Project

General

Profile

Actions

Bug #397

closed

App is missing file access rights on OSX 10.9/10.10 (JNLP)

Added by Benedikt Biallowons over 9 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
High
Assignee:
Target version:
-
Start date:
06/24/2015
Due date:
% Done:

0%

Estimated time:
Reviewer:
Build Version:

Description

Die App startet nicht bei einem schreibgeschütztem Homeverzeichnis (mit falscher Fehlermeldung), da hier das ~/.openecard Verzeichnis und die darin enthaltenen Daten nicht angelegt werden können. Dieser Fehler tritt beispielsweise beim Deployment über JNLP im Safari > 6 (OS X 10.9) auf, da hier Webstart-Applikationen in der Default-Einstellung lediglich der Zugriff auf temporäre Verzeichnisse erlaubt wird (unabhängig von dem "all-permissions"-Tag im JNLP Descriptor).


Files

trace.txt (6.72 KB) trace.txt Benedikt Biallowons, 06/25/2015 08:56 AM
Actions #1

Updated by Benedikt Biallowons over 9 years ago

  • Description updated (diff)
Actions #2

Updated by Tobias Wich over 9 years ago

  • Subject changed from Fehler bei schreibgeschütztem Homeverzeichnis to App is missing file access rights on OSX 10.9 (JNLP)

I suppose the app should handle the fact that there is no access to the home directory.
This might be some work to find all occurrences where this happens.

In general this is a Problem we should try to solve, because JNLP deployments are still the anticipated way of deploying the app. Is there any possibility to get the proper rights?

Actions #3

Updated by Tobias Wich over 9 years ago

When making the directory readonly the app starts, though it is not usable for authentication.

In order to fix this I need a stacktrace, so I can see where the security error comes from. Try getting one with the console available in webstart.

Actions #4

Updated by Tobias Wich over 9 years ago

Please try with the version available under http://jnlp.openecard.org/dev/ which contains a first fix.
I suppose this will still fail, so please provide a stacktrace, so we can add further fixes.

Actions #5

Updated by Benedikt Biallowons over 9 years ago

Still failing, trace attached

Actions #6

Updated by Benedikt Biallowons over 9 years ago

  • Subject changed from App is missing file access rights on OSX 10.9 (JNLP) to App is missing file access rights on OSX 10.9/10.10 (JNLP)
Actions #7

Updated by Benedikt Biallowons over 9 years ago

The main problem is, that Apple implemented an additional restriction layer on top of Java's own permission (via JNLP descriptor) settings: https://support.apple.com/en-us/HT202819. If a JNLP application started via the Java deployment tookit (which uses the Java browser plugin) tries to access files other than in Java temp files directory (java.io.tmpdir) it will be blocked. A user has to (manually) give the access rights to the whole file system via the "Run in Unsafe Mode" mode in Safari's Java security settings.

Actions #8

Updated by Tobias Wich over 9 years ago

  • Status changed from New to Rejected

Bug not correctable. Solution is to create an App bundle for local installation.

Actions

Also available in: Atom PDF