6

I have written a Java application that includes a self updater. The self updater loads new program versions from a web server and replaces the application files. While this works perfectly if the application is installed e.g. in the users home directory, it fails on windows machines if it's installed in the C:\Program Files folder. This is because the JVM is executed under the user’s account which has no write access to the program directory. If a native program, e.g. an installer, tries to write to the program folder, usually a popup appears asking the user to permit the write operation. This doesn’t happen for java applications. Why?

Is there any way to achieve that a write operation of a Java program to a restricted folder brings up the security popup so that the user can permit access to that folder?

Thanks for your responses. According to the answers I see the following options:

  1. Java Web Start
    For me this is not an option for end users. I think that no one can expect from an ordinary end user to know what Java Web Start is, what it’s good for and how it’s used e.g. I doubt that an ordinary Windows user knows how to uninstall a Java Web Start application.

  2. Use an exe-launcher with manifest to launch the Java application
    As far as I understand this solution the exe-launcher would request extended execution right at application start. This is not exactly what I want, cause for my use case it would be sufficient to get extended rights if an update is available and not on every application start.

  3. Perform the update operation by calling a native executable
    One could call a native executable to let it perform the update operation. In this way the application would only request extended rights if an update is available. This sounds not bad but includes some native coding for Windows and doesn’t work on other platforms.

  4. Install a launcher in program folder and the application in user home
    One can place a launcher in the program folder that calls the application that is installed in the user’s home directory. In this way it would be possible to update the application in the user’s home folder. I use InnoSetup for installing my application on Windows and as far as I can see it a split installation is hard to achieve with this installer and probably with other too.

  5. Install the complete application in the user’s home directory
    Because the user has write access to his home directory there is no problem at all. For me this looks like the best option cause of its simplicity.

Improve this question
13
  • Check this: stackoverflow.com/questions/4662574/… Commented Jan 10, 2014 at 19:09
  • In another question you were asking about JWS. Why not install this app. using JWS? It provides auto-update.. Commented Jan 10, 2014 at 19:09
  • 2
    I were UAC, I would block your application immediately and prevent it's execution forever. Who guarantees that you're not introducing malicious executables together with your seemingly innocent java stuff? Commented Jan 10, 2014 at 19:10
  • Place a starter/updater in the Program Files, and let the real application be downloaded to the user's subdirectory .MyApp. And: JWS is simpler than it might appears. Commented Jan 10, 2014 at 19:12
  • 1
    @user2662314 There are lots of apps that use JWS over the internet. ArgoUML immediately comes to mind. However, you know what your requirements are, so ultimately it's your choice. To your problem, I think the authorization popup you refer to is an OS-specific thing. Java being cross-platform, it probably just doesn't support it. You may need to consider making a JNI call, or even developing some other means to update, maybe through a secondary program or something that can use native Windows. Commented Jan 10, 2014 at 19:23

2 Answers 2

Reset to default
4

If you are using inno setup compiler to generate your launcher, then you can change your app directory permission.

For example, if you need full control and want to update files under AppName/data folder

[Dirs]
Name: "{app}"; 
Name: "{app}\data"; Permissions: everyone-full

[Files]
Source: data\*; DestDir: {app}\data\; Flags: ignoreversion recursesubdirs createallsubdirs; Permissions: everyone-full
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I am happy to see this answer here (as I am using exactly inno setup). Howerer this answer can be expanded for more general use: edit permissions for your app folder in program files during installation.
3

Unfortunately the increased permissions need to be requested when you first start the program, you cannot promote to them later. Programs that look like they do that are actually restarting themselves with the higher privs behind the scenes.

I had a problem like this a few years ago with a Java app and in the end I installed the application to the user data folder instead of program files as otherwise the auto-updating was a nightmare. You can still add it to the start menu so to a user it looks exactly like any other program.

Improve this answer

2 Comments

What I don't understand is that, a native program like an installer is also first launched with user rights and then when the program tries to access the program folder it get administrator rights if the user confirms the security popup. So when the program is started it do >not< has increased permission, but gets it on the fly. Where is the difference between e.g. an installer and the Java Virtual Machine? Both are native windows programs and should behave in the same way?
I already answered that. It doesn't - the installer restarts itself and requests the increased permissions as it restarts.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.