Java Reference
In-Depth Information
Figure 14.2
A web page with a single text line in delivered by
MicroServer
to a
browser.
14.5 A more secure server
The
MicroServer
has a serious security problem. It allows access to almost any
file on the server's host computer. For example, suppose the server runs on the
site
www.myschool.edu
with port 2222 and the client connects with a URL
such as:
http://www.myschool.edu:2222/../restricted.html
The
“
..
„
refers to the directory above the directory where the server code is
located. In that case, the file
restricted.html
would be delivered to our
inquisitive client.
To control access to resources in Java programs, an elaborate system involv-
ing the
SecurityManager
class, policy files, permissions, and other tools are
available. Security is a big issue in Java so we can only touch here on a few
aspects of it. In the following sections we show the basics of how to make our
server program more secure.
14.5.1 The security manager
To restrict a Java program's access to system resources, you can load a
SecurityManager
object that controls access to external resources. An
instance of the
SecurityManager
class must be installed when an applica-
tion first begins. If not, then the default
null
security manager puts the server
into a completely unrestricted state. (For applets running in a browser JVM, the
security manager severely restricts the actions allowed.)
Before Java 1.2 you needed to create a subclass of
SecurityManager
and customize it for your security requirements. The
SecurityManager
class
holds many methods of the form
check
X
(params)
, such as
checkDelete
(String file)
, that throw an instance of
SecurityException
when they
wish to block an attempt to execute the particular action
X
. The subclass must
override those methods for the actions that you want to allow or to block only
in particular circumstances. For example, in the case of deleting a file, your
Search WWH ::
Custom Search