Very simple signed Webtart app throwing AccessControlException

[aid...@gmail.com]

I have a Webstart app deployed locally on a Tomcat server. It's signed
using keytool/jarsigner with the 1.4.2_06 JDK and my own generated
certificate, and only one JAR file is used containing two classes - no
3rd party JARs or anything like that. It's a simple Swing application
which creates a Preferences object like so:

Preferences prefs =
java.util.prefs.Preferences.userNodeForPackage(TicTacToe.class);

I access the code like this:

http://192.168.1.100:8080/Test/Test.jnlp

When the app runs, I don't get the Security warning dialog which I
expect for a signed JAR. The app runs automatically and I see this
exception in the console:

Exception in thread "AWT-EventQueue-0"
java.security.AccessControlException: access denied
(java.lang.RuntimePermission preferences)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.util.prefs.Preferences.userRoot(Unknown Source)
at java.util.prefs.Preferences.userNodeForPackage(Unknown Source)

My JNLP file seems correct and has the

<security>
<all-permissions/>
</security>

block to grant all permissions.

What could be going wrong here? From what I've read, a self-signed cert
should work, and should show a Security dialog warning not to run the
application. I'm running with Java Web Start 1.5.0_02.

I'd appreciate any ideas!

[aid...@gmail.com]

That's WebStart, not Webtart :)

[Aidan]

Ok, I got it going. For reference what I did wrong was that I had this
block:

<security>
<all-permissions/>
</security>

in the wrong place in the JNLP file. I misplaced it under the
<information> tag and due to this the app was running the app as a
regular non-signed application.

I do find it odd though, that even though my jar file was signed, I
didn't receive any security dialog on startup.