Java Reference
In-Depth Information
14.5.3 More Java security
Java security is a huge topic that involves not only the security manager but many
other issues such as cryptography, public/private keys, certificates, etc. Even a
thorough discussion of permissions and the policy file is beyond the scope of
this topic. (See references [5, 6] for more information and tutorials about Java
security capabilities.) However, as we see above, the basics of setting permissions
are fairly straightforward.
Besides the
java.io.FilePermission
class, there are a number of per-
mission classes that represent the various types of access to external resources
that the security manager controls. They include
java.security.AllPermission
java.security.SecurityPermission
java.awt.AWTPermission
java.io.FilePermission
java.io.SerializablePermission
java.lang.reflect.ReflectPermission
java.lang.RuntimePermission
java.net.NetPermission
java.net.SocketPermission
java.util.PropertyPermission
and several others. For a complete listing, see the reference for the
Permissions in
the Java SDK
document at
http://java.sun.com [6]
. These classes are
all subclasses of
java.security.Permission
.
The basic format of the
grant
statement goes as
grant codeBase "URL"{
permission permission
-
class
-
name1 "target
-
name", "action";
permission permission
-
class
-
name2 "target
-
name", "action";
...
};
A more elaborate form of the
grant
statement includes information on where
to find certificates with the public keys needed to decode programs signed with
private keys.
The codebase item indicates the location of the code to which you are granting
a permission. If you load a class from a different location, then the permission
does not apply to it. If the codebase is empty then the permissions apply to code
from any location. In the example in the previous section, we used the
“
file:
„
type of URL for referencing a local file.
Some of the permissions require a target name and a listing of the particu-
lar actions allowed. See, for example, the
java.io.FilePermission
case
mentioned in the previous section.
Yo u can make the policy files by hand, but an alternative is to use the
policytool
program supplied with the SDK. It provides a graphical interface
Search WWH ::
Custom Search