4

We have an applet which requires certain permissions, which we sign and grant all permissions.
At development time however we use an unsigned applet.
We set all permissions in the user's .java.policy file in their home directory.

This has stopped working in 1.7.0_45 (or possibly _40), as the unsigned applet no longer has the extra permissions.
We are seeing an error like this:
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "OurCustomSystemProperty" "read")

CAUSE
Sun have changed the security behaviour of unsigned applets in 1.7.0_45 or 40.
They have now created and set a new deployment property: 

deployment.security.use.user.home.java.policy=false

This means the user's .java.policy file is ignored by default.

RESOLUTION
Please see my answer below.

csadler
  • 111
  • 1
  • 1
  • 7
  • 1
    Please see the question for the answer, or I can edit it so the answer is in here (assuming I have enough rep) – csadler Oct 16 '13 at 15:50
  • Given enough time, you can enter the answer as an answer, and *accept it* as the answer. That would be the best course of action. (If I'm looking at search results, I'll typically skip hits for questions with no answers, or no accepted answers.) – Andrew Thompson Oct 16 '13 at 16:17
  • OK will do - or you could upvote me and I can do it now ;] – csadler Oct 16 '13 at 16:23
  • Thanks no, I'll be patient. :) As an aside, I typically will not up-vote a question *until there is an accepted answer* on the thread - to 'resolve' it, or prove it can be resolved. ;) – Andrew Thompson Oct 16 '13 at 17:00

1 Answers1

6

RESOLUTION

Either:

A. Edit your deployment.properties and set the above property to true
The path for this is of the form: C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
Add a line like this anywhere in the file:

deployment.security.use.user.home.java.policy=true

or

B. Edit your JRE's central java.policy file and grant all permissions to your applet
The path for this is of the form: C:\Program Files (x86)\Java\jre7\lib\security\java.policy

HTH!

csadler
  • 111
  • 1
  • 1
  • 7
  • `deployment.security.use.user.home.java.policy=true` not working. 2nd option works fine but its not valid when you are dealing with application which is used by world wide user. Check my SOT: http://stackoverflow.com/questions/19424410/changing-java-policy-file-for-applet – Vicky Thakor Oct 17 '13 at 12:54
  • Try pressing 's' in the plugin Java Console, copy the entire contents into a text editor and search for 'policy'. Does the deployment.security.use.user.home.java.policy appear in there? – csadler Oct 18 '13 at 14:01
  • PS making a setting in deployment.properties isnt much good for a web user either? – csadler Oct 18 '13 at 14:06
  • 1
    This reply is not a solution IMO. It is not a solution because changing policy files is not something I'd recommend developers to do, let alone end users. It is too fraught with peril. (I posted a similar comment on a thread that linked this question as a duplicate, but thought it best to add the warning here.) – Andrew Thompson Nov 14 '13 at 10:57
  • We only run into this issue at development time, so tweaking the deployment.properties is fine in that case! – csadler Oct 21 '14 at 08:22