[Almanac 1.4]
By default, no security manager is enabled which means that all security checks to protected resources and operations are disabled. To enable security checks, the security manager must be enabled.
Once enabled, policy files determine the type of access an entity has on a resource.
This example enables the security manager.
// Before the security manager is enabled, this call is possible
System.setProperty("java.version", "malicious data");
try {
// Enable the security manager
SecurityManager sm = new SecurityManager();
System.setSecurityManager (sm);
} catch (SecurityException se) {
// SecurityManager already set
}
// This call is no longer possible; an AccessControlException is thrown
System.setProperty("java.version ", "malicious data");
The security manager can also be installed from the command line:
> java -Djava.security.manager MyApp
By default, the JDK uses the policy files located in
file: ${java.home}/lib/security/java.policy
file: ${user.home}/.java.policy
These policy files are specified in the default security file: ${java.home}/lib/security/java .security
The final policy is the union of all granted permissions in all policy files. To specify an additional policy file, you can set the java.security.policy system property at the command line:
> java -Djava.security.manager -Djava.security.policy=someURL MyApp
or
> appletviewer - J-Djava.security.policy=someURL HTMLfile
To ignore the policies in the java.security file, and only use the specified policy, use `==' instead of `=':
> java -Djava.security.manager -Djava.security.policy==someURL MyApp
Subscribe to:
Post Comments (Atom)
1 comment:
Very good your explanation q hope you can help me on other questions
Post a Comment