OWS + Jdk17 - Denying permission

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
Post Reply
oslodev
Posts: 9
Joined: 25 Nov 2022, 16:47

OWS + Jdk17 - Denying permission

Post by oslodev »

Hello,

We're using Open Web Start with java 17. We get a lot of 'Denying permission:' Messages. Example :

Code: Select all

Denying permission: ("java.net.SocketPermission" "192.168.0.244" "resolve")
Denying permission: ("java.net.SocketPermission" "192.168.0.244" "resolve")
Denying permission: ("java.net.SocketPermission" "192.168.0.244" "resolve")
Denying permission: ("java.lang.RuntimePermission" "getClassLoader")
Denying permission: ("java.net.SocketPermission" "vm2022v7st:49835" "connect,resolve")
Denying permission: ("java.awt.AWTPermission" "showWindowWithoutWarningBanner")
I tried to set up a java.policy with All Permissions, but without success.

Code: Select all

grant {
	// Allow everything for now
	permission java.security.AllPermission;
};
Any ideas why this file is not taken in account? I attached the console log showing that the file is read.

Thanks a lot !
Attachments
console.txt
(233.01 KiB) Downloaded 370 times
Top
oslodev
Posts: 9
Joined: 25 Nov 2022, 16:47

Re: OWS + Jdk17 - Denying permission

Post by oslodev »

Additionnal info : We identified that the problem seems to be linked with JavaFx. Everything else works fine, but as soon as javafx gets involved, we get permission errors.

Also, when specifying '--nosecurity' in command line (javaws --nosecurity ourApp.jnlp), everything works fine.
=> This solution would be okay if we could force this parameter within the jnlp (or some other way than via command line). Is this possible?
Top
Janak Mulani
Posts: 746
Joined: 24 Mar 2020, 13:37

Re: OWS + Jdk17 - Denying permission

Post by Janak Mulani »

Policy file:

You will have to modify the policy file of the JRE that is used by OWS to run the app specified in the jnlp file.

Or

You can have a custom policy file and specify it in the deployment.properties file:
deployment.system.security.policy=file\:///C\:/OWSFiles/myjava.policy

>
Also, when specifying '--nosecurity' in command line (javaws --nosecurity ourApp.jnlp), everything works fine.
=> This solution would be okay if we could force this parameter within the jnlp (or some other way than via command line). Is this possible?
>

I will come back to you on this.
Top
Janak Mulani
Posts: 746
Joined: 24 Mar 2020, 13:37

Re: OWS + Jdk17 - Denying permission

Post by Janak Mulani »

Also please have a look at https://openwebstart.com/docs/FAQ.html# ... enwebstart
Top
ljupcho
Posts: 23
Joined: 01 Dec 2021, 11:55

Re: OWS + Jdk17 - Denying permission

Post by ljupcho »

Thanks for the response. I have another question from the developers point of view if you could answer that it would be great:

"why this has changed between java-11 & java-17 as I compared the security.policy files between the two of them and this difference does not occur …."

Thanks in advance.
Top
Janak Mulani
Posts: 746
Joined: 24 Mar 2020, 13:37

Re: OWS + Jdk17 - Denying permission

Post by Janak Mulani »

>
why this has changed between java-11 & java-17 as I compared the security.policy files between the two of them and this difference does not occur
>

Can you please provide more details? Do you mean to say that the same Jnlp file was running fine with Java 11 and OWS and when you started running the same JNlp file with Java 17 and OWS it started giving the "Denying permission:" error?
Btw, which version of OWS are you using?
Can you please send me the OWS logs when running successfully with Java 11 and OWS logs when failing with Java 17?
Top
Post Reply

Return to “Public Forums”