access denied "java.lang.RuntimePermission" getenv

[danmoser]

Hi!
I have a signed application with valid certificates but I'm getting the error below:

Code: Select all

Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")

I added the following to the JNLP file, with no effect:

Code: Select all

  <security>
      <permission name="java.lang.RuntimePermission" name="getenv.*"/>
      <all-permissions/>
  </security>

I know that the `getenv` is not recommended (properties should be used instead), but it is an old application and I do not want to change it.

Thanks in advance!

[danmoser]

PS: the same Java8 application works fine with Oracle's WebStart.

[Janak Mulani]

I tested running the application with Java 8 and signed jar:

If you have:

Code: Select all

 <security>
        <all-permissions/>
    </security>

then no permissions are needed if your application does System.getenv(..)

if you have :

Code: Select all

<security>   <j2ee-application-client-permissions/>  </security> 

then for System.getenv(..) in your application to execute without the exception

Code: Select all

 java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")

you need to add the permission

Code: Select all

permission java.lang.RuntimePermission "getenv.*";

in adoptium_1.8.0.412_x64\jre\lib\security\java.policy file.

[danmoser]

Thank You @Janak Mulani!

1) ``<security> <all-permissions/> </security>`` is in my JNLP but OpenWebStart refuses to execute the app with the ``System.getenv(..)`` error...

2) However addin ``permission java.lang.RuntimePermission "getenv.*", "read";`` to the file ``java.policy`` made the option above work!!!

[Janak Mulani]

> 1) ``<security> <all-permissions/> </security>`` is in my JNLP but OpenWebStart refuses to execute the app with the ``System.getenv(..)`` error.

This is strange. Which JRE is used to run the Jnlp application? Which env variable is being accessed by your application? Is it a system variable or a user variable? Which version of OWS are you using? Was the OWS installation done for single user or all users of the system?

[danmoser]

Indeed, it's strange... Answering your questions:

• JRE running the app: azul_1.8.0.372_x64

• env variable: it's a user variable. Basically it checks if the variable is defined and it uses the ENV value if it exist. Otherwise a hard-coded one.

• OWS version: 1.10.1

• Installation: OWS was installed as root in a RedHat8 using "alien" from the available *.deb. However I'm not running the app as a regular user.

It may be relevant: other apps, with different permissions, work fine in this setup. Also, this app has ``<information> <offline-allowed/> </information>`` in the JNLP, which I don't remember seeing in other apps.

[danmoser]

A new finding: the java.lang.RuntimePermission issue does not happen in the 1.8.0_152 JVM. Thus, it may be related to a security patch.