Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions

Ralph G. Puga (puga@tis.com)
Wed, 12 Aug 1998 08:58:11 -0400

Date: Wed, 12 Aug 1998 08:58:11 -0400
From: "Ralph G. Puga" <puga@tis.com>
To: schemers@Eng
Subject: Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions

Thanks for all your help. I was beginning to think that we were going
crazy. I will implement my policy file in the of the ways that you
suggested and wait for the FCS for the other alternative.

Thanks,
--Ralph P.

schemers@Eng.Sun.COM wrote:

> ok, I think we've we tracked it down. It turns out that the change Jan
> and I mentioned (i.e., "file:/-") was implemented for FCS, not beta4,
> so it doesn't apply to your problem. It looks like there is a bug in
> the policy parser that attempts to canonicalize path names in file:
> URLs. For "file:/" it actually canonicalizes it to "file://", thus the
> permission is not granted. The workaround is to either specify just
> "file:" or a directory along with "file:" such as "file:/home". For
> example, the following should work:
>
> grant codebase "file:" { ... };
>
> In 1.2 FCS using "file:/-" will work. Note that in
> general granting AllPermission to anything from "file:" can be
> dangerous. It might be better to be more explicit like:
>
> grant codebase "file:${myapp.home}/" { ... };
>
> And then start up your application like:
>
> java -Dmyapp.home=/home/user/classes ...
>
> thanks, roland
>

--
Ralph G. Puga                            puga@tis.com
TIS Labs/Network Associates Inc.         Washington (301) 854-5323
3060 Washington Road              (Voice) Baltimore (410) 442-1673 (x323)
Glenwood, MD 21738                       FAX (301) 854-5363