Java Reference
In-Depth Information
higher (by using the symbol
“
1024-
„
). Similarly, we give permission for file
access to the server's directory and to its subdirectories with the
“
/-
„
parameter.
We put this policy into the directory
c:
\
Java
\
MicroServer
\
Secure
\
where we also put the server code. (The
grant
statement must always use forward
slashes regardless of the platform.)
To catch the instances of
SecurityException
that can now be thrown, we
create a new version of the server called
MicroServerSecure
that is identical
to
MicroServer
except that its
Worker
class adds a new
catch
statement in
the
run()
method as shown below in bold:
...
Method
run()
in modified
Worker
class for
MicroServerSecure
...
}
catch (FileNotFoundException e) {
// If no such file, then send the famous 404 message.
pw
-
client
-
out.println (
"
404 Object Not Found
"
);
}
catch (SecurityException se)
{
// An attempt was made to read a file
// in a forbidden location.
pw
-
client
-
out.println (
"403 Forbidden"
);
}
}
else {
pw
-
client
-
out.println ("400 Bad Request");
}
}
catch (IOException e) {
System.out.println ("I/O error " + e);
}
...
Now we run this server with
c:> java -Djava.security.manager -Djava.security.policy
=microServer.policy MicroServerSecure
(This should be one continuous line on a Windows platform or entered with line-
continuation characters on Unix or Linux.) When a client browser attempts to
access the file in the restricted area, the server now sends the
“
403 Forbidden
„
message.
Search WWH ::
Custom Search