Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[birt-dev] Birt Runtime integration : with JWS ? : Security issue

Hi all,

I have a question concerning BIRT runtime integration.

I work on a software project in a JBoss env. for a major software company,
and have integrated BIRT on the client side, as it meets all our needs,
well almost... :

Our Swing client (GUI), is distributed via Java Web Start, and the idea
was to install (unzip) the BIRT runtime on the client, from a install
package, and accessing it from the JWS (java web  start) client.

When I set the BIRT runtime location from the app. distributed via Java
WebStart and run it, I get a java Security exception, which in fact, is
quite logical. JWS Security rules, implies, that every .jar archive has to
be signed AND loaded in the same classloader...Also, if I give the most
permissive configuration in the .jnlp file, I can write and read anyware
on the client PC. But, execution is not aloud..So, when I try to launch
the BIRT runtime, I get a security exception.

I tried signing the BIRT runtime jars, but of course, as they are not
loaded from the same classloader, I get the same Java Security exception.

The only way, I found, to overcome this problem, is to modify the java
security policy, in order to give full access to the JWS client gui. This
solution works fine, but I find it dirty, and not buisness-wize : I will
have to ask my customers to modify there current JRE java security policy
file, which might not please them...

The main issue, is that the BIRT runtime and api does not offer the
possibility of embedding the runtime in my application. This is for me, a
big issue, as more and more software companies use JWS to distribute their
clients..So if BIRT wants to survive in J2EE envs. we have to find a
solution without modifying the policy file.

Has anybody come accross this issue or has ideas ?

Big thanks,

Marc Rochat (Switzerland)

P.S. In the mailing list, there was a question concerning the fact of
"embedding" the BIRT runtime "IN" the developped application without
pointing on a folder (i.E. birt-runtime.1.2.2/ReportEngine) answer

Back to the top