Java Reference
In-Depth Information
Figure 14.2
A web page with a single text line in delivered by MicroServer to a
browser.
14.5 A more secure server
The MicroServer has a serious security problem. It allows access to almost any
file on the server's host computer. For example, suppose the server runs on the
site www.myschool.edu with port 2222 and the client connects with a URL
such as:
http://www.myschool.edu:2222/../restricted.html
The .. refers to the directory above the directory where the server code is
located. In that case, the file restricted.html would be delivered to our
inquisitive client.
To control access to resources in Java programs, an elaborate system involv-
ing the SecurityManager class, policy files, permissions, and other tools are
available. Security is a big issue in Java so we can only touch here on a few
aspects of it. In the following sections we show the basics of how to make our
server program more secure.
14.5.1 The security manager
To restrict a Java program's access to system resources, you can load a
SecurityManager object that controls access to external resources. An
instance of the SecurityManager class must be installed when an applica-
tion first begins. If not, then the default null security manager puts the server
into a completely unrestricted state. (For applets running in a browser JVM, the
security manager severely restricts the actions allowed.)
Before Java 1.2 you needed to create a subclass of SecurityManager
and customize it for your security requirements. The SecurityManager class
holds many methods of the form check X (params) , such as checkDelete
(String file) , that throw an instance of SecurityException when they
wish to block an attempt to execute the particular action X . The subclass must
override those methods for the actions that you want to allow or to block only
in particular circumstances. For example, in the case of deleting a file, your
Search WWH ::




Custom Search