• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java web start security

 
nicolas lefeuvre
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I wrote a application launched by Java Web Start in a secure environnement (no security tag in the JNLP file).
All the permissions I need are defined in the javaws.policy but the java.security file of the JVM used by Web Start is important because it specifies other policy files like this :
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
This causes problems in permissions. For example, if the javaws.policy define only these permissions :
grant codeBase "file:${jnlpx.home}/javaws.jar" {
permission java.security.AllPermission;
};
grant {
permission java.util.PropertyPermission "*", "read, write";
};
And the file:${java.home}/lib/security/java.policy
grant {
permission java.security.AllPermission;
};
The result is that AllPermission is granted. In fact, the policy files are cumulated, and the AllPermission having more priority than others permissions. This is a normal behaviour define by Sun security specification. My question is : is there a mean to use only one policy file without change the java.security file ?
I try to set the policy file like this :
System.setProperty("java.security.policy", System.getProperty("jnlpx.home") + "/javaws.policy");
But others policy files specified by the java.security are used.
Any ideas ?
Thanks a lot.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic