This is an interesting issue that needs to be explored further. For the future, here are some notes.

Iain Keddie (Glaxo Smith-Kline), emailed me about creating a WebStart version of Cytoscape that includes the cPath PlugIn. He used the example JNLP files on cytoscape.org, but when he tries to search cPath, he gets a security AccessControl exception. His JNLP file sets the security permissions to all-permissions, but it still looks as if Cytoscape is running in a security sandbox, and network connectivity is blocked.

I think the root of the problem is that Cytoscape uses a custom Java class loader to load PlugIns.

I also found this interesting post on the web:

http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=53&t=000106

In a nutshell, it says that the all-permissions security flag in JNLP does not propogate to custom class loaders. And, since cpath.jar is loaded via the custom class loader, I think it gets loaded into a protective security sandbox, which prevents network access (among other things).

The only fix I could come up with is to programmitically set the security policy within the Cytoscape core itself: 

   1 Policy.setPolicy( new Policy() {
   2   public PermissionCollection
   3   getPermissions(CodeSource codesource) {
   4     Permissions perms = new Permissions();
   5     perms.add(new AllPermission());
   6     return(perms);
   7   }
   8   public void refresh(){}
   9 });
  10

I tried doing this in the cpath.jar, but doing this raised an access control exception itself.

Adding the above code fixed the problem, but this may only be a band-aid solution, and I haven't committed my changes. I think the full solution may require more changes to the Cytoscape core. I'll log the bug to our bug tracker, and also ask a few other Cytoscape developers.

There is another (possible) option:

add the following to the jnlp file: 

<property name="java.security.policy" value="someURL" />

where some url is a url like: 

http://localhost:8080/cpath/jsp/cytoscape/java.policy

and refers to a file which contains something like: 

grant {
    permission java.net.SocketPermission "toro.cbio.mskcc.org:8080", "connect";
};

See the following urls for more info:

http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html#RelatedDoc
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html#SocketPermission

WebstartNetworkConnectivityIssues (last edited 2009-02-12 01:03:51 by localhost)

Funding for Cytoscape is provided by a federal grant from the U.S. National Institute of General Medical Sciences (NIGMS) of the Na tional Institutes of Health (NIH) under award number GM070743-01. Corporate funding is provided through a contract from Unilever PLC.

MoinMoin Appliance - Powered by TurnKey Linux