IcedTea-Web javaws is running the jnlp app sandboxed

mpritt michael.pritt at westringtechnologies.com
Sat Apr 6 02:31:06 UTC 2019 

I'm not sure why my application seems to always run being sandboxed (or so it
seems), when running with IcedTea-Web's javaws.  I'm running in a Windows
environment with the IcedTea-Web version 1.7.2 and the java OpenJDK 11.0.2. 

Note that I can run the app successfully using the -nosecurity option.

All the jars are signed and each jar has in it's manifest the following:

Permissions: all-permissions
Codebase: *
Trusted-Library: true
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *

The .jnlp file has requested all permissions as well: 
  
  <security>
    <all-permissions/>
  </security>

With the debugging option turned on I can see that the certificate is
accepted, and that the jars are being recognized as signed.  When the app
first gets downloaded,  the dialog pops up requesting permission to run with
unrestricted access and the I've selected the "run" button.  However the app
seems to runs in sandbox mode.  (I've also cleared out the cache and then
manually selected all security options as well to try to run it any
differently but to no avail).  

I've also tried creating a java.policy file under the
.config/icedtea-web/security directory and have it allow all permissions (I
don't believe I should have to do this anyway) by putting into the file:

grant {
  permission java.lang.AllPermission;
};  


With debugging turned on I see that certain permissions are not being
allowed.  I see the following statements:

Denying permission: ("java.lang.RuntimePermission"
"accessClassInPackage.sun.security.util")
Denying permission: ("java.security.SecurityPermission"
"putProviderProperty.XMLDSig")
Denying permission: ("java.lang.RuntimePermission"
"accessClassInPackage.sun.security.krb5")

I do see the following file permission given (i.e. Permission added:
("java.io.FilePermission"
"...\.cache\icedtea-web\cache\352\...\persistence-api-1.0.jar" "read"))


Application starts up but fails because of security exceptions from the
login attempt (i.e 
javax.security.auth.login.LoginException: Security Exception
	at
java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:805)
	at
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
	at
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at
java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
	at
java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
)

Like I mentioned before, the application works just fine when the
-nosecurity option is added.  

Does anyone have any idea as to what might be the problem?

Thanks,



--
Sent from: http://openjdk.5641.n7.nabble.com/OpenJDK-Distribution-specific-Packaging-f25548.html

More information about the distro-pkg-dev mailing list