Writing jnlp program for both sandbox and all-permissions
in [Java Programming]
|
Prev: Buttons sometimes don't get events
Next: byte array
From: David Lamb on 27 Mar 2010 16:23 I've been writing an application to run under jnlp/Java Web Start, and have mostly been making do with the restrictions of running under a sandbox. Some users might want the safer "sandbox" version but others might want more features that require allpermissions. Is there a way for the application to detect which way it was run? All I can think of is to name different main classes in each of two different .jnlp files.
From: Alan Malloy on 27 Mar 2010 16:33 David Lamb wrote: > I've been writing an application to run under jnlp/Java Web Start, and > have mostly been making do with the restrictions of running under a > sandbox. Some users might want the safer "sandbox" version but others > might want more features that require allpermissions. Is there a way > for the application to detect which way it was run? > > All I can think of is to name different main classes in each of two > different .jnlp files. Check out http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html If your only choices are sandbox and allpermissions, you can simply check whether you have permission to do any single thing that would be illegal in the sandbox, and that will tell you everything. -- Cheers, Alan (San Jose, California, USA)
From: David Lamb on 27 Mar 2010 17:25 Alan Malloy wrote: > David Lamb wrote: >> Is there a way for the application to detect which way it was run? > Check out > http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html > If your only choices are sandbox and allpermissions, you can simply > check whether you have permission to do any single thing that would be > illegal in the sandbox Thanks! It looks like http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#PropertyPermission would work best for me, since that tells me whether I can read properties like user.home. You seem to be suggesting it is wise to plan for an intermediate level of permissions between just sandbox and allpermissions. Is it common to do that, or do most people just go for allpremissions if sandbox is unacceptable?
From: Alan Malloy on 27 Mar 2010 18:11 David Lamb wrote: > Alan Malloy wrote: >> David Lamb wrote: >>> Is there a way for the application to detect which way it was run? >> Check out >> http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html >> If your only choices are sandbox and allpermissions, you can simply >> check whether you have permission to do any single thing that would be >> illegal in the sandbox > > Thanks! It looks like > http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#PropertyPermission > > would work best for me, since that tells me whether I can read > properties like user.home. > > You seem to be suggesting it is wise to plan for an intermediate level > of permissions between just sandbox and allpermissions. Is it common to > do that, or do most people just go for allpremissions if sandbox is > unacceptable? I think many people do go for allpermissions, but it's not the best strategy if you're hoping for people who don't implicitly trust you or your company to download and run your program. Imagine your end user loads up your JNLP file and is presented with a dialog. Is he more likely to use your program if it says "this program needs permission to connect to the Internet, and read/write to one particular file" or if it says "this program needs permission to do anything it wants with your computer"? -- Cheers, Alan (San Jose, California, USA)
From: David Lamb on 27 Mar 2010 20:01
Alan Malloy wrote: > David Lamb wrote: >> You seem to be suggesting it is wise to plan for an intermediate level >> of permissions between just sandbox and allpermissions. Is it common >> to do that, or do most people just go for allpremissions if sandbox is >> unacceptable? > > I think many people do go for allpermissions, but it's not the best > strategy if you're hoping for people who don't implicitly trust you or > your company to download and run your program. The only documentation I could find on the <security> element in .jnlp files (for Java 1.6)only mentions allpermissions. http://java.sun.com/javase/6/docs/technotes/guides/javaws/developersguide/syntax.html#security Are there other elements that can go there, and, if so, where do I find out what they are? |