Question about applet permissions with Java 7+

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about applet permissions with Java 7+

Roger Whitcomb-3
We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a good solution going forward.  So, anyone have a thought as to how best to resolve this?  Should this be in "build.properties"? Should it be set to "all-permissions" always?  Should it be set to "sandbox" instead?  Should it be up to users (i.e., they would have to build the code themselves in order to set this)?  Anyone know how others are addressing this in their applet code?

Thanks,
~Roger Whitcomb



Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Sandro Martini
Hi,

> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a good solution going forward.  So, anyone have a thought as to how best to resolve this?
> Should this be in "build.properties"?
yes
> Should it be set to "all-permissions" always?  Should it be set to "sandbox" instead?  Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
I'd set it to "all-permissions" directly in build.properties file
(maybe with a commented line on possible values), so anyone that needs
a different value can change it and rebuild.

> Anyone know how others are addressing this in their applet code?
no, sorry ... maybe forward this mail even to users could help us to
get a better idea.


Note that in our Web Start demo files in the web site, we set the
security tag to all-permissions (inside jnlp files) to make those
requiring additional permissions work.

Anyway, these are related issues (our and at Infra) to track this:
https://issues.apache.org/jira/browse/PIVOT-920
https://issues.apache.org/jira/browse/INFRA-3991

and we should start soon to take a look (once we receive signing info)
... Roger could you ask to enable us ?

Note that if possible we could make the same even for 2.0.x ...


As a side note, on Applets and Java 8, did you tried (I fear that some
classes that we refer are are no more usable, it's already in todo
list in a related issue) ?

Bye,
Sandro
Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Sandro Martini
Ciao Roger,
just see the commit for the change in build files in trunk ... what do
you think on a merge even to 2.0.x ?
If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and 2.0.5).

Bye


2014-10-29 13:14 GMT+01:00 Sandro Martini <[hidden email]>:

> Hi,
>
>> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a good solution going forward.  So, anyone have a thought as to how best to resolve this?
>> Should this be in "build.properties"?
> yes
>> Should it be set to "all-permissions" always?  Should it be set to "sandbox" instead?  Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
> I'd set it to "all-permissions" directly in build.properties file
> (maybe with a commented line on possible values), so anyone that needs
> a different value can change it and rebuild.
>
>> Anyone know how others are addressing this in their applet code?
> no, sorry ... maybe forward this mail even to users could help us to
> get a better idea.
>
>
> Note that in our Web Start demo files in the web site, we set the
> security tag to all-permissions (inside jnlp files) to make those
> requiring additional permissions work.
>
> Anyway, these are related issues (our and at Infra) to track this:
> https://issues.apache.org/jira/browse/PIVOT-920
> https://issues.apache.org/jira/browse/INFRA-3991
>
> and we should start soon to take a look (once we receive signing info)
> ... Roger could you ask to enable us ?
>
> Note that if possible we could make the same even for 2.0.x ...
>
>
> As a side note, on Applets and Java 8, did you tried (I fear that some
> classes that we refer are are no more usable, it's already in todo
> list in a related issue) ?
>
> Bye,
> Sandro
Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Roger and Beth Whitcomb
I don't think it is necessary for 2.0.x because we don't build there with 1.7 by default, but in trunk we do.

~Roger Whitcomb

Sent from my iPhone

> On Oct 31, 2014, at 1:42 AM, Sandro Martini <[hidden email]> wrote:
>
> Ciao Roger,
> just see the commit for the change in build files in trunk ... what do
> you think on a merge even to 2.0.x ?
> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and 2.0.5).
>
> Bye
>
>
> 2014-10-29 13:14 GMT+01:00 Sandro Martini <[hidden email]>:
>> Hi,
>>
>>> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a good solution going forward.  So, anyone have a thought as to how best to resolve this?
>>> Should this be in "build.properties"?
>> yes
>>> Should it be set to "all-permissions" always?  Should it be set to "sandbox" instead?  Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
>> I'd set it to "all-permissions" directly in build.properties file
>> (maybe with a commented line on possible values), so anyone that needs
>> a different value can change it and rebuild.
>>
>>> Anyone know how others are addressing this in their applet code?
>> no, sorry ... maybe forward this mail even to users could help us to
>> get a better idea.
>>
>>
>> Note that in our Web Start demo files in the web site, we set the
>> security tag to all-permissions (inside jnlp files) to make those
>> requiring additional permissions work.
>>
>> Anyway, these are related issues (our and at Infra) to track this:
>> https://issues.apache.org/jira/browse/PIVOT-920
>> https://issues.apache.org/jira/browse/INFRA-3991
>>
>> and we should start soon to take a look (once we receive signing info)
>> ... Roger could you ask to enable us ?
>>
>> Note that if possible we could make the same even for 2.0.x ...
>>
>>
>> As a side note, on Applets and Java 8, did you tried (I fear that some
>> classes that we refer are are no more usable, it's already in todo
>> list in a related issue) ?
>>
>> Bye,
>> Sandro
>
Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Sandro Martini
Hi,

but usually now we run 2.0.x applets/applications with Java 7 updated jre,
so I don't think it's so bad.
Unless objections I'll do the merge and create a related issue, to track it.

Bye
 Il 01/nov/2014 01:43 "Roger Whitcomb" <[hidden email]> ha
scritto:

> I don't think it is necessary for 2.0.x because we don't build there with
> 1.7 by default, but in trunk we do.
>
> ~Roger Whitcomb
>
> Sent from my iPhone
>
> > On Oct 31, 2014, at 1:42 AM, Sandro Martini <[hidden email]>
> wrote:
> >
> > Ciao Roger,
> > just see the commit for the change in build files in trunk ... what do
> > you think on a merge even to 2.0.x ?
> > If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
> 2.0.5).
> >
> > Bye
> >
> >
> > 2014-10-29 13:14 GMT+01:00 Sandro Martini <[hidden email]>:
> >> Hi,
> >>
> >>> We've now started to deploy our app as an applet using Pivot, and to
> address the new security considerations in Java 7, we needed to set the
> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did
> this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a
> good solution going forward.  So, anyone have a thought as to how best to
> resolve this?
> >>> Should this be in "build.properties"?
> >> yes
> >>> Should it be set to "all-permissions" always?  Should it be set to
> "sandbox" instead?  Should it be up to users (i.e., they would have to
> build the code themselves in order to set this)?
> >> I'd set it to "all-permissions" directly in build.properties file
> >> (maybe with a commented line on possible values), so anyone that needs
> >> a different value can change it and rebuild.
> >>
> >>> Anyone know how others are addressing this in their applet code?
> >> no, sorry ... maybe forward this mail even to users could help us to
> >> get a better idea.
> >>
> >>
> >> Note that in our Web Start demo files in the web site, we set the
> >> security tag to all-permissions (inside jnlp files) to make those
> >> requiring additional permissions work.
> >>
> >> Anyway, these are related issues (our and at Infra) to track this:
> >> https://issues.apache.org/jira/browse/PIVOT-920
> >> https://issues.apache.org/jira/browse/INFRA-3991
> >>
> >> and we should start soon to take a look (once we receive signing info)
> >> ... Roger could you ask to enable us ?
> >>
> >> Note that if possible we could make the same even for 2.0.x ...
> >>
> >>
> >> As a side note, on Applets and Java 8, did you tried (I fear that some
> >> classes that we refer are are no more usable, it's already in todo
> >> list in a related issue) ?
> >>
> >> Bye,
> >> Sandro
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Roger and Beth Whitcomb
Yeah I thought about that right after I fired off my earlier response. So that's fine to merge the change to 2.0.x branch (or I can do it easily also).

Thanks,
~Roger

> On Nov 2, 2014, at 3:47 AM, Sandro Martini <[hidden email]> wrote:
>
> Hi,
>
> but usually now we run 2.0.x applets/applications with Java 7 updated jre,
> so I don't think it's so bad.
> Unless objections I'll do the merge and create a related issue, to track it.
>
> Bye
> Il 01/nov/2014 01:43 "Roger Whitcomb" <[hidden email]> ha
> scritto:
>
>> I don't think it is necessary for 2.0.x because we don't build there with
>> 1.7 by default, but in trunk we do.
>>
>> ~Roger Whitcomb
>>
>> Sent from my iPhone
>>
>>>> On Oct 31, 2014, at 1:42 AM, Sandro Martini <[hidden email]>
>>> wrote:
>>>
>>> Ciao Roger,
>>> just see the commit for the change in build files in trunk ... what do
>>> you think on a merge even to 2.0.x ?
>>> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
>> 2.0.5).
>>>
>>> Bye
>>>
>>>
>>> 2014-10-29 13:14 GMT+01:00 Sandro Martini <[hidden email]>:
>>>> Hi,
>>>>
>>>>> We've now started to deploy our app as an applet using Pivot, and to
>> address the new security considerations in Java 7, we needed to set the
>> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did
>> this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a
>> good solution going forward.  So, anyone have a thought as to how best to
>> resolve this?
>>>>> Should this be in "build.properties"?
>>>> yes
>>>>> Should it be set to "all-permissions" always?  Should it be set to
>> "sandbox" instead?  Should it be up to users (i.e., they would have to
>> build the code themselves in order to set this)?
>>>> I'd set it to "all-permissions" directly in build.properties file
>>>> (maybe with a commented line on possible values), so anyone that needs
>>>> a different value can change it and rebuild.
>>>>
>>>>> Anyone know how others are addressing this in their applet code?
>>>> no, sorry ... maybe forward this mail even to users could help us to
>>>> get a better idea.
>>>>
>>>>
>>>> Note that in our Web Start demo files in the web site, we set the
>>>> security tag to all-permissions (inside jnlp files) to make those
>>>> requiring additional permissions work.
>>>>
>>>> Anyway, these are related issues (our and at Infra) to track this:
>>>> https://issues.apache.org/jira/browse/PIVOT-920
>>>> https://issues.apache.org/jira/browse/INFRA-3991
>>>>
>>>> and we should start soon to take a look (once we receive signing info)
>>>> ... Roger could you ask to enable us ?
>>>>
>>>> Note that if possible we could make the same even for 2.0.x ...
>>>>
>>>>
>>>> As a side note, on Applets and Java 8, did you tried (I fear that some
>>>> classes that we refer are are no more usable, it's already in todo
>>>> list in a related issue) ?
>>>>
>>>> Bye,
>>>> Sandro
>>
Reply | Threaded
Open this post in threaded view
|

Re: Question about applet permissions with Java 7+

Sandro Martini
Don't worry, no problem :-) .

Bye


2014-11-02 16:28 GMT+01:00 Roger Whitcomb <[hidden email]>:

> Yeah I thought about that right after I fired off my earlier response. So that's fine to merge the change to 2.0.x branch (or I can do it easily also).
>
> Thanks,
> ~Roger
>
>> On Nov 2, 2014, at 3:47 AM, Sandro Martini <[hidden email]> wrote:
>>
>> Hi,
>>
>> but usually now we run 2.0.x applets/applications with Java 7 updated jre,
>> so I don't think it's so bad.
>> Unless objections I'll do the merge and create a related issue, to track it.
>>
>> Bye
>> Il 01/nov/2014 01:43 "Roger Whitcomb" <[hidden email]> ha
>> scritto:
>>
>>> I don't think it is necessary for 2.0.x because we don't build there with
>>> 1.7 by default, but in trunk we do.
>>>
>>> ~Roger Whitcomb
>>>
>>> Sent from my iPhone
>>>
>>>>> On Oct 31, 2014, at 1:42 AM, Sandro Martini <[hidden email]>
>>>> wrote:
>>>>
>>>> Ciao Roger,
>>>> just see the commit for the change in build files in trunk ... what do
>>>> you think on a merge even to 2.0.x ?
>>>> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
>>> 2.0.5).
>>>>
>>>> Bye
>>>>
>>>>
>>>> 2014-10-29 13:14 GMT+01:00 Sandro Martini <[hidden email]>:
>>>>> Hi,
>>>>>
>>>>>> We've now started to deploy our app as an applet using Pivot, and to
>>> address the new security considerations in Java 7, we needed to set the
>>> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions".  I did
>>> this by manually modifying the "build.xml" in "trunk".  Doesn't seem like a
>>> good solution going forward.  So, anyone have a thought as to how best to
>>> resolve this?
>>>>>> Should this be in "build.properties"?
>>>>> yes
>>>>>> Should it be set to "all-permissions" always?  Should it be set to
>>> "sandbox" instead?  Should it be up to users (i.e., they would have to
>>> build the code themselves in order to set this)?
>>>>> I'd set it to "all-permissions" directly in build.properties file
>>>>> (maybe with a commented line on possible values), so anyone that needs
>>>>> a different value can change it and rebuild.
>>>>>
>>>>>> Anyone know how others are addressing this in their applet code?
>>>>> no, sorry ... maybe forward this mail even to users could help us to
>>>>> get a better idea.
>>>>>
>>>>>
>>>>> Note that in our Web Start demo files in the web site, we set the
>>>>> security tag to all-permissions (inside jnlp files) to make those
>>>>> requiring additional permissions work.
>>>>>
>>>>> Anyway, these are related issues (our and at Infra) to track this:
>>>>> https://issues.apache.org/jira/browse/PIVOT-920
>>>>> https://issues.apache.org/jira/browse/INFRA-3991
>>>>>
>>>>> and we should start soon to take a look (once we receive signing info)
>>>>> ... Roger could you ask to enable us ?
>>>>>
>>>>> Note that if possible we could make the same even for 2.0.x ...
>>>>>
>>>>>
>>>>> As a side note, on Applets and Java 8, did you tried (I fear that some
>>>>> classes that we refer are are no more usable, it's already in todo
>>>>> list in a related issue) ?
>>>>>
>>>>> Bye,
>>>>> Sandro
>>>