|
Training Index
[<<BACK] [CONTENTS] [NEXT>>]
A security manager is a Java virtual machine (VM) object that implements
a security policy. By default, the Java 2® platform software provides a
security manager that disallows all access to local system
resources apart from read and write access to the directory and its subcirectories
where the program is invoked.
You can extend the default security manager to implement customized
verifications and approvals for applets and applications, but the
implementation must include the appropriate access verification code
for every checkXXX method you override.
If you do not include this code, no access verfication check
happens, and your code breaches the system security policy.
This section uses an example application to explain how to write a
custom security manager that prompts the end user for password
identification before reading from and writing to specific
files. The implementation includes access verification code
so once the end user makes it through the password check, he or she
still needs the file read and write permissions in their policy file.
The example consists of the FileIO application,
and the PasswordSecurityManager program that provides
the custom security manager implementation.
The FileIO Program
The FileIO program displays
a simple user interface and asks the end user to enter some text.
When the end user clicks the Click Me button,
the text is saved to a file in the end user's home directory,
and a second file is opened and read. The text read from
the second file is displayed to the end user.
Before Button Click |
After Button Click |
The custom security manager for this program prompts the
end user to enter a password before it allows FileIO
to write text to or read text from a file. The main
method of FileIO creates a custom security manager
called PasswordSecurityManager.
public static void main(String[] args){
BufferedReader buffy = new BufferedReader(
new InputStreamReader(System.in));
try {
System.setSecurityManager(
new PasswordSecurityManager("pwd", buffy));
} catch (SecurityException se) {
System.err.println("SecurityManager already set!");
}
|
The PasswordSecurityManager Class
The
PasswordSecurityManager
class declares two private instance variables, which are initialized by
the constructor when the custom security manager is installed.
The password instance variable contains the
actual password, and the buffy instance variable
is an input buffer that stores the end user's password input.
public class PasswordSecurityManager
extends SecurityManager{
private String password;
private BufferedReader buffy;
public PasswordSecurityManager(String p,
BufferedReader b){
super();
this.password = p;
this.buffy = b;
}
|
The accessOK method prompts
the end user for a password, verifies the password, and returns
true if the password is correct and false
if it is not.
private boolean accessOK() {
int c;
String response;
System.out.println("Password, please:");
try {
response = buffy.readLine();
if (response.equals(password))
return true;
else
return false;
} catch (IOException e) {
return false;
}
}
|
Verify Access
The SecurityManager parent class provides methods
to verify file system read and write access. The checkRead
and checkWrite methods each have a version that accepts
a String and another verion that accepts a file descriptor.
This example overrides only the String versions
to keep the example simple, and because the FileIO
program accesses directories and files as Strings.
public void checkRead(String filename) {
if((filename.equals(File.separatorChar + "home" +
File.separatorChar + "monicap" +
File.separatorChar + "text2.txt"))){
if(!accessOK()){
super.checkRead(filename);
throw new SecurityException("No Way!");
} else {
FilePermission perm = new FilePermission(
File.separatorChar + "home" +
File.separatorChar + "monicap" +
File.separatorChar + "text2.txt", "read");
checkPermission(perm);
}
}
}
public void checkWrite(String filename) {
if((filename.equals(File.separatorChar + "home" +
File.separatorChar + "monicap" +
File.separatorChar + "text.txt"))){
if(!accessOK()){
super.checkWrite(filename);
throw new SecurityException("No Way!");
} else {
FilePermission perm = new FilePermission(
File.separatorChar + "home" +
File.separatorChar + "monicap" +
File.separatorChar + "text.txt" ,
"write");
checkPermission(perm);
}
}
}
}
|
The checkWrite method is called before the end user
input is written to the output file. This is because
the FileOutputStream class calls
SecurityManager.checkWrite first.
The custom implementation for SecurityManager.checkWrite
tests for the pathname /home/monicap/text.txt,
if true prompts the end user for the password.
If the password is correct, the checkWrite
method performs the access check by creating an instance
of the required permission and passing it to the
SecurityManager.checkPermission method.
This check will succeed if the security manager finds a
system, user, or program policy file with the specified
permission.
Once the write operation completes, the end user is prompted for
the password two more times. The first time to read the
/home/monicap directory, and the
second time to read the text2.txt file. An
access check is performed before the read operation takes place.
Policy File
Here is the policy file the FileIO program
needs for its read and write operations. It also grants
permission to the custom security manager to access the event
queue on behalf of the application and show the application window
without the warning banner.
grant {
permission java.io.FilePermission
"${user.home}/text.txt", "write";
permission java.util.PropertyPermission
"user.home", "read";
permission java.io.FilePermission
"${user.home}/text2.txt", "read";
permission java.awt.AWTPermission
"accessEventQueue";
permission java.awt.AWTPermission
"showWindowWithoutWarningBanner";
};
|
Run the FileIO Program
Here is how to run the FileIO
program with the policy file:
java -Djava.security.policy=polfile FileIO
Reference Information
Appendix A: Security and Permissions
describes the available permissions and explains the consequences of
granting permissions. One way to use this
information is to help you limit what permissions a given applet or
application might need to successfully execute. Another way to use
this information is to educate yourself on the ways in which a
particular permission can be exploited by malicious code.
Appendix B: Classes, Methods, and Permissions
provides lists of Java 2 platform software methods that are implemented to
perform security access checks, the permission each requires, and
the java.security.SecurityManager method called to
perform the access check.
You can use this reference to write your own security manager
implementations or when you implement abstract methods that
perform security-related tasks.
Appendix C: SecurityManager Methods lists
the permissions checked for by the SecurityManager
methods.
[TOP]
| 
Print-friendly Version
