Java Web Start Permissions
- From: Novice <novice@xxxxxxxxxxxx>
- Date: Mon, 23 Jan 2012 01:48:10 +0000 (UTC)
Does anyone here know about permissions in Java Web Start?
I'm starting to learn how to use Java Web Start. After a bumpy start, I
finally succeeded in getting some Hello World applets and applications to
work perfectly via Java Web Start.
Now I'm working on a considerably more sophisticated application and
bumping into issues involving permissions. For example, the first error I
am getting is:
access denied ("java.util.PropertyPermission" "user.name" "read")
I'm also expecting to need permission to write logs, although I haven't
gotten that far into executing my code yet. It's possible that there will
be other things that need permission too.
Can anyone explain how I give the application the permissions it needs?
I've done some googling on this issue and know that policy files are part
(or all?) of the solution. I see that I that there is a master permissions
file as well as individual permission files for individual users, situated
in their home directories. Is the user's home directory always My Documents
in Windows? (I'm only worried about serving Windows users for the moment
but I have no idea which version of Windows they'll have: XP, Vista, 7 or
I'm assuming the JNLP file for the Java Web Start also needs to have
something in it to point to the necessary permission. Unfortunately, the
documentation I've found so far is NOT very clear and examples are scarce
so I'm not sure what needs to happen in the JNLP file.
I'm also interested in knowing how the user of the application gives his
consent to any permissions I need. For instance, if I create a policy file
that gives me permission to do what I need to do, how does the user of the
Java Web Start application keep me from doing bad things, like deleting
every file on his hard drive? It seems to me that I should only be able to
request what I need but that the user of the program needs to be able to
look over that request, realize how dangerous or harmless that request is,
and then give consent if he is satisfied that it is safe. But how/when does
that happen? Do I send him the policy file and then let him eyeball it in a
text editor to make sure it's not doing something inappropriate? Then wait
for him to put the policy file in the appropriate place?