Java security permissions for Vista

Hi,

We have recently moved to Vista Business 32 bit and are encountering issues using Java based applications via the Internet.

Having looked at the Sun website I found the following statements :-

 "On Windows Vista, there is a more restrictive sandbox for signed applets. A user has fewer privileges than if they were running on another Windows OS.
On a Windows OS other than Windows Vista, when running a signed applet, a user is prompted with a security warning dialog box and must respond. If "Yes" is clicked, the applet will have AllPermissions to run on the user's machine. This includes permission to write/delete a file from the local disk."

"On a Windows Vista OS, this is no longer true. Instead, AllPermissions is limited to Java Applet scope, not Windows scope. Because a process running in IE has a low integrity level, it will not be able to write/delete a file from a medium/high integrity level directory. A signed JNLP application can run only with medium integrity. Granting AllPermissions in a Java Web Start application only permits the Security Manager to allow operations that it would otherwise deny by throwing SecurityExceptions. It does not in any way elevate the permissions a user or a process has on the system. For example, a typical (non-admin) user might only be able to read and write files within their own home directory (unless other directories are specifically created to allow permissions to all users). "

The above highlgihts the permissioning issue that I think we are experiencing, however it does not state what directories should be targetted for permission changes.

I understand that some Java Apps may utilise their own directories, but I assume there are 'base' Java directories that I should be able to target first.

Can anyone provide me with a list of the directories I should be looking at?

We are using jre-6u14, Vista Business 32 bit, IE 7

Thanks for your help.

Darren.
Daza_WIlliamsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

eteranCommented:
nice
0
Daza_WIlliamsAuthor Commented:
Are there  any Java/Vista Security experts out there that can give me some pointers?
0
VenabiliCommented:
Technically it will be just the directories the the applet needs - so there is nothing like "hardcoded directories". Try to get the Java console running and it will show you which directories are used - and I can help more by seeing the problems there

With this being set - you might want to also look in the newest update securoty patch that java did -- and upgrade the Java a bit -- the main changes were in the applet security although they made it more... restricted so that won't help the issue.

So for a start - get the Java console, try to open/work with the applet and let's see what it shows.
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

jcimarronCommented:
Daza_WIlliams--
FWIW, your Java version is way out of date.  Now up to Java 6 Update 20 .
http://java.com/en/download/manual.jsp
0
VenabiliCommented:
u14 is not way out of date - it is a bit old but it is not the problem here :)
0
Daza_WIlliamsAuthor Commented:
Thanks for your help on this.

I will provide some more background information. I have the applet working under an admin ID but not with a general user ID. So I then gave the general user all the same rights and group memberships as the admin ID, still didnt work. I then copied all of the Sun directory (C:\Users\username\AppData\LocalLow\Sun) from the admin users profile to the general users profile, this time it got a bit further (according to the java console) but is still missing something.

Here is the output from the Java console: (I know this is an older version but this is the recommended one from Reuters, plus it works under the admin user!)


Java Plug-in 1.5.0_18
Using JRE version 1.5.0_18 Java HotSpot(TM) Client VM
User home directory = C:\Users\xxxx
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
java.net.UnknownHostException: www.gva.rapid.reuters.com
      at java.net.PlainSocketImpl.connect(Unknown Source)
      at java.net.Socket.connect(Unknown Source)
      at sun.net.NetworkClient.doConnect(Unknown Source)
      at sun.net.www.http.HttpClient.openServer(Unknown Source)
      at sun.net.www.http.HttpClient.openServer(Unknown Source)
      at sun.net.www.http.HttpClient.<init>(Unknown Source)
      at sun.net.www.http.HttpClient.New(Unknown Source)
      at sun.net.www.http.HttpClient.New(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
      at sun.plugin.net.protocol.http.HttpUtils.followRedirects(Unknown Source)
      at sun.plugin.cache.CachedJarLoader.isUpToDate(Unknown Source)
      at sun.plugin.cache.CachedJarLoader.loadFromCache(Unknown Source)
      at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
      at sun.plugin.cache.JarCache.get(Unknown Source)
      at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
      at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
      at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
      at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
      at sun.misc.URLClassPath$3.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.misc.URLClassPath.getLoader(Unknown Source)
      at sun.misc.URLClassPath.getLoader(Unknown Source)
      at sun.misc.URLClassPath.getResource(Unknown Source)
      at java.net.URLClassLoader$1.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.net.URLClassLoader.findClass(Unknown Source)
      at sun.applet.AppletClassLoader.findClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.applet.AppletClassLoader.loadClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.applet.AppletClassLoader.loadCode(Unknown Source)
      at sun.applet.AppletPanel.createApplet(Unknown Source)
      at sun.plugin.AppletViewer.createApplet(Unknown Source)
      at sun.applet.AppletPanel.runLoader(Unknown Source)
      at sun.applet.AppletPanel.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
[ APPLET ] : Initializing. Please wait. (SUN-JVM)
load: class com.reuters.tct.transport.TransportApplet.class not found.
java.lang.ClassNotFoundException: com.reuters.tct.transport.TransportApplet.class
      at sun.applet.AppletClassLoader.findClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.applet.AppletClassLoader.loadClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.applet.AppletClassLoader.loadCode(Unknown Source)
      at sun.applet.AppletPanel.createApplet(Unknown Source)
      at sun.plugin.AppletViewer.createApplet(Unknown Source)
      at sun.applet.AppletPanel.runLoader(Unknown Source)
      at sun.applet.AppletPanel.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)


Thanks in advance for your help
0
Mick BarryJava DeveloperCommented:
> www.gva.rapid.reuters.com

its failing to resolve that hostname
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daza_WIlliamsAuthor Commented:
I fixed it!

The comment about not resolving the name made me think about the settings we have in in IE. For general users we set a PAC file in the IE connection settings, but for admin users we allow them to change the settings and point directly to the proxy ip address. This was the difference between the user profiles that was causing the issue, for some reason it doesnt like something in the PAC file (maybe due to balancing it between the 2 proxies we have??), anyway once I pointed the general users IE settings directly to the proxy IP address it worked with no problems.

Thank you all for you help!
0
Daza_WIlliamsAuthor Commented:
It gave me a pointer to where the problem actually was coming from, so although not the actual solution it pushed me to look in a different direction
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.