Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Easy Learn Java: Programming Articles, Examples and Tips - Page 505


Previous 1060 Stories (530 Pages, 2 Per Page) Next

Security Vulnerabilities in the Java Runtime Environment Image Parsing Code

Go to all tips in Security

Java Security Alert! The Sun JDK uses native code for image parsing and the parser contains a buffer overflow vulnerability.

A buffer overflow vulnerability is a kind of security hole when an application can put its executable code or data behind the border (in memory) which OS allocates for this this application, including a data. It results in a situation when a code is placed outside of permitted place in memory where it is allowed to do it. Look at affected versions and the solution below.

A buffer overflow vulnerability in the parser may allow an untrusted applet or application to elevate its privileges in OS. For example, an applet may grant itself permissions to read and write local files. It can probably execute local applications that are accessible to the user running the untrusted applet.


Generally speaking an image in not containing an image, but executable code which can be executed in JRE's or JDK's memory area with privileges which are granted to that JRE or JDK!

Affected versions are listed below. You need to update your Java ASAP! Look here for the solution.

Vulnerable Java versions are listed here:

Sun SDK (Solaris Production Release) 1.4.2 _08
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.3.1 _15
Sun SDK (Solaris Production Release) 1.3.1 _14
Sun SDK (Solaris Production Release) 1.3.1 _13
Sun SDK (Solaris Production Release) 1.3.1 _12
Sun SDK (Solaris Production Release) 1.3.1 _11
Sun SDK (Solaris Production Release) 1.3.1 _10
Sun SDK (Solaris Production Release) 1.3.1 _09
Sun SDK (Solaris Production Release) 1.3.1 _08
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun JDK (Windows Production Release) 1.5 .0_05
Sun JDK (Windows Production Release) 1.5 .0_04
Sun JDK (Windows Production Release) 1.5 .0_03
Sun JDK (Windows Production Release) 1.5
Sun JDK (Windows Production Release) 1.6.0_01-b06
Sun JDK (Windows Production Release) 1.5.0_11-b03
Sun JDK (Windows Production Release) 1.5.0_07-b03
Sun JDK (Windows Production Release) 1.5.0.0_09
Sun JDK (Windows Production Release) 1.5.0.0_08
Sun JDK (Windows Production Release) 1.3.1_20
Sun JDK (Linux Production Release) 1.5 _07
Sun JDK (Linux Production Release) 1.5 .0_05
Sun JDK (Linux Production Release) 1.5 .0_04
Sun JDK (Linux Production Release) 1.5 .0_03
Sun JDK (Linux Production Release) 1.5
Sun JDK (Linux Production Release) 1.5
Sun JDK (Linux Production Release) 1.5.0.0_09
Sun JDK (Linux Production Release) 1.5.0.0_08
Sun Java 2 Runtime Environment 1.5 _07
Sun Java 2 Runtime Environment 1.5 _06
Sun Java 2 Runtime Environment 1.5 _05
Sun Java 2 Runtime Environment 1.5 _04
Sun Java 2 Runtime Environment 1.5 _03
Sun Java 2 Runtime Environment 1.5 _02
Sun Java 2 Runtime Environment 1.5 _01
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.5.0_10
Sun Java 2 Runtime Environment 1.5.0_09
Sun Java 2 Runtime Environment 1.3.1_20

Not Vulnerable Java versions:

Sun Sun Java 2 Runtime Environment 1.6.0_01
Sun SDK (Solaris Production Release) 1.3.1_20
Sun JDK (Windows Production Release) 1.6.0_01
Sun JDK (Windows Production Release) 1.5.0.0_11
Sun JDK (Linux Production Release) 1.6.0_01
Sun JDK (Linux Production Release) 1.5.0.0_11
Sun Java 2 Runtime Environemnt 1.5.0_11


4528 bytes more | comments? | Printer Friendly Page  Send to a Friend | Score: 0
Posted by aalex on Thursday, June 07, 2007 (05:19:46) (2464 reads)

Easy Java Lecture 17: Layout managers - a visual guide part III

Go to all tips in Java Lectures by Anatoliy Malyarenko

Part 3, Part II , Part I is here

How to use CardLayout

Here's a snapshot of an application that uses a CardLayout to switch between two panels.

how to use cardLayout demo picture how to use cardLayout demo picture


The CardLayout class helps you manage two or more components (usually JPanel instances) that share the same display space. When using CardLayout, you need to provide a way to let the user choose between the components. CardLayoutDemo uses a combo box for this purpose.


An easier but less flexible way to accomplish the same task is to use a tabbed pane. Here's a picture of a tabbed pane version of the preceding example:

Because a tabbed pane provides its own GUI, using a tabbed pane is simpler than using CardLayout.

Conceptually, each component a CardLayout manages is like a playing card or trading card in a stack, where only the top card is visible at any time. You can choose the card that's showing in any of the following ways:

  • By asking for either the first or last card, in the order it was added to the container.
  • By flipping through the deck backwards or forwards.
  • By specifying a card with a specific name. This is the scheme CardLayoutDemo uses.

The following code from CardLayoutDemo.java creates the CardLayout and the components it manages.

Code:


//Where instance variables are declared:
JPanel cards;
final static String BUTTONPANEL = "JPanel with JButtons";
final static String TEXTPANEL = "JPanel with JTextField";
//Where the components controlled by the CardLayout are
//initialised. Create the "cards".
JPanel card1 = new JPanel();
...
JPanel card2 = new JPanel();
...
//Create the panel that contains the "cards".
cards = new JPanel(new CardLayout());
cards.add(card1, BUTTONPANEL);
cards.add(card2, TEXTPANEL);

When you add a component to a container that a CardLayout manages, you must specify a string that identifies the component being added. For example, in this example, the first panel has the string "JPanel with JButtons", and the second panel has the string"JPanel with JTextField". In this example, those strings are also used in the combo box.

To choose which component a CardLayout shows, you need some additional code. Here's how the example program does this:

Code:


//Where the GUI is assembled:
//Put the JComboBox in a JPanel to get a nicer look.
JPanel comboBoxPane = new JPanel();
//use FlowLayout String
comboBoxItems[] = { BUTTONPANEL, TEXTPANEL };
JComboBox cb = new JComboBox(comboBoxItems);
cb.setEditable(false);
cb.addItemListener(this);
comboBoxPane.add(cb);
...
pane.add(comboBoxPane, BorderLayout.PAGE_START);
pane.add(cards, BorderLayout.CENTER);
...
public void itemStateChanged(ItemEvent evt) {
    CardLayout cl = (CardLayout)(cards.getLayout());
    cl.show(cards, (String)evt.getItem());
}


This example shows that you can use the CardLayout show method to set the currently showing component. The first argument to the show method is the container the CardLayout controls -- that is, the container of the components the CardLayout manages. The second argument is the string that identifies the component to show. This string is the same as was used when adding the component to the container.

How to use FlowLayout

The FlowLayout class provides a very simple layout manager that is used, by default, by JPanels. Here's a picture of an example that uses a flow layout:

FlowLayout puts components in a row, sized at their preferred size. If the horizontal space in the container is too small to put all the components in one row, FlowLayout uses multiple rows. If the container is wider than necessary for a row of components, the row is, by default, centred horizontally within the container. You can specify that it stick to the left or right side instead by using a FlowLayout constructor that takes an alignment argument. You can also specify how much vertical or horizontal padding is put around the components.

Below is the code from FlowLayoutDemo.java that creates the FlowLayout and the components it manages.

Code:


contentPane.setLayout(new FlowLayout());
contentPane.add(new JButton("Button 1"));
contentPane.add(new JButton("Button 2"));
contentPane.add(new JButton("Button 3"));
contentPane.add(new JButton("Long-Named Button 4"));
contentPane.add(new JButton("5"));

How to use GridBagLayout

Here's a picture of an example that uses GridBagLayout.

how to use gridbaglayout


GridBagLayout is one of the most flexible -- and complex -- layout managers the Java platform provides. A GridBagLayout places components in a grid of rows and columns, allowing specified components to span multiple rows or columns. Not all rows necessarily have the same height. Similarly, not all columns necessarily have the same width. Essentially, GridBagLayout places components in rectangles (cells) in a grid, and then uses the components' preferred sizes to determine how big the cells should be.

The following figure shows the grid for the preceding applet. As you can see, the grid has three rows and three columns. The button in the second row spans all the columns; the button in the third row spans the two right columns.

The way the program specifies the size and position characteristics of its components is by specifying constraints for each component, To specify constraints, you set instance variables in a GridBagConstraints object and tell the GridBagLayout (with the setConstraints method) to associate the constraints with the component.

GridBagLayout was contributed to Javasoft by a programmer who wanted to support the Java effort. It was intended as a proof that the Swing offered enough features for programmers to write their own layout managers. It wasn't designed with human factors and ease of use in mind. If it bothers you (it bothers me) then just don't use it.

How to use GridLayout

Here's a snapshot of an application that uses a GridLayout.

A GridLayout places components in a grid of cells. Each component takes all the available space within its cell, and each cell is exactly the same size. If you resize the GridLayoutDemo window, you'll see that the GridLayout changes the cell size so that the cells are as large as possible, given the space available to the container.

Below is the code that creates the GridLayout and the components it manages.

Code:

pane.setLayout(new GridLayout(0,2));
pane.add(new JButton("Button 1"));
pane.add(new JButton("Button 2"));
pane.add(new JButton("Button 3"));
pane.add(new JButton("Long-Named Button 4"));
pane.add(new JButton("5"));

The constructor tells the GridLayout class to create an instance that has two columns and as many rows as necessary.

Exercise

The RGBColorChooser applet (in the folder RGB) lets the user set the red, green, and blue levels in a colour by manipulating sliders. Something like this could make a useful custom component. Such a component could be included in a program to allow the user to specify a drawing colour, for example. Rewrite the RGBColorChooser as a component.

Make it a subclass of JPanel instead of JApplet. Instead of doing the initialisation in an init() method, you'll have to do it in a constructor. The component should have a method, getColor(), that returns the colour currently displayed on the component. It should also have a method, setColor(Color c), to set the colour to a specified value. Both these methods would be useful to a program that uses your component.

In order to write the setColor(Color c) method, you need to know that if c is a variable of type Color, then c.getRed() is a function that returns an integer in the range 0 to 255 that gives the red level of the colour. Similarly, the functions c.getGreen() and c.getBlue() return the blue and green components.

Test your component by using it in a simple applet that sets the component to a random colour when the user clicks on a button.

You can find solution in the files RGBChooserComponent.java, TestRGB.java, and TestRGB.html in the folder RGB.


8797 bytes more | comments? | Printer Friendly Page  Send to a Friend | Score: 0
Posted by jalex on Monday, May 28, 2007 (20:12:22) (2816 reads)

Previous 1060 Stories (530 Pages, 2 Per Page) Next

530| 529| 528| 527| 526| 525| 524| 523| 522| 521| 520| 519| 518| 517| 516| 515| 514| 513| 512| 511| 510| 509| 508| 507| 506|
505
| 504| 503| 502| 501| 500| 499| 498| 497| 496| 495| 494| 493| 492| 491| 490| 489| 488| 487| 486| 485| 484| 483| 482| 481| 480| 479| 478| 477| 476| 475| 474| 473| 472| 471| 470| 469| 468| 467| 466| 465| 464| 463| 462| 461| 460| 459| 458| 457| 456| 455| 454| 453| 452| 451| 450| 449| 448| 447| 446| 445| 444| 443| 442| 441| 440| 439| 438| 437| 436| 435| 434| 433| 432| 431| 430| 429| 428| 427| 426| 425| 424| 423| 422| 421| 420| 419| 418| 417| 416| 415| 414| 413| 412| 411| 410| 409| 408| 407| 406| 405| 404| 403| 402| 401| 400| 399| 398| 397| 396| 395| 394| 393| 392| 391| 390| 389| 388| 387| 386| 385| 384| 383| 382| 381| 380| 379| 378| 377| 376| 375| 374| 373| 372| 371| 370| 369| 368| 367| 366| 365| 364| 363| 362| 361| 360| 359| 358| 357| 356| 355| 354| 353| 352| 351| 350| 349| 348| 347| 346| 345| 344| 343| 342| 341| 340| 339| 338| 337| 336| 335| 334| 333| 332| 331| 330| 329| 328| 327| 326| 325| 324| 323| 322| 321| 320| 319| 318| 317| 316| 315| 314| 313| 312| 311| 310| 309| 308| 307| 306| 305| 304| 303| 302| 301| 300| 299| 298| 297| 296| 295| 294| 293| 292| 291| 290| 289| 288| 287| 286| 285| 284| 283| 282| 281| 280| 279| 278| 277| 276| 275| 274| 273| 272| 271| 270| 269| 268| 267| 266| 265| 264| 263| 262| 261| 260| 259| 258| 257| 256| 255| 254| 253| 252| 251| 250| 249| 248| 247| 246| 245| 244| 243| 242| 241| 240| 239| 238| 237| 236| 235| 234| 233| 232| 231| 230| 229| 228| 227| 226| 225| 224| 223| 222| 221| 220| 219| 218| 217| 216| 215| 214| 213| 212| 211| 210| 209| 208| 207| 206| 205| 204| 203| 202| 201| 200| 199| 198| 197| 196| 195| 194| 193| 192| 191| 190| 189| 188| 187| 186| 185| 184| 183| 182| 181| 180| 179| 178| 177| 176| 175| 174| 173| 172| 171| 170| 169| 168| 167| 166| 165| 164| 163| 162| 161| 160| 159| 158| 157| 156| 155| 154| 153| 152| 151| 150| 149| 148| 147| 146| 145| 144| 143| 142| 141| 140| 139| 138| 137| 136| 135| 134| 133| 132| 131| 130| 129| 128| 127| 126| 125| 124| 123| 122| 121| 120| 119| 118| 117| 116| 115| 114| 113| 112| 111| 110| 109| 108| 107| 106| 105| 104| 103| 102| 101| 100| 99| 98| 97| 96| 95| 94| 93| 92| 91| 90| 89| 88| 87| 86| 85| 84| 83| 82| 81| 80| 79| 78| 77| 76| 75| 74| 73| 72| 71| 70| 69| 68| 67| 66| 65| 64| 63| 62| 61| 60| 59| 58| 57| 56| 55| 54| 53| 52| 51| 50| 49| 48| 47| 46| 45| 44| 43| 42| 41| 40| 39| 38| 37| 36| 35| 34| 33| 32| 31| 30| 29| 28| 27| 26| 25| 24| 23| 22| 21| 20| 19| 18| 17| 16| 15| 14| 13| 12| 11| 10| 9| 8| 7| 6| 5| 4| 3| 2| 1|


Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy