You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pivot.apache.org by Roger Whitcomb <Ro...@actian.com> on 2014/10/28 21:02:59 UTC
Question about applet permissions with Java 7+
We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did this by manually modifying the "build.xml" in "trunk". Doesn't seem like a good solution going forward. So, anyone have a thought as to how best to resolve this? Should this be in "build.properties"? Should it be set to "all-permissions" always? Should it be set to "sandbox" instead? Should it be up to users (i.e., they would have to build the code themselves in order to set this)? Anyone know how others are addressing this in their applet code?
Thanks,
~Roger Whitcomb
Re: Question about applet permissions with Java 7+
Posted by Sandro Martini <sa...@gmail.com>.
Don't worry, no problem :-) .
Bye
2014-11-02 16:28 GMT+01:00 Roger Whitcomb <Ro...@rbwhitcomb.com>:
> Yeah I thought about that right after I fired off my earlier response. So that's fine to merge the change to 2.0.x branch (or I can do it easily also).
>
> Thanks,
> ~Roger
>
>> On Nov 2, 2014, at 3:47 AM, Sandro Martini <sa...@gmail.com> wrote:
>>
>> Hi,
>>
>> but usually now we run 2.0.x applets/applications with Java 7 updated jre,
>> so I don't think it's so bad.
>> Unless objections I'll do the merge and create a related issue, to track it.
>>
>> Bye
>> Il 01/nov/2014 01:43 "Roger Whitcomb" <Ro...@rbwhitcomb.com> ha
>> scritto:
>>
>>> I don't think it is necessary for 2.0.x because we don't build there with
>>> 1.7 by default, but in trunk we do.
>>>
>>> ~Roger Whitcomb
>>>
>>> Sent from my iPhone
>>>
>>>>> On Oct 31, 2014, at 1:42 AM, Sandro Martini <sa...@gmail.com>
>>>> wrote:
>>>>
>>>> Ciao Roger,
>>>> just see the commit for the change in build files in trunk ... what do
>>>> you think on a merge even to 2.0.x ?
>>>> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
>>> 2.0.5).
>>>>
>>>> Bye
>>>>
>>>>
>>>> 2014-10-29 13:14 GMT+01:00 Sandro Martini <sa...@gmail.com>:
>>>>> Hi,
>>>>>
>>>>>> We've now started to deploy our app as an applet using Pivot, and to
>>> address the new security considerations in Java 7, we needed to set the
>>> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did
>>> this by manually modifying the "build.xml" in "trunk". Doesn't seem like a
>>> good solution going forward. So, anyone have a thought as to how best to
>>> resolve this?
>>>>>> Should this be in "build.properties"?
>>>>> yes
>>>>>> Should it be set to "all-permissions" always? Should it be set to
>>> "sandbox" instead? Should it be up to users (i.e., they would have to
>>> build the code themselves in order to set this)?
>>>>> I'd set it to "all-permissions" directly in build.properties file
>>>>> (maybe with a commented line on possible values), so anyone that needs
>>>>> a different value can change it and rebuild.
>>>>>
>>>>>> Anyone know how others are addressing this in their applet code?
>>>>> no, sorry ... maybe forward this mail even to users could help us to
>>>>> get a better idea.
>>>>>
>>>>>
>>>>> Note that in our Web Start demo files in the web site, we set the
>>>>> security tag to all-permissions (inside jnlp files) to make those
>>>>> requiring additional permissions work.
>>>>>
>>>>> Anyway, these are related issues (our and at Infra) to track this:
>>>>> https://issues.apache.org/jira/browse/PIVOT-920
>>>>> https://issues.apache.org/jira/browse/INFRA-3991
>>>>>
>>>>> and we should start soon to take a look (once we receive signing info)
>>>>> ... Roger could you ask to enable us ?
>>>>>
>>>>> Note that if possible we could make the same even for 2.0.x ...
>>>>>
>>>>>
>>>>> As a side note, on Applets and Java 8, did you tried (I fear that some
>>>>> classes that we refer are are no more usable, it's already in todo
>>>>> list in a related issue) ?
>>>>>
>>>>> Bye,
>>>>> Sandro
>>>
Re: Question about applet permissions with Java 7+
Posted by Roger Whitcomb <Ro...@rbwhitcomb.com>.
Yeah I thought about that right after I fired off my earlier response. So that's fine to merge the change to 2.0.x branch (or I can do it easily also).
Thanks,
~Roger
> On Nov 2, 2014, at 3:47 AM, Sandro Martini <sa...@gmail.com> wrote:
>
> Hi,
>
> but usually now we run 2.0.x applets/applications with Java 7 updated jre,
> so I don't think it's so bad.
> Unless objections I'll do the merge and create a related issue, to track it.
>
> Bye
> Il 01/nov/2014 01:43 "Roger Whitcomb" <Ro...@rbwhitcomb.com> ha
> scritto:
>
>> I don't think it is necessary for 2.0.x because we don't build there with
>> 1.7 by default, but in trunk we do.
>>
>> ~Roger Whitcomb
>>
>> Sent from my iPhone
>>
>>>> On Oct 31, 2014, at 1:42 AM, Sandro Martini <sa...@gmail.com>
>>> wrote:
>>>
>>> Ciao Roger,
>>> just see the commit for the change in build files in trunk ... what do
>>> you think on a merge even to 2.0.x ?
>>> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
>> 2.0.5).
>>>
>>> Bye
>>>
>>>
>>> 2014-10-29 13:14 GMT+01:00 Sandro Martini <sa...@gmail.com>:
>>>> Hi,
>>>>
>>>>> We've now started to deploy our app as an applet using Pivot, and to
>> address the new security considerations in Java 7, we needed to set the
>> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did
>> this by manually modifying the "build.xml" in "trunk". Doesn't seem like a
>> good solution going forward. So, anyone have a thought as to how best to
>> resolve this?
>>>>> Should this be in "build.properties"?
>>>> yes
>>>>> Should it be set to "all-permissions" always? Should it be set to
>> "sandbox" instead? Should it be up to users (i.e., they would have to
>> build the code themselves in order to set this)?
>>>> I'd set it to "all-permissions" directly in build.properties file
>>>> (maybe with a commented line on possible values), so anyone that needs
>>>> a different value can change it and rebuild.
>>>>
>>>>> Anyone know how others are addressing this in their applet code?
>>>> no, sorry ... maybe forward this mail even to users could help us to
>>>> get a better idea.
>>>>
>>>>
>>>> Note that in our Web Start demo files in the web site, we set the
>>>> security tag to all-permissions (inside jnlp files) to make those
>>>> requiring additional permissions work.
>>>>
>>>> Anyway, these are related issues (our and at Infra) to track this:
>>>> https://issues.apache.org/jira/browse/PIVOT-920
>>>> https://issues.apache.org/jira/browse/INFRA-3991
>>>>
>>>> and we should start soon to take a look (once we receive signing info)
>>>> ... Roger could you ask to enable us ?
>>>>
>>>> Note that if possible we could make the same even for 2.0.x ...
>>>>
>>>>
>>>> As a side note, on Applets and Java 8, did you tried (I fear that some
>>>> classes that we refer are are no more usable, it's already in todo
>>>> list in a related issue) ?
>>>>
>>>> Bye,
>>>> Sandro
>>
Re: Question about applet permissions with Java 7+
Posted by Sandro Martini <sa...@gmail.com>.
Hi,
but usually now we run 2.0.x applets/applications with Java 7 updated jre,
so I don't think it's so bad.
Unless objections I'll do the merge and create a related issue, to track it.
Bye
Il 01/nov/2014 01:43 "Roger Whitcomb" <Ro...@rbwhitcomb.com> ha
scritto:
> I don't think it is necessary for 2.0.x because we don't build there with
> 1.7 by default, but in trunk we do.
>
> ~Roger Whitcomb
>
> Sent from my iPhone
>
> > On Oct 31, 2014, at 1:42 AM, Sandro Martini <sa...@gmail.com>
> wrote:
> >
> > Ciao Roger,
> > just see the commit for the change in build files in trunk ... what do
> > you think on a merge even to 2.0.x ?
> > If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and
> 2.0.5).
> >
> > Bye
> >
> >
> > 2014-10-29 13:14 GMT+01:00 Sandro Martini <sa...@gmail.com>:
> >> Hi,
> >>
> >>> We've now started to deploy our app as an applet using Pivot, and to
> address the new security considerations in Java 7, we needed to set the
> "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did
> this by manually modifying the "build.xml" in "trunk". Doesn't seem like a
> good solution going forward. So, anyone have a thought as to how best to
> resolve this?
> >>> Should this be in "build.properties"?
> >> yes
> >>> Should it be set to "all-permissions" always? Should it be set to
> "sandbox" instead? Should it be up to users (i.e., they would have to
> build the code themselves in order to set this)?
> >> I'd set it to "all-permissions" directly in build.properties file
> >> (maybe with a commented line on possible values), so anyone that needs
> >> a different value can change it and rebuild.
> >>
> >>> Anyone know how others are addressing this in their applet code?
> >> no, sorry ... maybe forward this mail even to users could help us to
> >> get a better idea.
> >>
> >>
> >> Note that in our Web Start demo files in the web site, we set the
> >> security tag to all-permissions (inside jnlp files) to make those
> >> requiring additional permissions work.
> >>
> >> Anyway, these are related issues (our and at Infra) to track this:
> >> https://issues.apache.org/jira/browse/PIVOT-920
> >> https://issues.apache.org/jira/browse/INFRA-3991
> >>
> >> and we should start soon to take a look (once we receive signing info)
> >> ... Roger could you ask to enable us ?
> >>
> >> Note that if possible we could make the same even for 2.0.x ...
> >>
> >>
> >> As a side note, on Applets and Java 8, did you tried (I fear that some
> >> classes that we refer are are no more usable, it's already in todo
> >> list in a related issue) ?
> >>
> >> Bye,
> >> Sandro
> >
>
Re: Question about applet permissions with Java 7+
Posted by Roger Whitcomb <Ro...@rbwhitcomb.com>.
I don't think it is necessary for 2.0.x because we don't build there with 1.7 by default, but in trunk we do.
~Roger Whitcomb
Sent from my iPhone
> On Oct 31, 2014, at 1:42 AM, Sandro Martini <sa...@gmail.com> wrote:
>
> Ciao Roger,
> just see the commit for the change in build files in trunk ... what do
> you think on a merge even to 2.0.x ?
> If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and 2.0.5).
>
> Bye
>
>
> 2014-10-29 13:14 GMT+01:00 Sandro Martini <sa...@gmail.com>:
>> Hi,
>>
>>> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did this by manually modifying the "build.xml" in "trunk". Doesn't seem like a good solution going forward. So, anyone have a thought as to how best to resolve this?
>>> Should this be in "build.properties"?
>> yes
>>> Should it be set to "all-permissions" always? Should it be set to "sandbox" instead? Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
>> I'd set it to "all-permissions" directly in build.properties file
>> (maybe with a commented line on possible values), so anyone that needs
>> a different value can change it and rebuild.
>>
>>> Anyone know how others are addressing this in their applet code?
>> no, sorry ... maybe forward this mail even to users could help us to
>> get a better idea.
>>
>>
>> Note that in our Web Start demo files in the web site, we set the
>> security tag to all-permissions (inside jnlp files) to make those
>> requiring additional permissions work.
>>
>> Anyway, these are related issues (our and at Infra) to track this:
>> https://issues.apache.org/jira/browse/PIVOT-920
>> https://issues.apache.org/jira/browse/INFRA-3991
>>
>> and we should start soon to take a look (once we receive signing info)
>> ... Roger could you ask to enable us ?
>>
>> Note that if possible we could make the same even for 2.0.x ...
>>
>>
>> As a side note, on Applets and Java 8, did you tried (I fear that some
>> classes that we refer are are no more usable, it's already in todo
>> list in a related issue) ?
>>
>> Bye,
>> Sandro
>
Re: Question about applet permissions with Java 7+
Posted by Sandro Martini <sa...@gmail.com>.
Ciao Roger,
just see the commit for the change in build files in trunk ... what do
you think on a merge even to 2.0.x ?
If it's ok I can do it, tell me ... and add an issue for this (2.1.0 and 2.0.5).
Bye
2014-10-29 13:14 GMT+01:00 Sandro Martini <sa...@gmail.com>:
> Hi,
>
>> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did this by manually modifying the "build.xml" in "trunk". Doesn't seem like a good solution going forward. So, anyone have a thought as to how best to resolve this?
>> Should this be in "build.properties"?
> yes
>> Should it be set to "all-permissions" always? Should it be set to "sandbox" instead? Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
> I'd set it to "all-permissions" directly in build.properties file
> (maybe with a commented line on possible values), so anyone that needs
> a different value can change it and rebuild.
>
>> Anyone know how others are addressing this in their applet code?
> no, sorry ... maybe forward this mail even to users could help us to
> get a better idea.
>
>
> Note that in our Web Start demo files in the web site, we set the
> security tag to all-permissions (inside jnlp files) to make those
> requiring additional permissions work.
>
> Anyway, these are related issues (our and at Infra) to track this:
> https://issues.apache.org/jira/browse/PIVOT-920
> https://issues.apache.org/jira/browse/INFRA-3991
>
> and we should start soon to take a look (once we receive signing info)
> ... Roger could you ask to enable us ?
>
> Note that if possible we could make the same even for 2.0.x ...
>
>
> As a side note, on Applets and Java 8, did you tried (I fear that some
> classes that we refer are are no more usable, it's already in todo
> list in a related issue) ?
>
> Bye,
> Sandro
Re: Question about applet permissions with Java 7+
Posted by Sandro Martini <sa...@gmail.com>.
Hi,
> We've now started to deploy our app as an applet using Pivot, and to address the new security considerations in Java 7, we needed to set the "Permissions" attribute in "pivot-wtk.jar" to "all-permissions". I did this by manually modifying the "build.xml" in "trunk". Doesn't seem like a good solution going forward. So, anyone have a thought as to how best to resolve this?
> Should this be in "build.properties"?
yes
> Should it be set to "all-permissions" always? Should it be set to "sandbox" instead? Should it be up to users (i.e., they would have to build the code themselves in order to set this)?
I'd set it to "all-permissions" directly in build.properties file
(maybe with a commented line on possible values), so anyone that needs
a different value can change it and rebuild.
> Anyone know how others are addressing this in their applet code?
no, sorry ... maybe forward this mail even to users could help us to
get a better idea.
Note that in our Web Start demo files in the web site, we set the
security tag to all-permissions (inside jnlp files) to make those
requiring additional permissions work.
Anyway, these are related issues (our and at Infra) to track this:
https://issues.apache.org/jira/browse/PIVOT-920
https://issues.apache.org/jira/browse/INFRA-3991
and we should start soon to take a look (once we receive signing info)
... Roger could you ask to enable us ?
Note that if possible we could make the same even for 2.0.x ...
As a side note, on Applets and Java 8, did you tried (I fear that some
classes that we refer are are no more usable, it's already in todo
list in a related issue) ?
Bye,
Sandro