Policies and Permissions
• Policies are rules that apply to specific classes and/or sets of functionality.
• Permissions are authorized or restricted actions that a class or method is allowed to perform.
• Policies define permissions.
• Some clients may not want specific Java classes or methods executed on their machines.
- Example: Java users can restrict files from being edited or information about their JVM from being read.
• Most policies are defined in policy files.
- The main policy file java.policy can be located in the %JAVA_HOME%\jre\lib folder.
- Another common policy file is .java.policy (note the period at the beginning of the file name) which is
specifically for an individual user. Not all users have one – if one does exist it is in their home directory
(where are their login/profile information is stored).
• The following is an exmaple of a java.policy file.
grant {
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
};
• To help Java clients to set these permissions and policy files, Java provides the policytool.
- The policytool can be found in the bin %JAVA_HOME%\directory.
• A lot more could be said about permissions, policies and client-side security.
- However, when developing applications, our concerns usually focus in on the server.
- Clients can set whatever permissions they want.
- In most cases, clients rarely ever change their policies or permissions for Java applications.
• For this reason, we will move on to looking at the Java API’s related to security.
- For the rest of this class we will focus on looking at security that protects us, our applications and our
data.
- Client side security isn’t unimportant – but application security and data passed between our
applications and clients has more serious and potentially dangerous consequences if not handled properly.
• Policies are rules that apply to specific classes and/or sets of functionality.
• Permissions are authorized or restricted actions that a class or method is allowed to perform.
• Policies define permissions.
• Some clients may not want specific Java classes or methods executed on their machines.
- Example: Java users can restrict files from being edited or information about their JVM from being read.
• Most policies are defined in policy files.
- The main policy file java.policy can be located in the %JAVA_HOME%\jre\lib folder.
- Another common policy file is .java.policy (note the period at the beginning of the file name) which is
specifically for an individual user. Not all users have one – if one does exist it is in their home directory
(where are their login/profile information is stored).
• The following is an exmaple of a java.policy file.
grant {
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
};
• To help Java clients to set these permissions and policy files, Java provides the policytool.
- The policytool can be found in the bin %JAVA_HOME%\directory.
• A lot more could be said about permissions, policies and client-side security.
- However, when developing applications, our concerns usually focus in on the server.
- Clients can set whatever permissions they want.
- In most cases, clients rarely ever change their policies or permissions for Java applications.
• For this reason, we will move on to looking at the Java API’s related to security.
- For the rest of this class we will focus on looking at security that protects us, our applications and our
data.
- Client side security isn’t unimportant – but application security and data passed between our
applications and clients has more serious and potentially dangerous consequences if not handled properly.
Policies and Permissions
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials