Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #11581

Re: Java Web Start Permissions

From Knute Johnson <nospam@knutejohnson.com>
Newsgroups comp.lang.java.programmer
Subject Re: Java Web Start Permissions
Date 2012-01-22 19:02 -0800
Organization A noiseless patient Spider
Message-ID <jfiikv$qcd$1@dont-email.me> (permalink)
References <Xns9FE2D3AAA51CFjpnasty@94.75.214.39>

Show all headers | View raw

On 1/22/2012 5:48 PM, Novice wrote:
> Does anyone here know about permissions in Java Web Start?
>
> I'm starting to learn how to use Java Web Start. After a bumpy start, I
> finally succeeded in getting some Hello World applets and applications to
> work perfectly via Java Web Start.
>
> Now I'm working on a considerably more sophisticated application and
> bumping into issues involving permissions. For example, the first error I
> am getting is:
>
> access denied ("java.util.PropertyPermission" "user.name" "read")
>
> I'm also expecting to need permission to write logs, although I haven't
> gotten that far into executing my code yet. It's possible that there will
> be other things that need permission too.
>
> Can anyone explain how I give the application the permissions it needs?
> I've done some googling on this issue and know that policy files are part
> (or all?) of the solution. I see that I that there is a master permissions
> file as well as individual permission files for individual users, situated
> in their home directories. Is the user's home directory always My Documents
> in Windows? (I'm only worried about serving Windows users for the moment
> but I have no idea which version of Windows they'll have: XP, Vista, 7 or
> whatever.)
>
> I'm assuming the JNLP file for the Java Web Start also needs to have
> something in it to point to the necessary permission. Unfortunately, the
> documentation I've found so far is NOT very clear and examples are scarce
> so I'm not sure what needs to happen in the JNLP file.
>
> I'm also interested in knowing how the user of the application gives his
> consent to any permissions I need. For instance, if I create a policy file
> that gives me permission to do what I need to do, how does the user of the
> Java Web Start application keep me from doing bad things, like deleting
> every file on his hard drive? It seems to me that I should only be able to
> request what I need but that the user of the program needs to be able to
> look over that request, realize how dangerous or harmless that request is,
> and then give consent if he is satisfied that it is safe. But how/when does
> that happen? Do I send him the policy file and then let him eyeball it in a
> text editor to make sure it's not doing something inappropriate? Then wait
> for him to put the policy file in the appropriate place?

The usual method is to sign the .jar file.  The problem with that is 
having to get a certificate that is recognizable by all the browsers. 
They are not cheap and you have to renew them.

I think it is possible for the user to change a policy file and permit 
things such as file access but I've never done it.

You can self sign your certificate but the browser will pop up a dialog 
to tell the user that the application's digital signature cannot be 
verified.  The user may still allow it to run but that really is a big 
security risk.

If you want to see an example of that, go to my aviation page and click 
on the VFR Flight Log link.

http://rabbitbrush.frazmtn.com/aviation

-- 

Knute Johnson

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Java Web Start Permissions Novice <novice@example..com> - 2012-01-23 01:48 +0000
  Re: Java Web Start Permissions Knute Johnson <nospam@knutejohnson.com> - 2012-01-22 19:02 -0800
    Re: Java Web Start Permissions Novice <novice@example..com> - 2012-01-23 19:04 +0000
      Re: Java Web Start Permissions Knute Johnson <nospam@knutejohnson.com> - 2012-01-23 13:41 -0800
        Re: Java Web Start Permissions "John B. Matthews" <nospam@nospam.invalid> - 2012-01-23 21:32 -0500
          Re: Java Web Start Permissions Knute Johnson <nospam@knutejohnson.com> - 2012-01-23 21:22 -0800
            Re: Java Web Start Permissions "John B. Matthews" <nospam@nospam.invalid> - 2012-01-24 01:40 -0500
              Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 09:21 -0500
            Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 04:23 -0500
              Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 04:40 -0500
            Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 05:20 -0500
            Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 06:08 -0500
            Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 07:22 -0500
  Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 05:42 -0500
  Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 07:43 -0500
    Re: Java Web Start Permissions Gunter Herrmann <notformail0106@earthlink.net> - 2012-01-24 16:48 -0500
      Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-24 18:13 -0500
        Re: Java Web Start Permissions Gunter Herrmann <notformail0106@earthlink.net> - 2012-01-25 10:28 -0500
          Re: Java Web Start Permissions Jeff Higgins <jeff@invalid.invalid> - 2012-01-25 12:06 -0500
  Re: Java Web Start Permissions Roedy Green <see_website@mindprod.com.invalid> - 2012-01-24 09:48 -0800

csiph-web