Hades logoHades applet banner

About the Hades Java Policy (Applet Permissions) Editor

This web page hosts a small tool that helps you to modify the security settings of your Java virtual machine. While most of the Hades applets on this website will run without any extra setup on current browsers, the user experience can be improved by granting extra permissions to the applets. For example:
  • you might want to load and save design files,
  • you might want to print the applets,
  • you might want to provide network access to the applets,
  • the text-to-speech output via FreeTTS requires audio-permissions,
  • running Jython scripts requires certain property-accesses and class-loader creation,
  • etc.
The tool described and offered for download on this page allows you to modify the Java security settings accordingly. You can either click the webstart link below to start the tool (easy, but potentially unsecure), or download the source code and then compile and run the tool (more work, but you are in full control).

Notes about Java applet security

For obvious and good reasons, severe security restrictions apply to Java applets downloaded from the web. Unless you tell your browser and Java plug-in that an applet should be considered trustworthy, it is denied all security-relevant functions: windows created by the applet carry a warning banner ("applet window"), all file and most network operations are denied, printing is disabled, as are many other operations.

However, the fine-grained security mechanism used by Java allows you to grant extra permissions to certain applets, where the applets are identified via their so-called codebase (or webserver URL). These settings are managed in a central Java security configuration file, called .java.policy, and located in your home directory. Please check your Java documentation for details about creating and editing the policy file. Sun Microsystems provides a program called policytool as part of their Java virtual machines (JDK/JRE). Unfortunately, that program is rather user-unfriedly and difficult to use. Naturally, it is also possible to just edit the policy file with your favorite text editor; just make sure not to introduce any syntax errors. The following .java.policy file provides an example of the settings required to access (load and save) files, and to run the text-to-speech demos. Note that you will have to restart your browser after changing your .java.policy file for the settings to take effect.

(While our sample configuration file also includes an example (commented out) of the AllPermission setting, this should only be used during applet development or when all else fails. Visiting an unknown website with the AllPermission setting in effect is not a good idea.)

Downloading and running the Policy Editor

Our Java Policy Editor is based on a very simple user-interface:


Just run the tool, and it will show the location of your .java.policy configuration file in the status panel. Then use the following five simple steps:

  1. click the Read .java.policy button to display the current contents of your Java policy file.
  2. click the Add Hades applet permissions button to automatically append the permissions required to run the Hades applets. You can now add or remove extra permissions by typing into the editor window.
  3. click the Save to .java.policy button to save the current editor contents as your new Java policy file. The old file is renamed and kept as a backup in your home directory.
  4. click the Exit button to exit the program.
  5. restart your browser to ensure that the Java virtual machine picks up the new settings. There will be no visible changes for most of the applets, but the additional permissions will be in effect.
Naturally, if you just press Exit without ever clicking the Save button, your existing policy file will be left unchanged. The backup files are kept in your home directory, tagged with the date and time they allow you to restore any changes you made.

To run the JavaPolicyEditor, either click the webstart button below, or select one of the download links:

  • (JavaPolicyEditor.jar) via Java Webstart.

  • JavaPolicyEditor.jar. Download the JAR-archive with sources and the precompiled binary, then run java -jar JavaPolicyEditor.jar

  • JavaPolicyEditor.zip. Download the Zip-archive with the source code, unpack the archive, read and scrutinize the source code, compile JavaPolicyEditor.java, then run java JavaPolicyEditor.

Impressum http://tams.informatik.uni-hamburg.de/applets/hades/webdemos/java-policy-editor.html