Page 1 of 1
access denied "java.lang.RuntimePermission" getenv
Posted: 23 Dec 2024, 19:32
by danmoser
Hi!
I have a signed application with valid certificates but I'm getting the error below:
Code: Select all
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
I added the following to the JNLP file, with no effect:
Code: Select all
<security>
<permission name="java.lang.RuntimePermission" name="getenv.*"/>
<all-permissions/>
</security>
I know that the `getenv` is not recommended (properties should be used instead), but it is an old application and I do not want to change it.
Thanks in advance!
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 23 Dec 2024, 19:40
by danmoser
PS: the same Java8 application works fine with Oracle's WebStart.
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 24 Dec 2024, 11:47
by Janak Mulani
I tested running the application with Java 8 and signed jar:
If you have:
Code: Select all
<security>
<all-permissions/>
</security>
then no permissions are needed if your application does System.getenv(..)
if you have :
Code: Select all
<security> <j2ee-application-client-permissions/> </security>
then for System.getenv(..) in your application to execute without the exception
Code: Select all
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
you need to add the permission
Code: Select all
permission java.lang.RuntimePermission "getenv.*";
in
adoptium_1.8.0.412_x64\jre\lib\security\java.policy file.
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 27 Dec 2024, 01:09
by danmoser
Thank You @Janak Mulani!
1) ``<security> <all-permissions/> </security>`` is in my JNLP but OpenWebStart refuses to execute the app with the ``System.getenv(..)`` error...
2) However addin ``permission java.lang.RuntimePermission "getenv.*", "read";`` to the file ``java.policy`` made the option above work!!!
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 27 Dec 2024, 08:34
by Janak Mulani
> 1) ``<security> <all-permissions/> </security>`` is in my JNLP but OpenWebStart refuses to execute the app with the ``System.getenv(..)`` error.
This is strange. Which JRE is used to run the Jnlp application? Which env variable is being accessed by your application? Is it a system variable or a user variable? Which version of OWS are you using? Was the OWS installation done for single user or all users of the system?
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 27 Dec 2024, 11:58
by danmoser
Indeed, it's strange... Answering your questions:
- JRE running the app: azul_1.8.0.372_x64
- env variable: it's a user variable. Basically it checks if the variable is defined and it uses the ENV value if it exist. Otherwise a hard-coded one.
- Installation: OWS was installed as root in a RedHat8 using "alien" from the available *.deb. However I'm not running the app as a regular user.
It may be relevant: other apps, with different permissions, work fine in this setup. Also, this app has ``<information> <offline-allowed/> </information>`` in the JNLP, which I don't remember seeing in other apps.
Re: access denied "java.lang.RuntimePermission" getenv
Posted: 31 Dec 2024, 00:18
by danmoser
A new finding: the java.lang.RuntimePermission issue does not happen in the 1.8.0_152 JVM. Thus, it may be related to a security patch.