Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder2.hal-mli.net!weretis.net!feeder4.news.weretis.net!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: Jeff Higgins Newsgroups: comp.lang.java.programmer Subject: Re: Java Web Start Permissions Date: Tue, 24 Jan 2012 05:42:29 -0500 Organization: A noiseless patient Spider Lines: 52 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Tue, 24 Jan 2012 10:33:28 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="BSKXKq4dV+7jFlM4JDctyw"; logging-data="14144"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19K3sz+EepY7fQgeoHY2CmZSfwprWP9990=" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20111110 Icedove/3.0.11 In-Reply-To: Cancel-Lock: sha1:fu2npNnRUR2KBVUyxnRh+KhxlKo= Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:11596 On 01/22/2012 08:48 PM, Novice wrote: > Does anyone here know about permissions in Java Web Start? > > I'm starting to learn how to use Java Web Start. After a bumpy start, I > finally succeeded in getting some Hello World applets and applications to > work perfectly via Java Web Start. > > Now I'm working on a considerably more sophisticated application and > bumping into issues involving permissions. For example, the first error I > am getting is: > > access denied ("java.util.PropertyPermission" "user.name" "read") > > I'm also expecting to need permission to write logs, although I haven't > gotten that far into executing my code yet. It's possible that there will > be other things that need permission too. > > Can anyone explain how I give the application the permissions it needs? > I've done some googling on this issue and know that policy files are part > (or all?) of the solution. I see that I that there is a master permissions > file as well as individual permission files for individual users, situated > in their home directories. Is the user's home directory always My Documents > in Windows? (I'm only worried about serving Windows users for the moment > but I have no idea which version of Windows they'll have: XP, Vista, 7 or > whatever.) > > I'm assuming the JNLP file for the Java Web Start also needs to have > something in it to point to the necessary permission. Unfortunately, the > documentation I've found so far is NOT very clear and examples are scarce > so I'm not sure what needs to happen in the JNLP file. Java Web Start is a JNLP client implementation specified by the Java Network Launching Protocol & API Specification (JSR-56) currently in Version 7.0. That documentation seems clear to me and examples seem abundant. > > I'm also interested in knowing how the user of the application gives his > consent to any permissions I need. For instance, if I create a policy file > that gives me permission to do what I need to do, how does the user of the > Java Web Start application keep me from doing bad things, like deleting > every file on his hard drive? It seems to me that I should only be able to > request what I need but that the user of the program needs to be able to > look over that request, realize how dangerous or harmless that request is, > and then give consent if he is satisfied that it is safe. But how/when does > that happen? Do I send him the policy file and then let him eyeball it in a > text editor to make sure it's not doing something inappropriate? Then wait > for him to put the policy file in the appropriate place? > > >