NOTE: This file is called “Java policy notes^by Kev.htm” so that the word “policy” can be searched for.
NOTE: Testing here is with Internet Explorer because this is the browser most likely to cause problems. If this works in Internet Explorer, it should work in other browsers.
To look at policies, run h:/languages/JVM/bin/policytool.exe.
It should load the current user's policy file, which is normally:
c:\Documents and Settings\Kev\.java.policy.
or:
/home/kev/.java.policy.
NOTE the full-stop before the word “java”. THE FILE SHOULD NOT BE IN THE .java FOLDER NOR CALLED java.policy.
Backups can be made by saving as other filenames.
There might be no permissions set, in which case the large box list will be empty.
To get permissions recognised, you will need to reload Policy Configuration from the Java Console (key “r” in Console), then refresh Internet Explorer.
To add permissions for Java programs, look at the Java Console output when trying to run a .class file, usually from an “.htm” file.
If the permission requires directory reading, the error will be:
“java.security.AccessControlException: access denied (java.io.FilePermission file.txt read)”
To allow this using policytool:
1). Click “Add Policy Entry”.
2). Fill in a specific Codebase if necessary.
3). Fill in a signature if necessary.
4). Click “Add Permission”.
5). From the “Permission:” combo box, select “FilePermission”.
6). Either specify a target filename or, from the “Target Name:” combo box, select “<<ALL FILES&rt;&rt;.
7). From the “Actions:” combo box, select “read”.
8). If you are happy with this, click “OK”.
9). To add another permission, repeat steps 1-8.
10). When done, click “Done”.
11). The new policy codebase should appear in the large list box.
12). Now select the “File” menu, then “Save” to overwrite the main policy (.java.policy).
13). Click OK to the after-Save dialog box.
14). From Java Console, reload the Policy Configuration using key “r”.
15). Reload the Java program.
The Java Console can only show one exception at a time, so need to keep adding to the policy file.
If you know what permissions will be needed, add them all in one go, then from Java Console, reload Policy Configuration (key “r” in Console).
| Other permissions | policytool Selections combo boxes | ||
| Permission | Target Name | Actions | |
| java.util.PropertyPermission user.dir read | PropertyPermission |
type out user.dir
| read |
| java.io.FilePermission file.txt write | FilePermission | write | |
| java.io.FilePermission file.txt read | FilePermission | read | |
| PERMISSION NAME | TARGET NAME COMBO BOX | ACTIONS COMBO BOX |
| AllPermission (java.security.AllPermission) | ||
| AudioPermission | play | - |
| record | - | |
| AuthPermission | doAs | - |
| doAsPrivileged | - | |
| getSubject | - | |
| getSubjectFromDomainCombiner | - | |
| setReadOnly | - | |
| modifyPrincipals | - | |
| modifyPublicCredentials | - | |
| modifyPrivateCredentials | - | |
| refreshCredential | - | |
| destroyCredential | - | |
| createLoginContext<name> | - | |
| getLoginConfiguration | - | |
| setLoginConfiguration | - | |
| refreshLoginConfiguration | - | |
| AWTPermission | accessClipboard | - |
| accessEventQueue | - | |
| createRobot | - | |
| fullScreenExclusive | - | |
| listenToAllAWTEvents | - | |
| readDisplayPixels | - | |
| replaceKeyboardFocusManager | - | |
| showWindowWithoutWarningBanner | - | |
| watchMousePointer | - | |
| setWindowAlwaysOnTop | - | |
| setAppletStub | - | |
| DelegationPermission (javax.security.auth.kerberos.DelegationPermission) | ||
| FilePermission | <<ALL FILES>> | read| write| delete| execute| read,write,delete,execute |
| LoggingPermission | control | - |
| NetPermission | setDefaultAuthenticator | - |
| requestPasswordAuthentication | - | |
| specifyStreamHandler | - | |
| PrivateCredentialPermission | - | read |
| PropertyPermission | - | read| write| read,write |
| ReflectPermission | suppressAccessChecks | - |
| RuntimePermission | createClassLoader | - |
| getClassLoader | - | |
| setContextClassLoader | - | |
| setSecurityManager | - | |
| createSecurityManager | - | |
| exitVM | - | |
| shutdownHooks | - | |
| setFactory | - | |
| setIO | - | |
| modifyThread | - | |
| stopThread | - | |
| modifyThreadGroup | - | |
| getProtectionDomain | - | |
| readFileDescriptor | - | |
| writeFileDescriptor | - | |
| loadLibrary<library name> | - | |
| accessClassInPackage<package name> | - | |
| defineClassInPackage<package name> | - | |
| accessDeclaredMembers | - | |
| queuePrintJob | - | |
| usePolicy | - | |
| enableContextClassLoaderOverride | - | |
| SecurityPermission | createAccessControlContext | - |
| getDomainCombiner | - | |
| getPolicy | - | |
| setPolicy | - | |
| getProperty<property name> | - | |
| setProperty<property name> | - | |
| insertProvider<provider name> | - | |
| removeProvider<provider name> | - | |
| setSystemScope | - | |
| setIdentityPublicKey | - | |
| setIdentityInfo | - | |
| addIdentityCertificate | - | |
| removeIdentityCertificate | - | |
| printIdentity | - | |
| clearProviderProperties<provider name> | - | |
| putProviderProperty<provider name> | - | |
| removeProviderProperty<provider name> | - | |
| getSignerPrivateKey | - | |
| setSignerKeyPair | - | |
| SerializablePermission | enableSubclassImplementation | - |
| enableSubstitution | - | |
| ServicePermission | - | initiate| accept| initiate,accept |
| SocketPermission | - | listen| connect| accept| resolve| accept,connect,listen,resolve |
| SQLPermission | setLog | - |
| SSLPermission | setHostnameVerifier | - |
| getSSLSessionContext | - | |