0

I have a Java Web-Start-based application, which utilizes several native ".exe" utilities. All jars are signed and the app gets all possible permissions from the user ( <security><all-permissions/></security> in the .jnlp descriptor). The problem is that one of those ".exe" utilities tries to open and listen on some port, which causes the standard Windows Firewall window to pop-up. Example:

Example
(source: 7tutorials.com)

I want users not to be presented with any messages of that kind after they have agreed to give my app unrestricted permissions during the JNLP launch. As far as I know, programmatically adding firewall rules can be either performed using the netsh tool, or by messing with the registry, both of which requires Admin permissions.

I tried to play around with Elevation PowerToys, calling them from Java, but they pop up another message, explicitly requesting the admin rights.

Question: Is there any way to add a rule for my ".exe" utility into Windows Firewall, without irritating users by additional permission requests?

Community
  • 1
  • 1
Alex Fedulov
  • 1,442
  • 17
  • 26

1 Answers1

1

You're mixing up security domains here - the java security model, and the permissions you grant to apps that are being executed by jnlp are separate to those that windows understands. The standard jnlp application that is launched is running as an ordinary application, without elevation.

I don't think it's possible without requesting elevation; and you seem to have a good handle on that already.

Anya Shenanigans
  • 91,618
  • 3
  • 107
  • 122
  • Thank you for your answer. I do understand the difference between the security domains, but was just hoping that maybe there is a possibility to integrate the admin permissions request into the initial "Do you trust that app?" JNLP dialog. Apparently there is not. – Alex Fedulov Jun 28 '12 at 11:24
  • Unfortunately, no, it's not possible. The java security dialog is not connected to the windows security dialog. The only way to accomplish all the tasks at once would be if the 'Do you trust that app' dialog from java was elevated – Anya Shenanigans Jun 28 '12 at 13:11