web start security (javaws.policy)
843802Aug 28 2003 — edited Apr 21 2004Hi,
I wrote a application launched by Java Web Start in a secure environnement (no security tag in the JNLP file).
All the permissions I need are defined in the javaws.policy but the java.security file of the JVM used by Web Start is important because it specifies other policy files like this :
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
This causes problems in permissions. For example, if the javaws.policy define only these permissions :
grant codeBase "file:${jnlpx.home}/javaws.jar" {
permission java.security.AllPermission;
};
grant {
permission java.util.PropertyPermission "*", "read, write";
};
And the file:${java.home}/lib/security/java.policy
grant {
permission java.security.AllPermission;
};
The result is that AllPermission is granted. In fact, the policy files are cumulated, and the AllPermission having more priority than others permissions. This is a normal behaviour define by Sun security specification. My question is : is there a mean to use only one policy file without change the java.security file ?
I try to set the policy file like this :
System.setProperty("java.security.policy", System.getProperty("jnlpx.home") + "/javaws.policy");
But others policy files specified by the java.security are used.
Any ideas ?
Thanks a lot.