aspose file tools*
The moose likes JNLP and Web Start and the fly likes all-permissions and application behavior Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "all-permissions and application behavior" Watch "all-permissions and application behavior" New topic
Author

all-permissions and application behavior

Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
Hi. I have a small sampel JWS application that has a JButton, whose listener opens a JFileChooser. When the jar is signed or unsigned (no difference), but the JNLP file has the <security> and <all-permissions> elements, clicking on the button does absolutely nothing. I would have thought that I would get an exception of some kind. The same when the listener has code:
System.setSecurityManager(null) - it also doesn't nothing, even when the jar is unsigned. These two examples behave as if the calls were no-ops.
(When the <all-permissions> element is present, unsigned application throws an exception and will not start, and when signed, it works fine.)
Can you tell me why it is behaving like this?

Also, what is the use of the JNLP services? How is, for instance, a javax.jnlp.FileOpenService different from JFileChooser, apart from that it looks differently (why?)

To add a question: when signing, does every resource (like properties files, images,...) have to be signed for the jar to be verified, or is it only required for class files? I made a test and added a new entry to an already signed jar, and the jarsigner -verify command said it is valid, with a warning that the jar contains an entry that was not integrity checked. What would JWS do in this situation?

Regards,
Raf
Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
To update, it looks like when I open a file open dialog a PermissionException is thrown (read of user.home is denied) and somehow silently ignore. Man, this is confusing for me. To add more confusion, I am able to create a socket to an arbitrary server (google in my case), and all that happened was that a window was opened to ask me if I really want to connect.
So, reading user.home is so bad that it throws an exception (that is silently ignored somewhere) but connecting to a remote server is not?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: all-permissions and application behavior