jsr-56 - Java Community Process Program
jsr-56 - Java Community Process Program
jsr-56 - Java Community Process Program
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
This environment is a subset of the Applet sandbox. Since only one application is run per JVM for an<br />
application launched by a JNLP Client, the JNLP sandbox does not have to restrict access to, e.g.,<br />
System.exit and ThreadGroup objects.<br />
5.6 TRUSTED ENVIRONMENTS<br />
This specification specifies two trusted environments, the all-permissions environment and an<br />
environment that meets the security specifications of the J2EE Application Client environment. Both of<br />
these environments provide unrestricted access to the network and local disk. Thus, an application can<br />
intentionally or unintentionally harm the local system. An application must only be launched if it is<br />
trusted.<br />
The security element in the JNLP file is used to request the trusted environments:<br />
All Permissions J2EE Application Client Permissions<br />
<br />
<br />
<br />
<br />
<br />
<br />
The following requirements must be satisfied before a JNLP Client can grant an application these access<br />
rights:<br />
1. The application is signed.<br />
2. The user and/or the JNLP Client trusts the certificate that is used to sign the application.<br />
How a JNLP Client decides to trust a certificate is dependent on the particular implementation. Typically,<br />
a JNLP Client would prompt the user to make a decision on whether to launch the application or not. The<br />
decision can be based on the information stored in the certificate. The decision can be cached, so the<br />
accept action is only required the first time the application is launched.<br />
The application must be run with a SecurityManager installed. The following table lists the exact set<br />
of permissions that must be granted to the application’s resources:<br />
Security Permissions<br />
All Permissions Environement<br />
java.security.AllPermission<br />
Target Action<br />
J2EE Application Client Environment<br />
java.awt.AWTPermission accessClipboard<br />
java.awt.AWTPermission accessEventQueue<br />
java.awt.AWTPermission showWindowWithoutWarningBanner<br />
java.lang.RuntimePermission exitVM<br />
java.lang.RuntimePermission loadLibrary<br />
java.lang.RuntimePermission queuePrintJob<br />
java.net.SocketPermission * connect<br />
JSR-<strong>56</strong> - Proposed Final Draft 36 of 74