java policy permissions under osx appletviewer

3.4k views Asked by At

I made a java game that saves the high score in a file, but I am having trouble giving the program enough permissions for it to work under appletviewer.

It seems that appletviewer is ignoring my policy file.

I have Game.java compiled into Game.class, and Game.html loads and runs the applet. In the same directory as these, I have a policy file named policy with the following contents (made with policytool).

grant codeBase "file:///mypath/Game.html" {
  permission java.security.AllPermission;
};

Then appletviewer supposedly lets you specify a policy file like this:

appletviewer -J-Djava.security.policy=policy /mypath/Game.html

But when I start the game this way, it can only read the highscore file, not write to it:

Exception in thread "Thread-5" java.security.AccessControlException:
                        access denied (java.io.FilePermission highscore write)

Furthermore, if I double-click in the Finder on a shell script containing just the one-line appletviewer command above, then it doesn't even have read permission:

Exception in thread "Thread-5" java.security.AccessControlException:
                        access denied (java.io.FilePermission highscore read)

One troubling sign is that if I give the name of a non-existent file instead of my policy file, then I get the same behavior, with no additional warnings or errors:

appletviewer -J-Djava.security.policy=notafile /mypath/Game.html

The game itself (apart from the high-score code) works fine in every case, and the high-score code is also working fine if I run the whole thing under Eclipse, even though Eclipse also runs it using appletviewer. Eclipse also makes a policy file much like the above one, which I also tried from the command line, but it still didn't work from the command line.

It seems that appletviewer is not looking at the policy file, although I am using the command exactly as shown in various tutorials such as http://docs.oracle.com/javase/tutorial/security/tour1/step3.html.

Why does appletviewer ignore my policy file?

2

There are 2 answers

0
ivantod On BEST ANSWER

By using

grant codeBase "file:///mypath/Game.html" {
   permission java.security.AllPermission;
};

you have not actually granted any additional permissions to the code in your class file.

You can try doing this instead:

grant codeBase "file:///mypath/-" {
   permission java.security.AllPermission;
};

This will grant AllPermission to all class and jar files in /mypath and its subfolders. The - character indicates that this permission applies to all class/jar files in that folder and recursively in all subfolders. If you want just one folder, you would use * instead.

Full reference on how to specify the codeBase parameter is here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#FileSyntax.

0
Adrian O On

I tried all of the above on a mac OS10.8.4 with Java SE7. Firefox and Safari. Nothing worked.

I tried to open an internal html file calling a jar file which was opening a file.

Safari didn't even start java, and in Firefox the nested file could not be opened (the message was that it wasn't found, but my guess was that the browser wasn't allowing Java to open it)

I used instead appletviewer in terminal and amazingly the files all opened.

These are very complex files of an interactive mechanism which I wrote (about 12 MB code) with Mathematica and JavaLive3D, and I thought I would never be able to see them again....It takes 20 min on a MacPro to open.