Policy
file is a simple ASCII text file, that specifies set of rules, that are used by
java security manager to prevent the application from performing malicious
actions.
Let
me try to explain with an example.
PropertyUtil.java
package com.sample.util; public class PropertyUtil { public static void printProperties() { String osName = System.getProperty("os.name"); System.out.println("osName: " + osName); String javaVersion = System.getProperty("java.version"); System.out.println("javaVersion: " + javaVersion); String userHome = System.getProperty("user.home"); System.out.println("userHome: " + userHome); String javaHome = System.getProperty("java.home"); System.out.println("javaHome: " + javaHome); } }
Test.java
package com.sample.app; import com.sample.util.PropertyUtil; public class Test { public static void main(String args[]){ PropertyUtil.printProperties(); } }
Output
osName: Windows 10 javaVersion: 1.8.0_131 userHome: C:\Users\Krishna javaHome: C:\Program Files\Java\jre1.8.0_131
Now
let’s try to run the same application ‘Test.java’ by enabling security manager.
By default security manager is not enabled in Java applications, you need to
enable it by using the command line option ‘-Djava.securiy.manager’.
How to enable
security manager in Eclipse?
Go to ‘Arguments’ tab and add '-Djava.security.manager'
in VM arguments section.
Click on the button ‘Run’, you can able to see the below
output.
osName: Windows 10 javaVersion: 1.8.0_131 Exception in thread "main" java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read") at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at java.lang.System.getProperty(Unknown Source) at com.sample.util.PropertyUtil.printProperties(PropertyUtil.java:13) at com.sample.app.Test.main(Test.java:7)
As
you observe the output, java runtime throws 'AccessControlException' exception,
while reading the property 'user.home'. It is because, when you ran java
application by enabling security manager, it uses the default java policy file,
that comes with java installation and apply the permissions defined in the
policy file.
Where is the location of
java policy file?
It
is in the 'lib\security' directory of the java installation.
Windows:
java.home\lib\security\java.policy
UNIX:
java.home/lib/security/java.policy
Ex:
C:\Program
Files (x86)\Java\jdk1.8.0_102\jre\lib\security
java.policy
// Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See the API specification of java.lang.Thread.stop() for more // information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on dynamic ports permission java.net.SocketPermission "localhost:0", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; };
How to run above
program without error?
By
adding below statements to the java.policy file, we can run the program
permission
java.util.PropertyPermission "user.home", "read";
permission
java.util.PropertyPermission "java.home", "read";
Note
Properties like "user.home", "java.home" are security sensitive, it is recommended to not give permissions to the application about the location of user home directory and java home directory.
Properties like "user.home", "java.home" are security sensitive, it is recommended to not give permissions to the application about the location of user home directory and java home directory.
No comments:
Post a Comment