File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JNLP and Web Start and the fly likes java web start security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "java web start security" Watch "java web start security" New topic

java web start security

nicolas lefeuvre

Joined: Jun 06, 2003
Posts: 3
I wrote a application launched by Java Web Start in a secure environnement (no security tag in the JNLP file).
All the permissions I need are defined in the javaws.policy but the file of the JVM used by Web Start is important because it specifies other policy files like this :
This causes problems in permissions. For example, if the javaws.policy define only these permissions :
grant codeBase "file:${jnlpx.home}/javaws.jar" {
grant {
permission java.util.PropertyPermission "*", "read, write";
And the file:${java.home}/lib/security/java.policy
grant {
The result is that AllPermission is granted. In fact, the policy files are cumulated, and the AllPermission having more priority than others permissions. This is a normal behaviour define by Sun security specification. My question is : is there a mean to use only one policy file without change the file ?
I try to set the policy file like this :
System.setProperty("", System.getProperty("jnlpx.home") + "/javaws.policy");
But others policy files specified by the are used.
Any ideas ?
Thanks a lot.
I agree. Here's the link:
subject: java web start security
It's not a secret anymore!