Hi. I have a small sampel JWS application that has a JButton, whose listener opens a JFileChooser. When the jar is signed or unsigned (no difference), but the JNLP file has the <security> and <all-permissions> elements, clicking on the button does absolutely nothing. I would have thought that I would get an exception of some kind. The same when the listener has code:
System.setSecurityManager(null) - it also doesn't nothing, even when the jar is unsigned. These two examples behave as if the calls were no-ops.
(When the <all-permissions> element is present, unsigned application throws an exception and will not start, and when signed, it works fine.)
Can you tell me why it is behaving like this?
Also, what is the use of the JNLP services? How is, for instance, a javax.jnlp.FileOpenService different from JFileChooser, apart from that it looks differently (why?)
To add a question: when signing, does every resource (like properties files, images,...) have to be signed for the jar to be verified, or is it only required for class files? I made a test and added a new entry to an already signed jar, and the jarsigner -verify command said it is valid, with a warning that the jar contains an entry that was not integrity checked. What would JWS do in this situation?
Joined: Aug 21, 2008
To update, it looks like when I open a file open dialog a PermissionException is thrown (read of user.home is denied) and somehow silently ignore. Man, this is confusing for me. To add more confusion, I am able to create a socket to an arbitrary server (google in my case), and all that happened was that a window was opened to ask me if I really want to connect.
So, reading user.home is so bad that it throws an exception (that is silently ignored somewhere) but connecting to a remote server is not?