You are viewing a plain text version of this content. The canonical link for it is here.

Posted to batik-users@xmlgraphics.apache.org by bo...@transentia.com.au on 2008/06/25 08:32:43 UTC

Batik Applet and getURL/XMLHttpRequest?

Hi Group,

I have a simple SVG document that makes use of Batik's getURL()
method to retrieve an XML fragment from the a server (the SAME server
that the document is downloaded from).

If I view this document with Squiggle, all works correctly: the embedded
javascript in the document periodically updates the document
according to what it retrieves from the server.

I also have an applet (based on AppletDemo.java which I have very lightly
modified to accept the name of the SVG document to use as
a parameter from the <applet ... tag).

If I retrieve the SAME SVG document for rendering by my applet
(which is embedded into an HTML document, of course), I get a
NullPointerException, reported in ECMAScript as a JavaException.

I BELIEVE that this is because window.getURL is only a wrapper to the
underlying browser's getURL facility. Squiggle supplies such a facility,
whereas nothing is being exposed to my Applet.

My questions for the group are: how do I obtain a usable getURL? is
there a way of getting to the underlying browser's XMLHttpRequest
instance?

I see MANY comments saying that "Batik may be used to create an applet
viewer" but NO examples that are relevant to what I am trying to do
(AJAXify my document).

I should point out that in the past, I have put into production such
AJAX/SVG systems using Adobe's viewer but now that ASV3 is going
"end of life", I am trying to replace ASV3 with Batik.

Suggestions/comments gratefully accepted.

Cheers,

BOB



---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by th...@kodak.com.

Hi Helder,

"Helder Magalhães" <he...@gmail.com> wrote on 07/16/2008 
11:53:48 AM:

> In a quick experiment I confirmed that this works as expected. 

   Good.

> Any comments on the previous proposal of publishing a marsh up of all
> this somewhere?
> «Should these (and follow-ups to similar threads) be published
> somewhere within the Wiki? Creating an "applet" page in the how-to [2]
> section maybe...?»

   Well Wiki contributions are always welcome and encouraged.
Feel free to create an Applet page on the how-to page.

> Again, thank you for your contribution. ;-)

   Thanks for helping to find the bug.

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by Helder Magalhães <he...@gmail.com>.

>    Thanks, that let me find the problem.  It's our Sandboxing ;)
> Well really it's a bug in the case where we aren't sandboxing that we
> trip over our sandboxing...
Great to know it helped! :-)

> Anyway the fix should be in SVN rev 677245.
>    Good luck.
In a quick experiment I confirmed that this works as expected. I
haven't check for all possible cases nor searched for potential
regressions, though... This probably applies to other "higher
permissions" operation (such as parseXML). :-)

Any comments on the previous proposal of publishing a marsh up of all
this somewhere?
«Should these (and follow-ups to similar threads) be published
somewhere within the Wiki? Creating an "applet" page in the how-to [2]
section maybe...?»

Again, thank you for your contribution. ;-)

Best regards,

 Helder Magalhães

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by th...@kodak.com.

Hi Helder,

Thomas DeWeese wrote:

>>    I doubt the problem is Batik's sandboxing. [...] 
>> Can you get the security exception that is causing the problem?

"Helder Magalhães" <he...@gmail.com> wrote on 07/16/2008 
04:12:42 AM:

> Caused by: java.lang.NullPointerException
>       at 
org.apache.batik.script.rhino.RhinoInterpreter.getAccessControlContext(Unknown 
Source)
>       at org.apache.batik.script.rhino.WindowWrapper.getURL(Unknown 
Source)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

   Thanks, that let me find the problem.  It's our Sandboxing ;)
Well really it's a bug in the case where we aren't sandboxing that we
trip over our sandboxing...  Anyway the fix should be in SVN rev 677245.

   Good luck.

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by Helder Magalhães <he...@gmail.com>.

>    I doubt the problem is Batik's sandboxing.  Unfortunately I
> don't know what the source of the problem is.  I think that getURL
> should work in an Applet without needing signing.  Can you get the
> security exception that is causing the problem?

SVG Error:
Wrapped org.mozilla.javascript.WrappedException: Wrapped
java.lang.NullPointerException (Inline <script>
http://localhost/folder/getURL.svg:7#7) (Event attribute
http://localhost/folder/getURL.svg:4 onload#1)

Environment:
OS - Windows XP SP3
Batik - 1.8pre (rev. 6751108)
Java - 1.6.0_06

Attached are both the test case used ("getURL.svg") and the stack
trace ("BatikGetURLException-StackTrace.txt", copied from "Show
Details") for the exception.

Other (failed) attempts which have been made (and why):
1. Separate the script declarations from the SVG file to a different
(.js) file: check if the Domain exception could be related with the
specific URI from which the script was loaded;
2. Tested in a different machine, using a different operating system
(Ubuntu 8.04): check if the Domain exception could be related with
localhost testing and if it was a Windows-specific issue. Got the same
exception (server name instead of "localhost", of course);
3. Several iterations of running with the "Applet Viewer", using a
custom policy ("-J-Djava.security.policy" argument) lead to understand
that the only required permission seems to be "createClassLoader"
(which is not good news anyway as it is one of the most dangerous to
grant [1]). Attached is the policy ("SvgViewer.policy") which causes
getURL to succeed.

@Bob Brown
Note: All seems to apply to parseXML also ("parseXML.svg" attachment),
which seems to succeed in the same situations. ;-)

I was able to make the exception go away by signing both the applet
and batik jars. Again, it would be awesome to get Batik pass over this
without requiring applet signing. Common Batik-based applets with
"AJAX" support could then be easily created, which would surely boost
Batik usage within the SVG community. :-)

Should these (and follow-ups to similar threads) be published
somewhere within the Wiki? Creating an "applet" page in the how-to [2]
section maybe...?

Best regards,

 Helder Magalhães

[1] http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html
[2] http://wiki.apache.org/xmlgraphics-batik/HowTo

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by th...@kodak.com.

Hi All,

"Helder Magalhães" <he...@gmail.com> wrote on 06/30/2008 
08:45:18 AM:

> > Setting:
> > "C:\Users\ %username%\.java.policy"
> > To:
> > grant {
> >  permission java.security.AllPermission;
> >  };
> > Allowed getURL to work OK on both IE and FF3.
> > This tells me: stop being lazy and properly sign your applet, EVEN IF 
you
> > are only in the early development/learning stages.
> 
> This seems OK for local development but not for a decent attempt to
> widely deploy a Batik-based applet, i.e., obligating users to make
> such configuration is 1) bad for obvious security issues 2) less
> experienced users won't even able to do it.

   Right, it's not good for general applet deployment.

> AFAIK, the main issue may be located in the sample applet's code
> itself - I recall Thomas Deweese has previously stated that the
> sand-boxing (which provokes this issue) resides in "setDocument" [1].

   I doubt the problem is Batik's sandboxing.  Unfortunately I
don't know what the source of the problem is.  I think that getURL
should work in an Applet without needing signing.  Can you get the
security exception that is causing the problem?

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by Helder Magalhães <he...@gmail.com>.

> Setting:
> "C:\Users\ %username%\.java.policy"
> To:
> grant {
>  permission java.security.AllPermission;
>  };
> Allowed getURL to work OK on both IE and FF3.
> This tells me: stop being lazy and properly sign your applet, EVEN IF you
> are only
> in the early development/learning stages.

This seems OK for local development but not for a decent attempt to
widely deploy a Batik-based applet, i.e., obligating users to make
such configuration is 1) bad for obvious security issues 2) less
experienced users won't even able to do it.

AFAIK, the main issue may be located in the sample applet's code
itself - I recall Thomas Deweese has previously stated that the
sand-boxing (which provokes this issue) resides in "setDocument" [1].
Avoiding using this API method can help towards avoiding the special
permissions and therefore running with default applet permissions
(which should be more than enough to perform remote requests).

Is it possible avoid creating the new BridgeContext "setDocument"
seems to? Default applet permissions should be enough for most useful
operations such as opening sockets (getURL/postURL) and parsing XML
(parseXML), commonly used in SVG-based smart clients.

Regards,

 Helder Magalhães

[1] http://www.nabble.com/Problem-calling-applet-method-from-script-in-svg-file-td12479719.html#a12611810

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org

RE: Batik Applet and getURL/XMLHttpRequest?

Posted by Bob Brown <bo...@transentia.com.au>.

Well!

Setting:

"C:\Users\ %username%\.java.policy"

To:

grant {
 permission java.security.AllPermission;
 };

Allowed getURL to work OK on both IE and FF3.

This tells me: stop being lazy and properly sign your applet, EVEN IF you
are only 
in the early development/learning stages.

This surprises me, but then I haven't hacked around Applets for many a
moon...

Thanks to all.

BOB

> Thanks for the reply Helder.
> 
> > > I BELIEVE that this is because window.getURL is only a wrapper to
> the
> > > underlying browser's getURL facility. Squiggle supplies such a
> > facility,
> > > whereas nothing is being exposed to my Applet.
> > Nope. AFAIK the null pointer you are receiving has only got to do
> with
> > a security exception.
> 
> That was my first thought, BUT:
> 
> * I am retrieving the applet and dynamic content from the same host
>   (at the moment, localhost); this is allowed without any need to
> fiddle
>   with signing, etc.
> 
> * I have edited BOTH of:
> 
>   "...\jdk1.6.0_06\jre\lib\security\java.policy"
>   "...\jre1.6.0_06\lib\security\java.policy"
> 
> To be only:
> 
> grant {
> permission java.security.AllPermission;
> };
> 
> This should remove any restrictions (for testing/dev purposes only, of
> course).
> 
> I am on vista, but I don't have the file "C:\Users\ %username%
> \.java.policy"
> 
> Perhaps I should test this...?
> 
> The java console verifies that I am using the 1.6 jre for my applet in
> both
> browsers.
> 
> * in my SVG document, if I try
> 
> If (window.getURL)
>   alert('has getURL!");
> 
> the alert IS presented.
> 
> > You are right, I believe that more applet-based examples should be
> > created so Batik can receive the attention it deserves! :-)
> 
> Seems a logical step, now that Adobe is backing away from SVG.
> 
> Happy to supply an example IF I can get something working!
> 
> > Could you also give a hand here? ;-)
> >
> > [1] http://xmlgraphics.apache.org/mail.html#batik-users
> > [2] http://xmlgraphics.apache.org/mail.html#batik-dev
> > [3] irc://irc.freenode.net/svg
> > [4] http://wiki.apache.org/xmlgraphics-batik/FrontPage
> > [5] http://www.nabble.com/IE8-doesn%27t-do-SVG%2C-now-is-good-timing-
> > for-Batik-to-fix-that-in-a-more-general-way-td15876210.html
> > [6] http://www.nabble.com/Batik-Svg-for-web-td17652069.html#a17665296
> 
> Thanks for these...I have looked at them all.
> 
> Cheers,
> 
> BOB
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
> For additional commands, e-mail: batik-users-
> help@xmlgraphics.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org

RE: Batik Applet and getURL/XMLHttpRequest?

Posted by Bob Brown <bo...@transentia.com.au>.

Thanks for the reply Helder.

> > I BELIEVE that this is because window.getURL is only a wrapper to the
> > underlying browser's getURL facility. Squiggle supplies such a
> facility,
> > whereas nothing is being exposed to my Applet.
> Nope. AFAIK the null pointer you are receiving has only got to do with
> a security exception.

That was my first thought, BUT:

* I am retrieving the applet and dynamic content from the same host
  (at the moment, localhost); this is allowed without any need to fiddle 
  with signing, etc.

* I have edited BOTH of:

  "...\jdk1.6.0_06\jre\lib\security\java.policy"
  "...\jre1.6.0_06\lib\security\java.policy"

To be only:

grant { 
permission java.security.AllPermission; 
};

This should remove any restrictions (for testing/dev purposes only, of
course).

I am on vista, but I don't have the file "C:\Users\ %username%
\.java.policy"

Perhaps I should test this...?

The java console verifies that I am using the 1.6 jre for my applet in both
browsers.

* in my SVG document, if I try

If (window.getURL)
  alert('has getURL!");

the alert IS presented.

> You are right, I believe that more applet-based examples should be
> created so Batik can receive the attention it deserves! :-)

Seems a logical step, now that Adobe is backing away from SVG.

Happy to supply an example IF I can get something working!

> Could you also give a hand here? ;-)
> 
> [1] http://xmlgraphics.apache.org/mail.html#batik-users
> [2] http://xmlgraphics.apache.org/mail.html#batik-dev
> [3] irc://irc.freenode.net/svg
> [4] http://wiki.apache.org/xmlgraphics-batik/FrontPage
> [5] http://www.nabble.com/IE8-doesn%27t-do-SVG%2C-now-is-good-timing-
> for-Batik-to-fix-that-in-a-more-general-way-td15876210.html
> [6] http://www.nabble.com/Batik-Svg-for-web-td17652069.html#a17665296

Thanks for these...I have looked at them all.

Cheers,

BOB


---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org

Re: Batik Applet and getURL/XMLHttpRequest?

Posted by Helder Magalhães <he...@gmail.com>.

> I BELIEVE that this is because window.getURL is only a wrapper to the
> underlying browser's getURL facility. Squiggle supplies such a facility,
> whereas nothing is being exposed to my Applet.
Nope. AFAIK the null pointer you are receiving has only got to do with
a security exception.

> My questions for the group are: how do I obtain a usable getURL? is
> there a way of getting to the underlying browser's XMLHttpRequest
> instance?
There seem to be multiple requests about this in the mailing lists [1]
[2]. In experiments I've attempted to skip the security thing but
wasn't (yet) successful.
I've recently had a chat (at the SVG IRC channel [3]) with Cameron
McCormack (one of the main developers) about the matter and a simple
XMLHttpRequest (XHR) implementation was proposed - based in creating a
bridge with the browser's native XHR object. Unfortunately, I don't
expect having time in the next few weeks for more experiments which,
whenever successful, will then be committed to the Wiki [4] and/or to
the mailing list. :-) Want to help here? There's already a closely
related thread [5] (at batik-dev [2]) which seems to be [6] the proper
place to further develop this subject.

> I see MANY comments saying that "Batik may be used to create an applet
> viewer" but NO examples that are relevant to what I am trying to do
> (AJAXify my document).
You are right, I believe that more applet-based examples should be
created so Batik can receive the attention it deserves! :-)
Could you also give a hand here? ;-)

[1] http://xmlgraphics.apache.org/mail.html#batik-users
[2] http://xmlgraphics.apache.org/mail.html#batik-dev
[3] irc://irc.freenode.net/svg
[4] http://wiki.apache.org/xmlgraphics-batik/FrontPage
[5] http://www.nabble.com/IE8-doesn%27t-do-SVG%2C-now-is-good-timing-for-Batik-to-fix-that-in-a-more-general-way-td15876210.html
[6] http://www.nabble.com/Batik-Svg-for-web-td17652069.html#a17665296

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org