Java Security Manager and Policy Files

Posted on November 6, 2012. Filed under: java/j2EE |


The following is the demonstration of how to use java Security Manager and Policy Files.

#cat /tmp/testfile.txt
test SeurityManager
#touch HelloFile.java
#vi HelloFile.java
#cat HelloFile.java
import java.io.*;
public class HelloFile {
public static void main(String [] args) {
try{
BufferedReader br = new BufferedReader(new FileReader(“/tmp/testfile.txt”));
System.out.println(br.readLine());
}catch(Exception e){
e.printStackTrace();
}
}
}
#javac HelloFile.java
#ls HelloFile.*
HelloFile.class HelloFile.java
#java HelloFile
test SeurityManager
#java -Djava.security.manager HelloFile
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/testfile.txt read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.FileInputStream.<init>(FileInputStream.java:113)
at java.io.FileInputStream.<init>(FileInputStream.java:79)
at java.io.FileReader.<init>(FileReader.java:41)
at HelloFile.main(HelloFile.java:5)
#pwd
/Users/homenetwork
#vi HelloFile.policy
#cat HelloFile.policy
grant codeBase “file:/Users/homenetwork/*” {
permission java.io.FilePermission “/tmp/*”, “read”;
};
#java -Djava.security.manager -Djava.security.policy=/Users/homenetwork/HelloFile.policy HelloFile
test SeurityManager
#

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: