The problem was documented here
www.mail-archive.com/poi-user@jakarta.apache.org/msg01251.html and "Andy"
requested for a patch.

My own context (by the way quite common) for the pb is :
- An applet (or a JavaWebStart client application) should by signed with a
certificate and jarsigner to read system property (the JVM "sandbox"). iText,
Swing Look And Feels and all external libraries are not signed and need not
hopefully to be signed (except poi).

- My app is a JavaWebStart app (but the pb will certainly be the same with an
applet). My app's jar is signed. The poi's jar (2.5) is not signed (and it is
referenced in a JWS extension jnlp). The pb can be reproduced in JRE 1.4.2_01
and in JRE 1.5.0 beta.

- The exception is (JVM security restriction) :
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.name read)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
	at java.lang.System.getProperty(Unknown Source)
	at org.apache.poi.hssf.model.Workbook.createWriteAccess(Workbook.java:807)
	at org.apache.poi.hssf.model.Workbook.createWorkbook(Workbook.java:232)
	at org.apache.poi.hssf.usermodel.HSSFWorkbook.<init>(HSSFWorkbook.java:126)


In the initial message above, Andrew requested for a patch, here it is :

WorkBook
protected Record createWriteAccess() {
        WriteAccessRecord retval = new WriteAccessRecord();

        try {
                retval.setUsername(System.getProperty("user.name"));
        } catch (java.security.AccessControlException e) {
                // AccessControlException can occur in a restricted context
                // (client applet/jws application or restricted security server)
                retval.setUsername("POI");
        }
        return retval;
    }

Don't hesitate to mail me if needed.