Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!news.swapon.de!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: Knute Johnson Newsgroups: comp.lang.java.programmer Subject: Re: Java Web Start Permissions Date: Sun, 22 Jan 2012 19:02:55 -0800 Organization: A noiseless patient Spider Lines: 63 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Mon, 23 Jan 2012 03:02:55 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="mz/LDSJwiWnk3Jnnqg7x+Q"; logging-data="27021"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19VlAzlTsmV0geEz4HUrK0L" User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 In-Reply-To: Cancel-Lock: sha1:PyVKb0lP60nJlQyrsFvLz36Bccs= Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:11581 On 1/22/2012 5:48 PM, Novice wrote: > Does anyone here know about permissions in Java Web Start? > > I'm starting to learn how to use Java Web Start. After a bumpy start, I > finally succeeded in getting some Hello World applets and applications to > work perfectly via Java Web Start. > > Now I'm working on a considerably more sophisticated application and > bumping into issues involving permissions. For example, the first error I > am getting is: > > access denied ("java.util.PropertyPermission" "user.name" "read") > > I'm also expecting to need permission to write logs, although I haven't > gotten that far into executing my code yet. It's possible that there will > be other things that need permission too. > > Can anyone explain how I give the application the permissions it needs? > I've done some googling on this issue and know that policy files are part > (or all?) of the solution. I see that I that there is a master permissions > file as well as individual permission files for individual users, situated > in their home directories. Is the user's home directory always My Documents > in Windows? (I'm only worried about serving Windows users for the moment > but I have no idea which version of Windows they'll have: XP, Vista, 7 or > whatever.) > > I'm assuming the JNLP file for the Java Web Start also needs to have > something in it to point to the necessary permission. Unfortunately, the > documentation I've found so far is NOT very clear and examples are scarce > so I'm not sure what needs to happen in the JNLP file. > > I'm also interested in knowing how the user of the application gives his > consent to any permissions I need. For instance, if I create a policy file > that gives me permission to do what I need to do, how does the user of the > Java Web Start application keep me from doing bad things, like deleting > every file on his hard drive? It seems to me that I should only be able to > request what I need but that the user of the program needs to be able to > look over that request, realize how dangerous or harmless that request is, > and then give consent if he is satisfied that it is safe. But how/when does > that happen? Do I send him the policy file and then let him eyeball it in a > text editor to make sure it's not doing something inappropriate? Then wait > for him to put the policy file in the appropriate place? The usual method is to sign the .jar file. The problem with that is having to get a certificate that is recognizable by all the browsers. They are not cheap and you have to renew them. I think it is possible for the user to change a policy file and permit things such as file access but I've never done it. You can self sign your certificate but the browser will pop up a dialog to tell the user that the application's digital signature cannot be verified. The user may still allow it to run but that really is a big security risk. If you want to see an example of that, go to my aviation page and click on the VFR Flight Log link. http://rabbitbrush.frazmtn.com/aviation -- Knute Johnson