Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JNLP get a permission

Tags:

java

security

digital-signature

java-web-start

jnlp

I recently stumbled across a problem when starting my application via JNLP. I now narrowed it down to a java.security.AccessControlException, which denies me to shut down my ExecuterService.

So, I did some reading and found out that I'll need the permission (modifyThread) to successfully shut down the service. I also found out that I should use the <security>-tag (in the JNLP-file) to request it, but I'm a little confused about how.

The documentation of the tag says:

[...] If the all-permissions element is specified, the application will have full access to the client machine and local network. If an application requests full access, then all JAR files must be signed. The user will be prompted [...]

From reading this it seems to me, that I can choose to either get all or no permissions... which seems like a confusing Implementation. Because I only need the one to shutdown my service.

I also read this article, telling me that I should not request all permissions, because I would then open up the users computer for malicious code.

So, is there a way to specify that I only need the specific permission (modifyThread) and I therefor don't need to sign my jar? Or will I have to go with the "sign my jar and request everything"-approach?

like image 283
Lukas Knuth Avatar asked Oct 07 '22 15:10

Lukas Knuth

1 Answers

..will I have to go with the "sign my jar and request everything"-approach?

Yes. JWS permissions come in 3 levels1, the only one where modifying threads is permitted, is all-permissions.

1) JWS security levels

  • Sand-boxed. Provides a very limited environment. Access to things like printers and the local file-system is only permitted using the JNLP API services, which provide more limited forms of File after prompting the user. Come with window banners. Can only communicate with own server.
  • j2ee-application-client-permissions - provide those JNLP API services unprompted (after the user accepts the digitally signed code) removes the window banners.
  • all-permissions - pretty much anything, including replacing the existing security manager (yes, even 'all permissions' code gets a security manager in JWS - it is just very lenient).

Also chase the links from the JNLP & JWS pages. I can personally recommend those summaries & links.

like image 97
Andrew Thompson Avatar answered Oct 13 '22 12:10

Andrew Thompson
Sign in to Comment

Related questions

How to find if a point exists in which polygon
Securing every request of a session by challenge/response?
JUnit life-cycle
HttpServletRequest.getSession(false): When does it return null?
How to construct booleans and access them with java/oracle stored proc
Cost of Reflection in moderns JVMs (6 onwards)
How can I use an Async Task to upload a file to the server?
If and else statement at the same time though it shouldn't be possible
Generate mixed/multipart HTTP request in Java
Azure Java Tomcat logging
How can i implement opening a file with my java program?
java- how to wait constantly for an event to happen
stack overflow exception on xml transformation
Git in netbeans - resolving conflicts
Get length of bits used in int
Spring : File Upload RESTFUL Web Service
Assign variable in Java while-loop conditional?
How to install icon pack on custom launcher?
intellij feature (...) not supported at this language level. I can't compile
Is it a good practice to use JMS Temporary Queue for synchronous use?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!