6

I have written a Java application that includes a self updater. The self updater loads new program versions from a web server and replaces the application files. While this works perfectly if the application is installed e.g. in the users home directory, it fails on windows machines if it's installed in the C:\Program Files folder. This is because the JVM is executed under the user’s account which has no write access to the program directory. If a native program, e.g. an installer, tries to write to the program folder, usually a popup appears asking the user to permit the write operation. This doesn’t happen for java applications. Why?

Is there any way to achieve that a write operation of a Java program to a restricted folder brings up the security popup so that the user can permit access to that folder?

Thanks for your responses. According to the answers I see the following options:

  1. Java Web Start
    For me this is not an option for end users. I think that no one can expect from an ordinary end user to know what Java Web Start is, what it’s good for and how it’s used e.g. I doubt that an ordinary Windows user knows how to uninstall a Java Web Start application.

  2. Use an exe-launcher with manifest to launch the Java application
    As far as I understand this solution the exe-launcher would request extended execution right at application start. This is not exactly what I want, cause for my use case it would be sufficient to get extended rights if an update is available and not on every application start.

  3. Perform the update operation by calling a native executable
    One could call a native executable to let it perform the update operation. In this way the application would only request extended rights if an update is available. This sounds not bad but includes some native coding for Windows and doesn’t work on other platforms.

  4. Install a launcher in program folder and the application in user home
    One can place a launcher in the program folder that calls the application that is installed in the user’s home directory. In this way it would be possible to update the application in the user’s home folder. I use InnoSetup for installing my application on Windows and as far as I can see it a split installation is hard to achieve with this installer and probably with other too.

  5. Install the complete application in the user’s home directory
    Because the user has write access to his home directory there is no problem at all. For me this looks like the best option cause of its simplicity.

user2662314
  • 129
  • 2
  • 8
  • Check this: http://stackoverflow.com/questions/4662574/how-do-i-elevate-my-uac-permissions-from-java – Xardas Jan 10 '14 at 19:09
  • In another question you were asking about JWS. Why not install this app. using JWS? It provides auto-update.. – Andrew Thompson Jan 10 '14 at 19:09
  • 2
    I were UAC, I would block your application immediately and prevent it's execution forever. Who guarantees that you're not introducing malicious executables together with your seemingly innocent java stuff? – Federico Berasategui Jan 10 '14 at 19:10
  • Place a starter/updater in the Program Files, and let the real application be downloaded to the user's subdirectory .MyApp. And: JWS is simpler than it might appears. – Joop Eggen Jan 10 '14 at 19:12
  • JWS is a mess from the beginning to the end. It may work in a closed environment like a company but it is definitely not an option to use it over the internet for private users. – user2662314 Jan 10 '14 at 19:17
  • @HighCore The same can be said about Java WebStart, although I believe it has some aspect of policy such that an app can only do things that are granted to the app through the given policy. – CodeChimp Jan 10 '14 at 19:19
  • @codechimp solution: use .Net and deploy via ClickOnce (native, closed-source, trustworthy, secure technology as opposed to *write-once-run-away* type of stuff made by who-knows-who). Windows Desktop should really stop supporting java pretty much like Windows Phone did. – Federico Berasategui Jan 10 '14 at 19:22
  • @HighCore - so you have to block all program that include an update mechanism e.g. Firefox and so on. The fact that my program is written in Java is irrelevant for the question. I just ask how to bring ab the UAC popup to let the user decide if he wants to update or not. By the way the user already gave me the permission to install the program so I see no reason why he should deny to update it... – user2662314 Jan 10 '14 at 19:22
  • 1
    @user2662314 There are lots of apps that use JWS over the internet. ArgoUML immediately comes to mind. However, you know what your requirements are, so ultimately it's your choice. To your problem, I think the authorization popup you refer to is an OS-specific thing. Java being cross-platform, it probably just doesn't support it. You may need to consider making a JNI call, or even developing some other means to update, maybe through a secondary program or something that can use native Windows. – CodeChimp Jan 10 '14 at 19:23
  • @HighCore So your solution to all of Window's problems is to make the OP learn a completely new language? So much for cross-platform development. – CodeChimp Jan 10 '14 at 19:24
  • @Xardas - Thanks for the link this is very interesting stuff. I don't know yet if it's solves the problem but I will have a look at it. Thanks! – user2662314 Jan 10 '14 at 19:39
  • @codechrimp "solution: use .Net and deploy via ClickOnce (native, closed-source, trustworthy, secure..." so a closed source software is trustworthy in your eyes? I don't get your points at all. I don't see a major difference between Java Web Start, ClickOnces and a custom updater/installer. With each technology a software vendor can install malware if the user permits the installation. In each case the question is if a users trust the vendor and the download source of a software or not. This is independent of the used technology. – user2662314 Jan 12 '14 at 21:31
  • You are completely and utterly wrong about Java Web Start. Users never use it directly. The user clicks a link, and the app is installed locally, with automatic updating enabled by default. No user knowledge of Web Start is required. – VGR May 19 '16 at 11:32

2 Answers2

4

If you are using inno setup compiler to generate your launcher, then you can change your app directory permission.

For example, if you need full control and want to update files under AppName/data folder

[Dirs]
Name: "{app}"; 
Name: "{app}\data"; Permissions: everyone-full

[Files]
Source: data\*; DestDir: {app}\data\; Flags: ignoreversion recursesubdirs createallsubdirs; Permissions: everyone-full
Tamil
  • 1,193
  • 9
  • 24
  • I am happy to see this answer here (as I am using exactly inno setup). Howerer this answer can be expanded for more general use: edit permissions for your app folder in program files during installation. – sinedsem Jan 27 '17 at 11:13
3

Unfortunately the increased permissions need to be requested when you first start the program, you cannot promote to them later. Programs that look like they do that are actually restarting themselves with the higher privs behind the scenes.

I had a problem like this a few years ago with a Java app and in the end I installed the application to the user data folder instead of program files as otherwise the auto-updating was a nightmare. You can still add it to the start menu so to a user it looks exactly like any other program.

Tim B
  • 40,716
  • 16
  • 83
  • 128
  • What I don't understand is that, a native program like an installer is also first launched with user rights and then when the program tries to access the program folder it get administrator rights if the user confirms the security popup. So when the program is started it do >not< has increased permission, but gets it on the fly. Where is the difference between e.g. an installer and the Java Virtual Machine? Both are native windows programs and should behave in the same way? – user2662314 Jan 10 '14 at 23:46
  • I already answered that. It doesn't - the installer restarts itself and requests the increased permissions as it restarts. – Tim B Jan 11 '14 at 10:14