far as I can see.
In the release notes for JDK 1.4.2 this new property is
explained:
http://java.sun.com/j2se/1.4.2/relnotes.html
Apparently, it was retroactively added to 1.4.1_03, because
the release notes mention a fix for: "Large number of entity
expansions cause 100 % CPU resulting in DoS condition.":
http://developer.java.sun.com/developer/bugParade/bugs/4791146.html
It looks like this new property was not not added to the
list of system properties that can be read from an applet.
--Steve