then it would allow the application to delete those files in
the directory C:\Java\apps\
that end with the ".tmp"
suffix but no others. We will discuss more about the details
of policy file and permissions in the More
Security section.
The application installs the security manager from the command
line, rather than in the program, and specifies the policy file
using the "-D"
option as in:
c:>
java -Djava.security.manager -Djava.security.policy=myRules.policy
MyApp
This approach to configuring the security for access to the
system provides for much greater flexibility and clarity than
customizing a SecurityManager
subclass that must be recompiled after every modification..
File
Access Control
We use our server to illustrate how to set up security permissions
for file access. In MicroServer
there is no protection against the client requesting any file
on the system.
To control access to where the application can reach files,
we use the policy file microServer.policy
in which we put:
grant
codeBase "file:C:/Java/MicroServer/Secure/" {
permission java.net.SocketPermission "localhost:1024-",
"accept,connect,listen";
permission java.io.FilePermission "/-", "read";
}; |
The server must access a socket and since this is an external
resource, a permission statment is required. So we permit the
program to
listen for,
accept, and
connect
with any socket via port 1024 and up by using the symbol "1024-".
Similarly, for the file permission case we indicate with "/-"
that the program can access files in the server directory and
any subdirectories but not above this directory.
We put this policy into the directory c:\Java\MicroServer\Secure\
(note that the grant statement must use forward slashes regardless
of the platform) where we also put the server code.
To catch the instances of SecurityException
that can now be thrown, we create a new version of the thread
class Worker
that is identical the previous version except that it adds a
catch
statement in the run()
method as shown below:
...
Method run() in Worker
class is modified as follows ...
....
} catch (FileNotFoundException
e) {
// If
no such file, then send the famous 404 message.
pw_client_out.println
.println ("404 Object Not Found");
}
catch (SecurityException
se) {
// An
attempt was made to read a file
// in
a forbidden location.
pw_client_out.println
.println ("403 Forbidden" );
}
} else {
pw_client_out.println
.println ("400 Bad Request");
}
} catch (IOException e) {
System.out.println ("I/O error
" + e);
}
...
|
We rename the program to MicroServerSecure,
though it's code is identical to the MicroServer
class, simply to indicate that we are working with the new version
of Worker.
We run this server with the following command line:
java
-Djava.security.manager -Djava.security.policy=microServer.policy
MicroServerSecure
(which should be on one continuous line). The client browser
shows the following when we attempt to download the restricted
file:
The security exception was thrown when the attempt to access
restricted.html
was made. It then sent the "403
Forbidden" message.
References & Web
Resources