HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML
 

"Java Security: Protection Domains"
Vol. 3, Issue 5, p. 16

	

Listing 1: Security policy file format.
  
grant [signedBy “principal name of the signer of the applet”] [,codeBase “URL whence the code must originate”]  
 {  
  permission permission_class_name “target resource name” [, “action name”]  
[, signedBy “principal name of the signer of the permission”] ;  

 permission  ·..  
};   

grant ·..  

Listing 2: Example of a security policy file.
   
1 grant {  
2  permission java.io.FilePermission “/usr/tmp/logfile”, “read, write”;  
3 };  
4  
5 grant signedBy “openhorizon” {  
6  permission java.net.SocketPermission “www.openhorizon.com:8000-8200” ,   
7         “connect”;   
8 };  
9  
10  grant signedBy “openhorizon ”, codeBase “http://www.openhorizon.com/Ambrosia/demo” {  
11 permission java.net.SocketPermission “www.openhorizon.com:8506” , “connect”;  
12 permission com.openhorizon.client.PublishPermission  “demo.stock.nyse”;  
13 };  
14  
15 grant signedBy “openhorizon”, codeBase “http://www.openhorizon.com/Ambrosia/prod” {  
16 permission java.net.SocketPermission “www.openhorizon.com:8976” ,“connect”;  
17 permission com.openhorizon.client.GuaranteedPermission  “prod.stock.nyse”,  
18    signedBy “OHISecurityOfficer”;  
19 };  

Listing 3: FilePermission  and SocketPermission classes.
   
1 FilePermission P1 = new FilePermission (“/usr/ambrosia/log/logfile”, “read,write”);  
2 FilePermission P2 = new FilePermission (“/usr/ambrosia/log/-”, “delete”);  
3 FilePermission P3 = new FilePermission (“/usr/ambrosia/bin/*”,  “execute”);  
4 FilePermission P4 = new FilePermission (“-“, “read”);  
5 SocketPermission P5 = new SocketPermission (“demo.openhorizon.com:8506”, “listen”);  
6 SocketPermission P6 = new SocketPermission (“*.com”, “connect”);  

Listing 4: Implementing access control in an application.
   
1 com.openhorizon.client.PublishPermission publishPerm;  
2 publishPerm = new com.openhorizon.client.PublishPermission(“demo.stock.nyse”);  
3 try {  
4      AccessController.checkPermission (publishPermission);  
5 } catch (java.security.AccessControl.Exception accessViolation) { ·.. }
  
      
 

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: [email protected]

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.