[rfc][icedtea-web] policytool in itweb-settings

Wed Jan 15 06:26:51 PST 2014

On 01/14/2014 07:15 PM, Deepak Bhole wrote:
> * Jiri Vanek <jvanek at redhat.com> [2014-01-14 07:44]:
>> On 01/14/2014 12:33 AM, Jacob Wisor wrote:
>>> Hello there!
>>>
>>> On 01/13/2014 23:20, Andrew Azores wrote:
>>>> Hi,
>>>>
>>>> This small patch hooks the JDK policytool into itweb-settings. It can then be
>>>> used to set up a custom user-level JNLP policy - this, in combination with the
>>>> Run in Sandbox patch, will allow for quite a lot more flexibility in how
>>>> permissions are handled with signed applets/applications.
>>>>
>>>> A nicer, more user-friendly editor to replace the policytool will hopefully come
>>>> later on.
>>>
>>> Oooooooh yes, please! This would be awesome! :-)
>>
>> Yes this would be :))
>> But it is different task. And Quite complex. Especially it must pass
>> upstream (openjdk). And that is *the* task!
>>
>
> Hi Jiri,
>
> How so? The editor we have in mind for ITW is to set policies for
> applets/JNLP apps. Why the need to have it accepted upstream (not that I
> am against it)?
>
> The editor will be geared toward setting policies for untrusted apps for
> the most part (e.g. checkboxes for "allow read/write to filesystem",
> "allow network connection" etc. and some additional customizations. In
> general it would be too restrictive for the kind of complex policies
> that administrators would want to set for complex Java applications.
>

Hi!

Well the policy tool do exists, and can be reused.  There is no need to re-implement it.
If so, then in the most correct place of all - the jdk (where current policy tool is). Then others 
(even itw) will gain benefits from it.
We can add some simple editor for most common cases (as I understand form your comment is what you 
wont). But not rewrite it on our own.

Thanx for watch!

J.

>
>> For now I'm happy that this feature was implemented with such an small effort.
>>>
...