I am having trouble creating a policy file with only the permissions needed by my application.
Here is the latest issue:
The application fails to launch with this error :
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission synthetica.debug read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at de.javasoft.plaf.synthetica.SyntheticaLookAndFeel.<clinit>(SyntheticaLookAndFeel.java:89)
... 11 more
I have a policy file with this entry :
grant codeBase "http://shotgun3:8080/webdesktop/thirdParty/synthetica/synthetica.jar" {
...
//de.javasoft.plaf.synthetica.SyntheticaLookAndFeel.<clinit>(SyntheticaLookAndFeel.java:89)
permission java.util.PropertyPermission "synthetica.debug", "read";
...
}
I've turned on the security trace and the last entry before the exception looks like this :
policy: evaluate codesources:
Policy CodeSource: (http://shotgun3:8080/webdesktop/thirdParty/djnativeswing.jar <no signer certificates>)
Active CodeSource: (http://shotgun3:8080/webdesktop/thirdParty/synthetica/synthetica.jar [
[
...<junk deleted>...
])
policy: evaluation (codesource) failed
Does anyone know how to interpret the trace file output?
Is this failing because the Policy CodeSource and Active CodeSource are different?
What are the meanings of 'Policy CodeSource' and 'Active CodeSource'?
Do I need to grant permissions to both jars?
I want to keep the permissions grouped by jar file because the nature of development is to add and subtract third-party jars as needed and if all permissions were grouped into a single codeBase entry it becomes difficult to manage.