I deployed an ear which contains a war on jboss 7.
The war containers signed jars in directory jnlp. The jnlp descriptor references the all jars in directory jnlp. The jnlp descriptor contains:
The exception I get:
java.security.AccessControlException: access denied ("java.io.FilePermission" "D:\tmp" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
In ImageLoader.java:107 the method of File.exists() is called.
I created my keystore: keytool.exe -genkeypair -keyalg rsa -alias mycert -keystore test_keystore.jks -storepass mypassw -keypass mypassw -validity 360
Then I use the maven-webstart-plugin to created the jnlp descriptor and it also sign the jars and verifies ist.
It works with JRE 1.7.0 Update 10 but no more with JRE 1.7.0 Update 13.
I am starting a JavaFX applet and try to access the local file system. All jars are signed.
Is this a bug or a security "enhancement" ?
I fixed it by documentation. I was really confused about it because with 1.7.0 update 10 it was running, but with the following updates not.
The note in the following article was the missing piece in my understanding: