This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JNLP and Web Start and the fly likes java web start security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "java web start security" Watch "java web start security" New topic
Author

java web start security

nicolas lefeuvre
Greenhorn

Joined: Jun 06, 2003
Posts: 3
Hi,
I wrote a application launched by Java Web Start in a secure environnement (no security tag in the JNLP file).
All the permissions I need are defined in the javaws.policy but the java.security file of the JVM used by Web Start is important because it specifies other policy files like this :
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
This causes problems in permissions. For example, if the javaws.policy define only these permissions :
grant codeBase "file:${jnlpx.home}/javaws.jar" {
permission java.security.AllPermission;
};
grant {
permission java.util.PropertyPermission "*", "read, write";
};
And the file:${java.home}/lib/security/java.policy
grant {
permission java.security.AllPermission;
};
The result is that AllPermission is granted. In fact, the policy files are cumulated, and the AllPermission having more priority than others permissions. This is a normal behaviour define by Sun security specification. My question is : is there a mean to use only one policy file without change the java.security file ?
I try to set the policy file like this :
System.setProperty("java.security.policy", System.getProperty("jnlpx.home") + "/javaws.policy");
But others policy files specified by the java.security are used.
Any ideas ?
Thanks a lot.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: java web start security