This is an interesting issue that needs to be explored further.  For the future, here are some notes.

Iain Keddie (Glaxo Smith-Kline), emailed me about creating a W''''''ebStart version of Cytoscape that includes the cPath P''''''lugIn.  He used the example JNLP files on cytoscape.org, but when he tries to search cPath, he gets a security A''''''ccessControl exception.  His JNLP file sets the security permissions to all-permissions, but it still looks as if Cytoscape is running in a security sandbox, and network connectivity is blocked.

I think the root of the problem is that Cytoscape uses a custom Java class loader to load P''''''lugIns.

I also found this interesting post on the web:

http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=53&t=000106

In a nutshell, it says that the  all-permissions security flag in JNLP does not propogate to
custom class loaders.  And, since cpath.jar is loaded via the custom class loader, I think it gets
loaded into a protective security sandbox, which prevents network access (among other things).

The only fix I could come up with is to programmitically set the security policy within the
Cytoscape core itself:

## Policy.setPolicy( new Policy() {
##   public P''''''ermissionCollection
##   getPermissions(C''''''odeSource codesource) {
##     Permissions perms = new Permissions();
##     perms.add(new A''''''llPermission());
##     return(perms);
##   }
##   public void refresh(){}
## });

{{{#!java
Policy.setPolicy( new Policy() {
  public PermissionCollection
  getPermissions(CodeSource codesource) {
    Permissions perms = new Permissions();
    perms.add(new AllPermission());
    return(perms);
  }
  public void refresh(){}
});
}}}

I tried doing this in the cpath.jar, but doing this raised an access
control exception itself.

Adding the above code fixed the problem, but this may only be a band-aid solution, and I haven't committed my changes.  I think the full solution may require more changes to the Cytoscape core.  I'll log the bug to our bug tracker, and also ask a few other Cytoscape
developers.

There is another (possible) option:

add the following to the jnlp file:

{{{
<property name="java.security.policy" value="someURL" />
}}}

where some url is a url like:

## h''''''ttp://localhost:8080/cpath/jsp/cytoscape/java.policy

{{{
http://localhost:8080/cpath/jsp/cytoscape/java.policy
}}}

and refers to a file which contains something like:

## grant {
##     permission java.net.S''''''ocketPermission "toro.cbio.mskcc.org:8080", "connect";
## };

{{{
grant {
    permission java.net.SocketPermission "toro.cbio.mskcc.org:8080", "connect";
};
}}}

See the following urls for more info:

http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html#RelatedDoc <<BR>>
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html#SocketPermission