A Java web server - JavaTech: An Introduction to Scientific and Technical Computing with Java

Java Reference

In-Depth Information

14.5.3 More Java security

Java security is a huge topic that involves not only the security manager but many

other issues such as cryptography, public/private keys, certificates, etc. Even a

thorough discussion of permissions and the policy file is beyond the scope of

this topic. (See references [5, 6] for more information and tutorials about Java

security capabilities.) However, as we see above, the basics of setting permissions

are fairly straightforward.

Besides the java.io.FilePermission class, there are a number of per-

mission classes that represent the various types of access to external resources

that the security manager controls. They include

java.security.AllPermission

java.security.SecurityPermission

java.awt.AWTPermission

java.io.FilePermission

java.io.SerializablePermission

java.lang.reflect.ReflectPermission

java.lang.RuntimePermission

java.net.NetPermission

java.net.SocketPermission

java.util.PropertyPermission

and several others. For a complete listing, see the reference for the Permissions in

the Java SDK document at http://java.sun.com [6] . These classes are

all subclasses of java.security.Permission .

The basic format of the grant statement goes as

grant codeBase "URL"{

permission permission - class - name1 "target - name", "action";

permission permission - class - name2 "target - name", "action";

...

};

A more elaborate form of the grant statement includes information on where

to find certificates with the public keys needed to decode programs signed with

private keys.

The codebase item indicates the location of the code to which you are granting

a permission. If you load a class from a different location, then the permission

does not apply to it. If the codebase is empty then the permissions apply to code

from any location. In the example in the previous section, we used the “ file: „

type of URL for referencing a local file.

Some of the permissions require a target name and a listing of the particu-

lar actions allowed. See, for example, the java.io.FilePermission case

mentioned in the previous section.

Yo u can make the policy files by hand, but an alternative is to use the

policytool program supplied with the SDK. It provides a graphical interface

Search WWH ::

Custom Search

Home