I've got an app that uses xstream (http://xstream.codehaus.org/) to serialize objects in and out for me. I can jar my application up and run it fine. When I try to deploy it using java web start, I get a security error.
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkMemberAccess(Unknown Source) at java.lang.Class.checkMemberAccess(Unknown Source) at java.lang.Class.getDeclaredFields(Unknown Source) at com.thoughtworks.xstream.core.JVM.<clinit>(JVM.java:24)
JWS apps run in the same security sandbox as applets run in. Are you serializing these objects to the file system? If so, you'll need to make sure ALL your JAR files used by JWS have been signed. Also, you'll need to specify access in your jnlp file as such:
Each application is, by default, run in a restricted execution environment, similar to the Applet sandbox. The security element can be used to request unrestricted access.
If the all-permissions element is specified, the application will have full access to the client machine and local network. If an application requests full access, then all JAR files must be signed. The user will be prompted to accept the certificate the first time the application is launched.