Home > Archive > Java Security > June 2005 > Very simple signed Webtart app throwing AccessControlException
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Very simple signed Webtart app throwing AccessControlException
|
|
| aidanOL@gmail.com 2005-06-03, 8:58 pm |
| I have a Webstart app deployed locally on a Tomcat server. It's signed
using keytool/jarsigner with the 1.4.2_06 JDK and my own generated
certificate, and only one JAR file is used containing two classes - no
3rd party JARs or anything like that. It's a simple Swing application
which creates a Preferences object like so:
Preferences prefs =
java.util.prefs.Preferences.userNodeForPackage(TicTacToe.class);
I access the code like this:
http://192.168.1.100:8080/Test/Test.jnlp
When the app runs, I don't get the Security warning dialog which I
expect for a signed JAR. The app runs automatically and I see this
exception in the console:
Exception in thread "AWT-EventQueue-0"
java.security.AccessControlException: access denied
(java.lang.RuntimePermission preferences)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.util.prefs.Preferences.userRoot(Unknown Source)
at java.util.prefs.Preferences.userNodeForPackage(Unknown Source)
My JNLP file seems correct and has the
<security>
<all-permissions/>
</security>
block to grant all permissions.
What could be going wrong here? From what I've read, a self-signed cert
should work, and should show a Security dialog warning not to run the
application. I'm running with Java Web Start 1.5.0_02.
I'd appreciate any ideas!
| |
| aidanOL@gmail.com 2005-06-03, 8:58 pm |
| That's WebStart, not Webtart :)
| |
|
| Ok, I got it going. For reference what I did wrong was that I had this
block:
<security>
<all-permissions/>
</security>
in the wrong place in the JNLP file. I misplaced it under the
<information> tag and due to this the app was running the app as a
regular non-signed application.
I do find it odd though, that even though my jar file was signed, I
didn't receive any security dialog on startup.
|
|
|
|
|