Signed applet vs. java.policy permission
I seem to remember reading somewhere that if you
sign an applet that requires additional privileges,
if the user grants permission to that applet, then
the needed rights do not need to be explicitly
granted in the java.policy file.
I cannot get this to work. I sign an applet, get
the window asking me to grant permissions, and
I select 'Yes, for this session', but unless I also
grant the permission in the policy file, the applet
dies with access control error.
Should this work (that is, should a signed applet
be able to work without also updating the policy
file)? I tried accessing the clipboard as well as
running an .exe and neither will work. Thanks!
[753 byte] By [
teresni] at [2007-9-30 4:41:10]
One update -
I just tried the signed applet after removing the
.java.policy file that I pointed to in the Plug-In
Control Panel. It worked!
So the signed applet is obviously written properly.
I cannot remove the java.policy file from every user's
machine. Isn't there a way for this to work
without touching the policy file?
I can tell you how it is supposed to work (although mine just stopped doing this and I am still trying to figure out why).
If you have no reference to your signed applet in your .java.policy file the browser will prompt you.
Then if you say yes to the prompt all permissions are granted.
If you have it specified in the policy file then it will not prompt, it will just give it the permissions you specify.
Actually it will still prompt unless you also include the line:
permission java.lang.RuntimePermission "usePolicy";
I think the 'yes' in this case only grants the permissions in the policy file, not all permissions.
So I hope I am correct in thinking you got the prompt this last time you ran it, and that the policy file you deleted had a reference to your applet.
hi,
I am having the exact same problem you have.
May I kindly ask you to share your solution with us if you are able to give permission with the specific signed applet.
My problem:
if I give permission to ALL applets in .java.policy file it is working but ALL the applets are having the permissions which is not good solution.
If I specify the applet permission with "codebase" and / or "signed by " clause in java policy file in order to give permission to the specific applet, applet is getting no permission and gets security exceptions (as if no permission is given)
Any help is wellcome.
ver java 1.4.05 last version java plugin jre/sdk and system is winXP and win2000 adv. server. i.explorer.:6.01
needed permission is file write permission
for mihirdm :
On windows java.policy is located in C:\Program Files\Java\j2re...\lib\security
There is a section starting with:
grant {
...
if you put the usepolicy line in this section all applets will need a policy set up for them and signed applets
will not cause the jre to ask the user if they trust the applet or not.
to set up a policy for all applets from googlle you can do it like this:
grant codeBase "http://www.google.com/-" {
// your grant access here
permission java.security.AllPermission; // applets from www.google.com will have no restrictions
}
for erkanozel:
I have the same problem, never have been able to set permission with a "signed by" filter:
http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
last post
(must say that after that post I never tried it again)
