Java Reference
In-Depth Information
custom class loader, rather than from the class path, I haven't bothered to give it a
package
statement.
Example 6−3: SecureService.java
import com.davidflanagan.examples.net.*; // Note no package statement here.
import java.io.*;
/**
* This is a demonstration service. It attempts to do things that may
* or may not be allowed by the security policy and reports the
* results of its attempts to the client.
**/
public class SecureService implements Server.Service {
public void serve(InputStream i, OutputStream o) throws IOException {
PrintWriter out = new PrintWriter(o);
// Try to install our own security manager. If we can do this,
// we can defeat any access control.
out.println("Trying to create and install a security manager...");
try {
System.setSecurityManager(new SecurityManager());
out.println("Success!");
}
catch (Exception e) { out.println("Failed: " + e); }
// Try to make the Server and the Java VM exit.
// This is a denial of service attack, and it should not succeed!
out.println();
out.println("Trying to exit...");
try { System.exit(-1); }
catch (Exception e) { out.println("Failed: " + e); }
// The default system policy allows this property to be read
out.println();
out.println("Attempting to find java version...");
try { out.println(System.getProperty("java.version")); }
catch (Exception e) { out.println("Failed: " + e); }
// The default system policy does not allow this property to be read
out.println();
out.println("Attempting to find home directory...");
try { out.println(System.getProperty("user.home")); }
catch (Exception e) { out.println("Failed: " + e); }
// Our custom policy explicitly allows this property to be read
out.println();
out.println("Attempting to read service.tmp property...");
try {
String tmpdir = System.getProperty("service.tmp");
out.println(tmpdir);
File dir = new File(tmpdir);
File f = new File(dir, "testfile");
// Check whether we've been given permission to write files to
// the tmpdir directory
out.println();
out.println("Attempting to write a file in " + tmpdir + "...");
try {
new FileOutputStream(f);
