Cytoscape Wiki|
← Revision 2 as of 2006-03-07 21:35:54
Size: 2455
Comment:
|
← Revision 3 as of 2006-03-17 19:14:07 →
Size: 2939
Comment: just some formating
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 18: | Line 18: |
|
## Policy.setPolicy( new Policy() { ## public P''''''ermissionCollection ## getPermissions(C''''''odeSource codesource) { ## Permissions perms = new Permissions(); ## perms.add(new A''''''llPermission()); ## return(perms); ## } ## public void refresh(){} ## }); {{{#!java |
|
| Line 19: | Line 30: |
|
public P''''''ermissionCollection getPermissions(C''''''odeSource codesource) { |
public PermissionCollection getPermissions(CodeSource codesource) { |
| Line 22: | Line 33: |
| perms.add(new A''''''llPermission()); | perms.add(new AllPermission()); |
| Line 27: | Line 38: |
| }}} | |
| Line 38: | Line 50: |
| {{{ | |
| Line 39: | Line 52: |
| }}} | |
| Line 42: | Line 56: |
| h''''''ttp://localhost:8080/cpath/jsp/cytoscape/java.policy |
## h''''''ttp://localhost:8080/cpath/jsp/cytoscape/java.policy {{{ http://localhost:8080/cpath/jsp/cytoscape/java.policy }}} |
| Line 46: | Line 64: |
|
## grant { ## permission java.net.S''''''ocketPermission "toro.cbio.mskcc.org:8080", "connect"; ## }; {{{ |
|
| Line 47: | Line 70: |
| permission java.net.S''''''ocketPermission "toro.cbio.mskcc.org:8080", "connect"; | permission java.net.SocketPermission "toro.cbio.mskcc.org:8080", "connect"; |
| Line 49: | Line 72: |
| }}} |
This is an interesting issue that needs to be explored further. For the future, here are some notes.
Iain Keddie (Glaxo Smith-Kline), emailed me about creating a WebStart version of Cytoscape that includes the cPath PlugIn. He used the example JNLP files on cytoscape.org, but when he tries to search cPath, he gets a security AccessControl exception. His JNLP file sets the security permissions to all-permissions, but it still looks as if Cytoscape is running in a security sandbox, and network connectivity is blocked.
I think the root of the problem is that Cytoscape uses a custom Java class loader to load PlugIns.
I also found this interesting post on the web:
http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=53&t=000106
In a nutshell, it says that the all-permissions security flag in JNLP does not propogate to custom class loaders. And, since cpath.jar is loaded via the custom class loader, I think it gets loaded into a protective security sandbox, which prevents network access (among other things).
The only fix I could come up with is to programmitically set the security policy within the Cytoscape core itself:
1 Policy.setPolicy( new Policy() {
2 public PermissionCollection
3 getPermissions(CodeSource codesource) {
4 Permissions perms = new Permissions();
5 perms.add(new AllPermission());
6 return(perms);
7 }
8 public void refresh(){}
9 });
10
I tried doing this in the cpath.jar, but doing this raised an access control exception itself.
Adding the above code fixed the problem, but this may only be a band-aid solution, and I haven't committed my changes. I think the full solution may require more changes to the Cytoscape core. I'll log the bug to our bug tracker, and also ask a few other Cytoscape developers.
There is another (possible) option:
add the following to the jnlp file:
<property name="java.security.policy" value="someURL" />
where some url is a url like:
http://localhost:8080/cpath/jsp/cytoscape/java.policy
and refers to a file which contains something like:
grant {
permission java.net.SocketPermission "toro.cbio.mskcc.org:8080", "connect";
};See the following urls for more info:
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html#RelatedDoc BR http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html#SocketPermission