Java.policy file  - Must I change it?

Similar Messages

• Where to put java.policy file?

  Under which directory the "java.policy" file must be kept in?

  Hi!
  The policy file must be indicated in the command line or by system property, when you starts the service, like the following: -Djava.security.policy = yourfile.policy. If you want to indicate another directory, you can do like this: -Djava.security.policy = C:\temp\yourfile.policy.
  I hope it helps you,
  Sandra.

• File Access with unsigned Applet through editing the java.policy file

  I'am starting to lose my hair on this...
  I am trying to get an applet to run so that it can access the file system to move files on my local maschin. Because this applet is only running on my VM i can change the java.policy to avoid the signing of the applet.
  first of all, if i wrote in the java.policy file
  grant {
    permission java.security.AllPermission; 
  };everything is working perfekt.
  But I have not the intention to open the gates for any applet out there, so i want to limit the access to my applet. With every of the following versions I get at best an
  java.security.AccessControlException: access denied (java.io.FilePermission...
  My Setup
  My Java Version: jre1.6.0_02
  My applet is located unter the url
  http://admin.mydomain.com/applet.jar
  In Html i tryed the following different versions of loading the applet - none worked
  <applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
  <applet codebase="http://admin.mydomain.com" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
  <applet name="shortcut" code="start.class" archive="http://admin.mydomain.com/applet.jar" width="0" height="0"></applet>in java.policy i tryed following versions with every html applet load version
  grant codeBase "http://admin.x-press.de/-" {
    permission java.security.AllPermission; 
  grant codeBase "http://admin.x-press.de/+" {
    permission java.security.AllPermission; 
  grant codeBase "http://admin.x-press.de/applet.jar" {
    permission java.security.AllPermission; 
  };why is it with
  grant {
    permission java.security.AllPermission; 
  };working, and not with the other versions?
  i am almost bold now, please try to save my last hair from falling down.
  any suggestion would be nice
  thanks, feyyaz
  Message was edited by:
  feyyazdogu

  I read the mentioned documentation and your right, some of my versions were wrong, but after reading the doumentation again i came to following result which should had worked but didn't.
  java.policy
  grant codeBase "http://admin.mydomain.com/*" {
    permission java.security.AllPermission;
  HTML File
  <applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" height="0" width="0"></applet>if I am entering http://admin.mydomain.com/applet.jar i can download the jar, so the archive lays in the correct directory.
  what i am doing wrong? do i have to change an additional file somewhere else?

• Essential question concerning java.policy file

  I have been searching this forum for an answer to this question:
  Is there a way to run a signed applet on an intranet (via the Plugin) with out having to go around to each user's workstation and change their java.policy file?
  So far, I have seen this question asked several times but with no concrete answer.
  Thanks for any help!

  You can create your own Policy implementation as shown in the following link :
  http://www.javageeks.com/Papers/JavaPolicy/index.html
  This has some drawbacks.
  I overcame your problem by writing my own Security Manager.

• .java.policy file problem

  Is there someone who knows how to reinitialise the java policy file at runtime?
  My signed applet writes a policy file to the users home directory, but that file is only used after closing the browser and surfing back to our page. It should immediatly use that new file.
  Someone who got some experience with that...?
  Regards

  And is it true that if you use a Thawte or verisign certificate, you will not have to change the .java.policy file?

• How to handle the java.policy file ?

  Can somebody tell me how to handle the java.policy file?
  I always get java.net.SocketExceptions and java.security.AccessControlExceptions while connecting to an appserver from an applet.
  What do I have to write in the java.policy file, where do I have to place it and do I have to call it in some way form my applet?
  Thanks in advance.
  don call

  The java.policy file goes in your jre installation directory in .../jre/lib/security (there should be one there already).
  I used it to allow otherwise restricted permissions for an applet using javax.comm. Add something like the following to the file:
  grant codeBase "URL:http://yourDomainName/rootDirectoryOfYourApp/*" {
       permission java.security.AllPermission;
  This will give the applet downloaded from your site all permissions. You might want to give only certain permissions, I don't know.
  Teri

• Can distribution of a .java.policy file be eliminated

  Sorry for the stupid question, but I'm fairly new to the realm of dealing with Java security...
  I have an applet that I want to deploy worldwide as part of an upgrade to an existing website, but I've run into the following error:
  "Error getting connection to: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.0.101)(PORT=1521)))(CONNECT_DATA=(SID=EKB)(SERVER=DEDICATED))) using oracle.jdbc.driver.OracleDriver
  access denied (java.util.PropertyPermission oracle.jserver.version read)"
  I have managed to figure out that I can eliminate this problem by placing a .java.policy file on all client machines that contain the following:
  "grant {
       permission java.util.PropertyPermission "oracle.jserver.version", "read";
  However, is there any way to eliminate the need to distribute the policy file to those wanting to use the web site's applet? Can it be done somehow within the SSL certificate that I seemingly also have to distribute?
  Any help for this newbee would be appreciated!

  In contrast to what many people say in this forum, it is possible to have an unsigned applet access a database. You don't even have to manipulate the client's policy-file. The requirement is that the database is located on the same machine as the applet is downloaded from.There are however other things that can break this possibility. One is the database-driver itself.
  In the case of Oracle we have tried using different versions of the driver. When using version 8.1.7 or 9.0.1 things work nicely, but when switching to version 9.2 it stops working. There is a question on OTN [1]. Let's see what Oracle has to say about it.
  [1] Problem connecting using Oracle JDBC drivers

• Forte compile error java source files must have a .java suffix

  Hello Guru's,
  I am using Forte for Java release 2.0 build 1160, and Java SDK 1.3.1.
  When I try to compile a project in Forte I get the following error :
  "fastjavac: java source files must have a .java suffix C:\Program"
  I have looked at the source files and they do hav .java suffix!
  If this is not the correct form can someone point me in the right direction. If this is a correct forum then help is very much appreciated.
  Cheers...Harki

  Hi,
  Try to compile like this:
  javac yourfile.java
  Hope this helps you.
  Cheers.....Dinesh

• ".java.policy" file where is this located

  Hi,
  Where is the .java.policy file located. Do I have to create it? Do I have to use any editor for this? Please help me.
  Thank you,
  Regards
  Uma

  It'll probably be in the lib/security directory of your JRE.
  If you've got a JDK then it'll be something like jdk1.3/jre/lib/security/java.policy

• Java Networking and policy file

  Two part question,
  First I writing a applet that is working with sockets, I've compared this and a delphi program and it seems that the delphi program is writing to and recieving from the socket at a faster rate (four second delay for the applet) then the applet. There is no extra code besides opening the client socket and writing and receiving data.
  Second question is is there a way to allow an applet to write to a socket below 1024 without having a java.policy file. If I do need the policy file is there a way to change it from the applet, or to set an work around permission. I'm writing an applet to work with a protocal that generally lives on a socket below 1024.
  Thanks in advance

  There is a way to let an applet access the lower sockets, but you need to sign it. And in order to sign it you need a key from verisign or Thawte. In fact, there are 2 different keys you need, one for Netscape and one for MS. But the netscape one might be the only one that you need.
  Other then signing it, you have to edit your browser preferences to let applets have full access to your system. sorry :(

• How can I change the policy file?

  I have designed an applet to read a file from the local Machine.
  This applet thro a servlet reads the contents of the file specified.
  I use Tomcat 4.1.12 server and this is an client-server application.
  To read the file in the local machine, I set the permission as follows in the .java.policy file in the Local Machine.
  grant codeBase "http://MyMachine:8080/Example" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, execute";
  as the applet file is in the Example of the server "MyMachine".
  Its working and my applet is able to read the file from the local machine it runs.
  Now my problem is I cannot set/change the policy file in every machine where my applet runs.
  Instead if there is a way to change the policy when the applet downloads,that'll be effective.
  That is I donot want to go and change the policy file manually in each and every machine where my applet runs(I donot even know which are the machines going to run the applet).
  Is there any means to acheieve my need?
  Please explain me in detail or direct me to the relevent web sites or links.
  Thank you

  Hi Hosuke,
  I had the same problem, thanks for the advise.
  Still I have a remark to make.
  The thing is that, in order for the applet to have the permission granted (for whatever), you need to have a policy file which you can include in the JAR file (like you explained before) AND also you need to add an entry in the java.security file (located for me: "C:\Program Files\Java\j2re1.4.1_01\lib\security\java.security") that tells the applet where to find all the .policy files.
  Something like: policy.url.4=file:/c:/java.policy
  But since we are talking about an applet we are not able to make changes to this file.
  Maybe you or anyone else knows a workaround for this problem.
  Thanks in advance,
  Ronald Vromans.

• Are there .java.policy changes for 1.6.0_10-rc2?

  Hi,
  I just installed 1.6.0_10-rc2 and now my applets are getting: access denied (java.io.FilePermission read errors. The .java.policy file has been working for years with 1.4 and 1.5. Now with 1.6.0_10-rc2 I get these errors?
  How do I find out what the problem is and correct it?
  Thanks,
  Norm

  Hi All
  Got a similar issue with the tracking / bookmarking of sessions - when on sun Java update 7 all is well however when update 10 or 11 is installed then SCROM session start on page 1 not the page you were on, also as expected they do not get marked as complete.
  Two things happen
  1) A small window is left for - [http://riti04.cornwall.nhs.uk:7780/ilearn/en/learner/jsp/relogin.jsp] - URL
  2) We get an Error on page - [http://riti04.cornwall.nhs.uk:7780/ilearn/en/learner/jsp/lms.jsp] - URL
  Looked for the Plugin section as per a pervious within the Java Control panel - but I'm not seeing it.
  We use iLearn 5.0 and I am begining to think we need a patch but unsure which.
  Thanks
  Stephen

• Server.policy file

  The ejb I am developing is trying to delete the following file from a local filesystem (Linux SuSE 9.3 Pro) : /path/to/file/delete.me I get the following exception:
  java.security.AccessControlException: access denied (java.io.FilePermission /path/to/file/delete.me delete)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.SecurityManager.checkDelete(SecurityManager.java:990)
  at java.io.File.delete(File.java:869)
  I tried to modify the server.policy file adding the following line:
  permission java.io.FilePermission "/path/to/file/delete.me", "delete";
  but nothing changes, even when I restart the application server (don't know even if it is necessary to restart). I am using Sun Java System Application Server Enterprise Edition 8.1. Any help is welcome...
  Thanks in advance
  null

  I think I solved the problem. At least I managed to delete the file :-)
  First I had to add the following line to JRE's java.policy file:
  permission java.io.FilePermission "/path/to/file/delete.me", "delete";Then I added the following entry to the server's server.policy file:
  grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/MyApp-" {
    permission java.io.FilePermission "/path/to/file/delete.me", "delete";
  };like described here:
  http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58n?a=view#beabz
  I hope this could help to someone with the same problem

• Detection Method of Date Modified fails due to copied files date modified change

  I've been working through an issue for some time now and I think it's a bug with SCCM 2012 SP1. I've built literally 50 deployments in "Application Management" in SCCM 2012, but I've been chasing my tail on a few of them throwing the
  "succeeded but couldn't detect" error. The few that have given me problems are all copying text files and then detect the modified date to verify that the file is there. All worked when I initially built them in Windows 8 but are now failing
  randomly...even on a machine where they previously worked and I deleted the files to test the deployment again. 
  What I'm doing:
  My java deployment requires policies which we control with the Deployment.config, deployment.properties and java.policy files. A simple script creates the directories and copies the files. I then create a deployment type for this "ConfigFileCopy.cmd"
  and create a detection rule for each file that I am moving over. The detection rule looks for a "date modified" date between the beginning and end of the date for the day I modified the file. This allows me to modify the files to change our
  java policies and then redeploy them with the "new" modified date as the detection rule, which forces the update.
  The problem:
  When I first created my deployment, everything worked pretty well. The files copy out and the script runs successfully. There were some minor tweaks I need to make to my scripts, so I did and then updated the content for the deployment type. I believe this
  is where things go a little wonky. At this point, my deployment starts failing with the "0x87D00324" error.
  Looking through the logs, everything looks good. The reason configuration manager is failing on detecting the modified date for those files, as it turns out, is because the modified dates don't meet the criteria. So that part is properly failing the detection.
  The problem is that the modified dates are correct on the server but not the client. Looking in c:\windows\ccmcache, I can see multiple folders....presumably one for each version of the application that I updated. Looking at any of the newer content folders
  for this app, the modified dates are the date and time the file was copied out to the workstation, which is incorrect as the file hasn't been modified during that process.
  The odd part, is that this doesn't happen EVERY time on EVERY machine. My primary desktop is windows 8.1 and received the files correctly and installed without issue. My test win 8.1 laptop initially received them correctly, but then as I refined the scripts
  it began picking up the wrong modified dates and started failing.
  I found a similar issue to this existed in SCCM 2007 (http://support.microsoft.com/kb/2276865) so I suspect that this is truly just a bug that hasn't been addressed (or maybe is fixed in R2). Unfortunately
  we have business reasons we can't upgrade to R2 at this time so I'm hoping someone has experienced this and has some sort of work around that might get me by for now. If someone can confirm it is fixed in R2, that would help my case to upgrade as well.  
  I can work around the issue by changing my logic to detect any date greater than a specific date. But I shouldn't have to do that and I'm concerned there are scenarios I haven't thought of that will cause unexpected behavior or failures with that.
   

  This outlines the behavior. It's apparently by design. 
  "SCCM has a habit of changing the ‘Date Modified’ timestamp of all files it delivers when it detects an ‘upgrade’ of the source files for that application. It typically does not touch the timestamp
  of the source files if it delivers a brand new install to a client that has never received the software, however if a single file in the source folder is changed for that application, then SCCM tries to use a previous version of the application in the cache
  (C:\windows\ccmcache) and only downloads the new file that has change. This results in all files having their ‘Data Modified’ timestamp changing (except for the brand new file). Therefore determining if that application has delivered
  successfully using ‘Date Modified’ timestamps is not recommended. The key to seeing this process in action is looking at the file properties in the
  C:\windows\ccmcache\<sccm code> folder for that application, particularly before and after a file is updated in the original source SCCM application folder."
  http://blog.kloud.com.au/tag/sccm/

• IS there code to avoid policy file push in a VeriSign Signed applet?

  Q: Must a digtally signed ( thus Trusted) Applet have some some security code scripts -within the applet- to read specific "out of SandBox Permission" which have been Granted in the users Java.Policy file.
  Actually at first I thought the applet was not finding the users Java.Policy file so I hard coded the permission below into the standard java.policy file just to test it but no luck.
  I have the following Java Applet code which is digitally signed against a Versigin Class3 Code Signing Certificate in the Trusted root. SO I kow the applet runs..
  import java.awt.*;
  import java.io.*;
  import java.lang.*;
  import java.applet.*;
  public class UserName extends Applet {
  public void init() {
  public String runajacode()
  String UserName="";
  try {
  UserName = System.getProperty("user.name");
  catch (SecurityException e) {
  return UserName;
  I Keep getting the security exception error when I try to read User.name property
  Here is the text of the Java.Policy file which is placed in the users home directory
  /* AUTOMATICALLY GENERATED ON Fri May 10 11:37:28 CDT 2002*/
  /* DO NOT EDIT */
  grant {
  permission java.util.PropertyPermission "user.name", "read";
  Thanks BeforeHand
  AJ

  We cannot use the Java Plugin (company Rules) so you
  are saying I must modify the original java.policy
  file and without the Plugin the IE 5.5 VM will notWell, i have to say that if u r not using the java plugin, then there is no need for the policy file and u have to use the VM of the browser.I dont think the browser will support the latest version of java and so u have to write your code according the java 1.0 version. Mircosoft have not updated their java jvm due to issues with sun.
  Can u give me the code of the html file where u include the applet tags and let me have a look at it.
  if u plan to use the applet in IE and signed, then u have to use the CAB file utility which can be downloaded from the microsofft site. A signed cab file can run on IE only.Signed Jar can be run in plugins and netscape .
  Let me know if u need further help.
  ciao