javacommand-lineappletappletviewer

java policy permissions under osx appletviewer


I made a java game that saves the high score in a file, but I am having trouble giving the program enough permissions for it to work under appletviewer.

It seems that appletviewer is ignoring my policy file.

I have Game.java compiled into Game.class, and Game.html loads and runs the applet. In the same directory as these, I have a policy file named policy with the following contents (made with policytool).

grant codeBase "file:///mypath/Game.html" {
  permission java.security.AllPermission;
};

Then appletviewer supposedly lets you specify a policy file like this:

appletviewer -J-Djava.security.policy=policy /mypath/Game.html

But when I start the game this way, it can only read the highscore file, not write to it:

Exception in thread "Thread-5" java.security.AccessControlException:
                        access denied (java.io.FilePermission highscore write)

Furthermore, if I double-click in the Finder on a shell script containing just the one-line appletviewer command above, then it doesn't even have read permission:

Exception in thread "Thread-5" java.security.AccessControlException:
                        access denied (java.io.FilePermission highscore read)

One troubling sign is that if I give the name of a non-existent file instead of my policy file, then I get the same behavior, with no additional warnings or errors:

appletviewer -J-Djava.security.policy=notafile /mypath/Game.html

The game itself (apart from the high-score code) works fine in every case, and the high-score code is also working fine if I run the whole thing under Eclipse, even though Eclipse also runs it using appletviewer. Eclipse also makes a policy file much like the above one, which I also tried from the command line, but it still didn't work from the command line.

It seems that appletviewer is not looking at the policy file, although I am using the command exactly as shown in various tutorials such as http://docs.oracle.com/javase/tutorial/security/tour1/step3.html.

Why does appletviewer ignore my policy file?


Solution

  • By using

    grant codeBase "file:///mypath/Game.html" {
       permission java.security.AllPermission;
    };
    

    you have not actually granted any additional permissions to the code in your class file.

    You can try doing this instead:

    grant codeBase "file:///mypath/-" {
       permission java.security.AllPermission;
    };
    

    This will grant AllPermission to all class and jar files in /mypath and its subfolders. The - character indicates that this permission applies to all class/jar files in that folder and recursively in all subfolders. If you want just one folder, you would use * instead.

    Full reference on how to specify the codeBase parameter is here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#FileSyntax.