Java Web Start Permissions

[Novice]

Does anyone here know about permissions in Java Web Start?

I'm starting to learn how to use Java Web Start. After a bumpy start, I
finally succeeded in getting some Hello World applets and applications to
work perfectly via Java Web Start.

Now I'm working on a considerably more sophisticated application and
bumping into issues involving permissions. For example, the first error I
am getting is:

access denied ("java.util.PropertyPermission" "user.name" "read")

I'm also expecting to need permission to write logs, although I haven't
gotten that far into executing my code yet. It's possible that there will
be other things that need permission too.

Can anyone explain how I give the application the permissions it needs?
I've done some googling on this issue and know that policy files are part
(or all?) of the solution. I see that I that there is a master permissions
file as well as individual permission files for individual users, situated
in their home directories. Is the user's home directory always My Documents
in Windows? (I'm only worried about serving Windows users for the moment
but I have no idea which version of Windows they'll have: XP, Vista, 7 or
whatever.)

I'm assuming the JNLP file for the Java Web Start also needs to have
something in it to point to the necessary permission. Unfortunately, the
documentation I've found so far is NOT very clear and examples are scarce
so I'm not sure what needs to happen in the JNLP file.

I'm also interested in knowing how the user of the application gives his
consent to any permissions I need. For instance, if I create a policy file
that gives me permission to do what I need to do, how does the user of the
Java Web Start application keep me from doing bad things, like deleting
every file on his hard drive? It seems to me that I should only be able to
request what I need but that the user of the program needs to be able to
look over that request, realize how dangerous or harmless that request is,
and then give consent if he is satisfied that it is safe. But how/when does
that happen? Do I send him the policy file and then let him eyeball it in a
text editor to make sure it's not doing something inappropriate? Then wait
for him to put the policy file in the appropriate place?

 

[Knute Johnson]

Does anyone here know about permissions in Java Web Start?

I'm starting to learn how to use Java Web Start. After a bumpy start, I
finally succeeded in getting some Hello World applets and applications to
work perfectly via Java Web Start.

Now I'm working on a considerably more sophisticated application and
bumping into issues involving permissions. For example, the first error I
am getting is:

access denied ("java.util.PropertyPermission" "user.name" "read")

I'm also expecting to need permission to write logs, although I haven't
gotten that far into executing my code yet. It's possible that there will
be other things that need permission too.

Can anyone explain how I give the application the permissions it needs?
I've done some googling on this issue and know that policy files are part
(or all?) of the solution. I see that I that there is a master permissions
file as well as individual permission files for individual users, situated
in their home directories. Is the user's home directory always My Documents
in Windows? (I'm only worried about serving Windows users for the moment
but I have no idea which version of Windows they'll have: XP, Vista, 7 or
whatever.)

I'm assuming the JNLP file for the Java Web Start also needs to have
something in it to point to the necessary permission. Unfortunately, the
documentation I've found so far is NOT very clear and examples are scarce
so I'm not sure what needs to happen in the JNLP file.

I'm also interested in knowing how the user of the application gives his
consent to any permissions I need. For instance, if I create a policy file
that gives me permission to do what I need to do, how does the user of the
Java Web Start application keep me from doing bad things, like deleting
every file on his hard drive? It seems to me that I should only be able to
request what I need but that the user of the program needs to be able to
look over that request, realize how dangerous or harmless that request is,
and then give consent if he is satisfied that it is safe. But how/when does
that happen? Do I send him the policy file and then let him eyeball it in a
text editor to make sure it's not doing something inappropriate? Then wait
for him to put the policy file in the appropriate place?

The usual method is to sign the .jar file. The problem with that is
having to get a certificate that is recognizable by all the browsers.
They are not cheap and you have to renew them.

I think it is possible for the user to change a policy file and permit
things such as file access but I've never done it.

You can self sign your certificate but the browser will pop up a dialog
to tell the user that the application's digital signature cannot be
verified. The user may still allow it to run but that really is a big
security risk.

If you want to see an example of that, go to my aviation page and click
on the VFR Flight Log link.

http://rabbitbrush.frazmtn.com/aviation

 

[Novice]

The usual method is to sign the .jar file. The problem with that is
having to get a certificate that is recognizable by all the browsers.
They are not cheap and you have to renew them.

That might be a viable solution under other circumstances but it isn't
suitable for my purposes....

I think it is possible for the user to change a policy file and permit
things such as file access but I've never done it.

That's what I'd like to do, if I can figure out the details. The
documentation I've found so far only gives intriguing bits and pieces but
provides no obvious way to get clarification.

For instance, I understand that the "sandbox" architecture means that no
user properties are accessible. But other documentation suggests that is
only the default situation and additional permissions can be provided -
how is not clear yet - which may or may not help me get past the
restriction on user properties. (I need to access "user.home" so that I
can store preferences for my program under an appropriate node of a
preferences tree.)

I've also seen information about various services in JNLP that will let
you read and write files from the file system, which would help with
those aspects of my program, but I'm reluctant to rewrite my applications
to use JNLP services unless I can be sure they are definitely not going
to be blocked by Java security.

You can self sign your certificate but the browser will pop up a
dialog to tell the user that the application's digital signature
cannot be verified. The user may still allow it to run but that
really is a big security risk.

If you want to see an example of that, go to my aviation page and
click on the VFR Flight Log link.

http://rabbitbrush.frazmtn.com/aviation

I'm not wild about that solution either. _I_ know that my program is
harmless but I don't want people using it to have to wonder what kind of
nastiness my program might commit.

I really prefer some kind of plain English policy file that a user can
read and be satisfied that nothing bad is going to happen when he runs
the program.

Unfortunately, I'm having trouble getting that to work. I've created a
simple policy file that gives the program permission to read the
"user.name" property. I've determined the value of the "user.home"
property on my system and supplied the VM arguments "-Djava.security.main
-Djava.security.policy=Foo_Security_Policy.txt" in the JNLP file. When I
run the program with Java Web Start, it either doesn't see or doesn't
like the policy file because I still get the error about not being able
to read "user.name".

Maybe I need to ping Roedy Green; he's had a lot more to do with Java Web
Start than I have but from his website, he mostly handles security by
signing jars, not policy files....

 

[Knute Johnson]

I'm not wild about that solution either. _I_ know that my program is
harmless but I don't want people using it to have to wonder what kind of
nastiness my program might commit.

And there is the rub. No matter how you release the program from the
constraints of the security manager, it can wreak havoc on the user's
computer.

 

[John B. Matthews]

And there is the rub. No matter how you release the program from the
constraints of the security manager, it can wreak havoc on the user's
computer.

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2] <http://pscode.org/jws/api.html#ps>

 

[Knute Johnson]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

 

[John B. Matthews]

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

According to this, jnlp.jar is "in the samples directory of the JDK."

<http://java.sun.com/javase/technologies/desktop/javawebstart/download-jnlp.html>

Alas, not so on my platform.

 

[Jeff Higgins]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

<http://jnlp.sourceforge.net/netx/>

 

[Jeff Higgins]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers

istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

<http://jnlp.sourceforge.net/netx/>

<http://docs.oracle.com/javase/1.5.0...elopersguide/examples.html#PersistenceService>

 

[Jeff Higgins]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

I can imagine the JNLP client (whichever it may be) making available a
path to the required classes.

 

[Jeff Higgins]

Does anyone here know about permissions in Java Web Start?

I'm starting to learn how to use Java Web Start. After a bumpy start, I
finally succeeded in getting some Hello World applets and applications to
work perfectly via Java Web Start.

Now I'm working on a considerably more sophisticated application and
bumping into issues involving permissions. For example, the first error I
am getting is:

access denied ("java.util.PropertyPermission" "user.name" "read")

I'm also expecting to need permission to write logs, although I haven't
gotten that far into executing my code yet. It's possible that there will
be other things that need permission too.

Can anyone explain how I give the application the permissions it needs?
I've done some googling on this issue and know that policy files are part
(or all?) of the solution. I see that I that there is a master permissions
file as well as individual permission files for individual users, situated
in their home directories. Is the user's home directory always My Documents
in Windows? (I'm only worried about serving Windows users for the moment
but I have no idea which version of Windows they'll have: XP, Vista, 7 or
whatever.)

I'm assuming the JNLP file for the Java Web Start also needs to have
something in it to point to the necessary permission. Unfortunately, the
documentation I've found so far is NOT very clear and examples are scarce
so I'm not sure what needs to happen in the JNLP file.

Java Web Start is a JNLP client implementation specified by the Java
Network Launching Protocol & API Specification (JSR-56) currently in
Version 7.0. That documentation seems clear to me and examples seem
abundant.

 

[Jeff Higgins]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

I find them in /usr/lib/jvm/java-6-sun/jre/lib/javaws.jar

 

[Jeff Higgins]

One alternative is to use a javax.jnlp.PersistenceService [1]
implementation, which "provides methods for storing data locally on the
client system, even for applications that are running in the untrusted
execution environment." Andrew Thompson has posted a convenient
demonstration [2] that saves notes across launches without requiring any
special permissions.

[1]
<http://docs.oracle.com/javase/7/docs/jre/api/javaws/jnlp/javax/jnlp/Pers
istenceService.html>
[2]<http://pscode.org/jws/api.html#ps>

John:

Where does one find that class? The Java 7 docs don't show the
javax.jnlp package at all.

See the note at the bottom of the page.
<http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/usingJNLPAPI.html>

 

[Jeff Higgins]

Does anyone here know about permissions in Java Web Start?

I'm starting to learn how to use Java Web Start. After a bumpy start, I
finally succeeded in getting some Hello World applets and applications to
work perfectly via Java Web Start.

Now I'm working on a considerably more sophisticated application and
bumping into issues involving permissions. For example, the first error I
am getting is:

access denied ("java.util.PropertyPermission" "user.name" "read")

I'm also expecting to need permission to write logs, although I haven't
gotten that far into executing my code yet. It's possible that there will
be other things that need permission too.

Can anyone explain how I give the application the permissions it needs?
I've done some googling on this issue and know that policy files are part
(or all?) of the solution. I see that I that there is a master permissions
file as well as individual permission files for individual users, situated
in their home directories. Is the user's home directory always My Documents
in Windows? (I'm only worried about serving Windows users for the moment
but I have no idea which version of Windows they'll have: XP, Vista, 7 or
whatever.)

I'm assuming the JNLP file for the Java Web Start also needs to have
something in it to point to the necessary permission. Unfortunately, the
documentation I've found so far is NOT very clear and examples are scarce
so I'm not sure what needs to happen in the JNLP file.

I'm also interested in knowing how the user of the application gives his
consent to any permissions I need. For instance, if I create a policy file
that gives me permission to do what I need to do, how does the user of the
Java Web Start application keep me from doing bad things, like deleting
every file on his hard drive? It seems to me that I should only be able to
request what I need but that the user of the program needs to be able to
look over that request, realize how dangerous or harmless that request is,
and then give consent if he is satisfied that it is safe. But how/when does
that happen? Do I send him the policy file and then let him eyeball it in a
text editor to make sure it's not doing something inappropriate? Then wait
for him to put the policy file in the appropriate place?

It seems to me that you are conflating the notion of a Java application
and the JNLP view of a Web-centric Application Model and hoping to use a
JNLP client as an installer for your Java application - which it
specifically purports not to be: "It is not a general installation
protocol for software components".

 

[Jeff Higgins]

According to this, jnlp.jar is "in the samples directory of the JDK."

<http://java.sun.com/javase/technologies/desktop/javawebstart/download-jnlp.html>

Alas, not so on my platform.

It might behoove Oracle to sign-up with Google's new Stale Content
Advisor subscription service.

 

[Roedy Green]

Can anyone explain how I give the application the permissions it needs?

You have to sign the jar. See
http://mindprod.com/jgloss/javawebstart.html

see also
http://mindprod.com/jgloss/jarsignerexe.html

 

[Gunter Herrmann]

Hi!

hoping to use a
JNLP client as an installer for your Java application - which it
specifically purports not to be: "It is not a general installation
protocol for software components".

Javaws is the perfect installer for Java desktop applications.
The only limitation is that it supports only a few file types.
I do use jnlp files and jar files (for program, properties, graphics).
Everything is signed, one file is already signed by a third party,
so you need multiple jnlp files (one for each signature).

<offline-allowed/> will enable local cashing, so at program start
the application checks for updates and downloads them when
a newer version is found, but it is able to run without connection
to the server.

I use this way for running a Java/Swing/jdbc desktop application on 100+ systems.

Regarding the above quote:
It really is not a general installation protocol,
but it works perfectly for everything you can put in a jar file.

Gunter

 

[Jeff Higgins]

Hi!



Javaws is the perfect installer for Java desktop applications.
The only limitation is that it supports only a few file types.
I do use jnlp files and jar files (for program, properties, graphics).
Everything is signed, one file is already signed by a third party,
so you need multiple jnlp files (one for each signature).

<offline-allowed/> will enable local cashing, so at program start
the application checks for updates and downloads them when
a newer version is found, but it is able to run without connection
to the server.

I use this way for running a Java/Swing/jdbc desktop application on 100+
systems.

Great to hear. Now I'm curious. How much state does your application
maintain client side? Is your application able to run purposefully
standalone or without connection for extended periods?

 

[Gunter Herrmann]

Hi!

How much state does your application
maintain client side?

It has a local embedded SQL database, these files are installed
before sending the device out. Javaws is used to automatically
load new program versions from an Apache server in the data center.

Is your application able to run purposefully
standalone or without connection for extended periods?

In case no connection to the deployment server can be established,
the application is run from the local version from the last auto update.

The application can run in stand alone mode, but quite
obviously it will have limited capabilities (e.g. no online credit card
transactions, no access to transactions created at other systems, etc.)

It will need connectivity to the remote Oracle database to get new
configuration data (e.g. prices) and to upload its own transactions.

Gunter

 

[Jeff Higgins]

Hi!



It has a local embedded SQL database, these files are installed
before sending the device out. Javaws is used to automatically
load new program versions from an Apache server in the data center.


In case no connection to the deployment server can be established,
the application is run from the local version from the last auto update.

The application can run in stand alone mode, but quite
obviously it will have limited capabilities (e.g. no online credit card
transactions, no access to transactions created at other systems, etc.)

It will need connectivity to the remote Oracle database to get new
configuration data (e.g. prices) and to upload its own transactions.

Thank you Gunter.
This thread has given me pause to consider the application of the JNLP.

In my limited view of the world I am aware of and somewhat familiar with
two web-centric applications deployed using JNLP: a pharmacy workflow
app, and a CMMS app. Both seem very much like your application, in that
they store some fairly static data, are able to cache transaction data,
user settings, similar in scale, etc., and present a Swing desktop to
the user. I will call them web-centric because without a connection to a
"data center" they are of limited use. This seems a perfectly natural
candidate for JNLP deployment, and besides the three apps so far
discussed, I assume there is a whole host of similar apps using JNLP
deployment.

A desktop application, in my estimation, is an application capable of
fully standalone operation. Of course it will produce or consume data
that will need to be exported/imported. In addition, most fairly complex
desktop apps will make considerable use of the host systems' resources:
file systems, network connections, spawning processes, etc.

Like the web-centric app, desktop apps range in scale. From a small
single purpose scientific calculator type app, through a Java IDE and an
office suite, and beyond. I have perhaps a half dozen Java desktop
applications that range in size and complexity around the Java IDE that
I use on a routine or occasional basis. This is the scope of the desktop
application that prompted my comment. Of course taking my limited view
of the world into account, these are the applications that I do not see
being deployed using JNLP.

It is not that I have some reason to believe that using JNLP for
deployment of this type of application is unworkable, or "bad" in some
sense. It is simply that I don't see it being done. Web-centric, desktop
vs browser GUI, of the type described above: yes. Small scale mostly
single purpose desktop apps: yes, most certainly, thousands of them.

If I haven't missed something, and this type of desktop app is not being
deployed using JNLP I begin to wonder why? If I have missed some JNLP
deployment of this type app I would love to become aware.