wood burning stoves
The moose likes JNLP and Web Start and the fly likes java web start security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "java web start security" Watch "java web start security" New topic

java web start security

nicolas lefeuvre

Joined: Jun 06, 2003
Posts: 3
I wrote a application launched by Java Web Start in a secure environnement (no security tag in the JNLP file).
All the permissions I need are defined in the javaws.policy but the java.security file of the JVM used by Web Start is important because it specifies other policy files like this :
This causes problems in permissions. For example, if the javaws.policy define only these permissions :
grant codeBase "file:${jnlpx.home}/javaws.jar" {
permission java.security.AllPermission;
grant {
permission java.util.PropertyPermission "*", "read, write";
And the file:${java.home}/lib/security/java.policy
grant {
permission java.security.AllPermission;
The result is that AllPermission is granted. In fact, the policy files are cumulated, and the AllPermission having more priority than others permissions. This is a normal behaviour define by Sun security specification. My question is : is there a mean to use only one policy file without change the java.security file ?
I try to set the policy file like this :
System.setProperty("java.security.policy", System.getProperty("jnlpx.home") + "/javaws.policy");
But others policy files specified by the java.security are used.
Any ideas ?
Thanks a lot.
I agree. Here's the link: http://aspose.com/file-tools
subject: java web start security
It's not a secret anymore!