I deployed an ear which contains a war on jboss 7.
The war containers signed jars in directory jnlp. The jnlp descriptor references the all jars in directory jnlp. The jnlp descriptor contains:
The exception I get:
java.security.AccessControlException: access denied ("java.io.FilePermission" "D:\tmp" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
In ImageLoader.java:107 the method of File.exists() is called.
I created my keystore: keytool.exe -genkeypair -keyalg rsa -alias mycert -keystore test_keystore.jks -storepass mypassw -keypass mypassw -validity 360
Then I use the maven-webstart-plugin to created the jnlp descriptor and it also sign the jars and verifies ist.
I got really stucked...has someone an idea?
Edited by: opfl on 12.02.2013 03:44
It works with JRE 1.7.0 Update 10 but no more with JRE 1.7.0 Update 13.
I am starting a JavaFX applet and try to access the local file system. All jars are signed.
Is this a bug or a security "enhancement" ?
Are you basing that on documentation you found, or is that a conclusion you're drawing based on tests you performed?
In any case there is a small section on security in this liveconnect documentation:
Stackoverflow is also a wonderful source of information since it has an incredibly useful and effective tagging model:
Just browsing issues other people are having and the responses given to them is an incredibly valuable source of information.
I fixed it by documentation. I was really confused about it because with 1.7.0 update 10 it was running, but with the following updates not.
The note in the following article was the missing piece in my understanding:
I solved it with this: http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html
The only possible thing here was to modify all manifest files before signing.
For a better "over all" understanding I like this article (german):