[rfc][icedtea-web] policytool in itweb-settings

[Jiri Vanek]

On 01/14/2014 03:16 PM, Jacob Wisor wrote:
> On 01/14/2014 01:42 PM, Jiri Vanek wrote:
>> On 01/14/2014 12:33 AM, Jacob Wisor wrote:
>>> Hello there!
>>>
>>> On 01/13/2014 11:20 PM, Andrew Azores wrote:
>>>> Hi,
>>>>
>>>> This small patch hooks the JDK policytool into itweb-settings. It can then be
>>>> used to set up a custom user-level JNLP policy - this, in combination with the
>>>> Run in Sandbox patch, will allow for quite a lot more flexibility in how
>>>> permissions are handled with signed applets/applications.
>>>>
>>>> A nicer, more user-friendly editor to replace the policytool will hopefully come
>>>> later on.
>>>
>>> Oooooooh yes, please! This would be awesome! :-)
>>
>> Yes this would be :))
>> But it is different task. And Quite complex. Especially it must pass upstream
>> (openjdk). And that is *the* task!
>
> Well, it does not need to replace or displace OpenJDK's policytool. It should be probably enough
> that it complements it. ;-) You know, it's neither forbidden nor against any spec to build
> augmenting tools around OpenJDK.

But still contribute to Openjdk itself is the right thing to do.

...
>
> At first, I thought that the problem would rather be that some system configurations may be missing
> a PATH environment variable entry to policytool and thus launching it may fail. But, Jiri is right.
> The best approach here would probably be to call directly into policytool's main() method with
> user.home as its current working directory. policytool is part of rt.jar, not tools.jar, so it
> should already be on bootclasspath. But, you may have to investigate deeper into it because the

Great!

But I doubt "with  user.home as its current working directory" is possible.
Or do we misunderstand each other?

I had in my mind simple PolicyTool.main(arg,aerg,arg) call in itw-settings.


> package names of some tools have changed from OpenJDK 6 over to OpenJDK 7.

I doubt policy tool was touched in last 10 years ;)

J.