I need to download and run a Jar file. Is there a way to know what it can/will do? I mean what permissions it has? Specifically I need to know if it will try to access my files and if it will try to use my internet. When I download an android application, I can clearly see what permissions it seeks. Is there something similar for Java desktop apps?
Asked
Active
Viewed 2,463 times
1 Answers
1
The short answer is yes, it does: Java Web Start (which is now removed from Java 11) was enforcing permissions using security policy (which is still available).
These checks still exists and are thoroughly explained here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html
They are probably rarely used on a desktop app without Java Web Start, but you can always give a try.
NoDataFound
- 11,381
- 33
- 59
-
Why was it removed from Java 11? What are the alternatives now? – Science Guy Jun 23 '19 at 09:15
-
@ScienceGuy: https://www.oracle.com/.../java/javase/javaclientroadmapupdate2018mar-4414431.pdf blames app stores, which seems weak to me. (Blaming browsers for removing applet/plugin made more sense; that does depend on browser support.) See e.g. https://stackoverflow.com/questions/46904795/java-web-start-support-in-java-9-and-beyond https://stackoverflow.com/questions/51981336/applet-jnlp-on-java-11-migration https://stackoverflow.com/questions/55930547/openjdk-and-java-webstart . But note removal of 'deployment' (applet/plugin and webstart/JNLP) does NOT mean removal of SecurityManager. – dave_thompson_085 Jun 23 '19 at 11:52
-
Ah, I get it. Your answer is just one last step away from helpful. Can you share a resouece where I can see how I can use the SecurityManager to grant limited permissions to the Jar file lying on my Dekstop? – Science Guy Jun 23 '19 at 12:29
-
Granted. I added "which is still available". – NoDataFound Jun 23 '19 at 13:16