I made a java game that saves the high score in a file, but I am having trouble giving the program enough permissions for it to work under appletviewer.
It seems that appletviewer is ignoring my policy file.
I have Game.java compiled into Game.class, and Game.html loads and runs the applet. In the same directory as these, I have a policy file named policy with the following contents (made with policytool).
grant codeBase "file:///mypath/Game.html" {
permission java.security.AllPermission;
};
Then appletviewer supposedly lets you specify a policy file like this:
appletviewer -J-Djava.security.policy=policy /mypath/Game.html
But when I start the game this way, it can only read the highscore file, not write to it:
Exception in thread "Thread-5" java.security.AccessControlException:
access denied (java.io.FilePermission highscore write)
Furthermore, if I double-click in the Finder on a shell script containing just the one-line appletviewer command above, then it doesn't even have read permission:
Exception in thread "Thread-5" java.security.AccessControlException:
access denied (java.io.FilePermission highscore read)
One troubling sign is that if I give the name of a non-existent file instead of my policy file, then I get the same behavior, with no additional warnings or errors:
appletviewer -J-Djava.security.policy=notafile /mypath/Game.html
The game itself (apart from the high-score code) works fine in every case, and the high-score code is also working fine if I run the whole thing under Eclipse, even though Eclipse also runs it using appletviewer. Eclipse also makes a policy file much like the above one, which I also tried from the command line, but it still didn't work from the command line.
It seems that appletviewer is not looking at the policy file, although I am using the command exactly as shown in various tutorials such as http://docs.oracle.com/javase/tutorial/security/tour1/step3.html.
Why does appletviewer ignore my policy file?
By using
grant codeBase "file:///mypath/Game.html" {
permission java.security.AllPermission;
};
you have not actually granted any additional permissions to the code in your class file.
You can try doing this instead:
grant codeBase "file:///mypath/-" {
permission java.security.AllPermission;
};
This will grant AllPermission to all class and jar files in /mypath and its subfolders. The - character indicates that this permission applies to all class/jar files in that folder and recursively in all subfolders. If you want just one folder, you would use * instead.
Full reference on how to specify the codeBase parameter is here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#FileSyntax.