SecurityManager in Java
Java Security Manager
Java SecurityManager javadoc:
/**
* The security manager is a class that allows
* applications to implement a security policy. It allows an
* application to determine, before performing a possibly unsafe or
* sensitive operation, what the operation is and whether
* it is being attempted in a security context that allows the
* operation to be performed. The
* application can allow or disallow the operation.
* <p>
* The <code>SecurityManager</code> class contains many methods with
* names that begin with the word <code>check</code>. These methods
* are called by various methods in the Java libraries before those
* methods perform certain potentially sensitive operations. The
* invocation of such a <code>check</code> method typically looks like this:
* <p><blockquote><pre>
* SecurityManager security = System.getSecurityManager();
* if (security != null) {
* security.check<i>XXX</i>(argument, . . . );
* }
* </pre></blockquote>
* <p>
* The security manager is thereby given an opportunity to prevent
* completion of the operation by throwing an exception. A security
* manager routine simply returns if the operation is permitted, but
* throws a <code>SecurityException</code> if the operation is not
* permitted. The only exception to this convention is
* <code>checkTopLevelWindow</code>, which returns a
* <code>boolean</code> value.
* <p>
* The current security manager is set by the
* <code>setSecurityManager</code> method in class
* <code>System</code>. The current security manager is obtained
* by the <code>getSecurityManager</code> method.
* <p>
* The special method
* {@link SecurityManager#checkPermission(java.security.Permission)}
* determines whether an access request indicated by a specified
* permission should be granted or denied. The
* default implementation calls
*
* <pre>
* AccessController.checkPermission(perm);
* </pre>
*
* <p>
* If a requested access is allowed,
* <code>checkPermission</code> returns quietly. If denied, a
* <code>SecurityException</code> is thrown.
* <p>
* As of Java 2 SDK v1.2, the default implementation of each of the other
* <code>check</code> methods in <code>SecurityManager</code> is to
* call the <code>SecurityManager checkPermission</code> method
* to determine if the calling thread has permission to perform the requested
* operation.
* <p>
* Note that the <code>checkPermission</code> method with
* just a single permission argument always performs security checks
* within the context of the currently executing thread.
* Sometimes a security check that should be made within a given context
* will actually need to be done from within a
* <i>different</i> context (for example, from within a worker thread).
* The {@link SecurityManager#getSecurityContext getSecurityContext} method
* and the {@link SecurityManager#checkPermission(java.security.Permission,
* java.lang.Object) checkPermission}
* method that includes a context argument are provided
* for this situation. The
* <code>getSecurityContext</code> method returns a "snapshot"
* of the current calling context. (The default implementation
* returns an AccessControlContext object.) A sample call is
* the following:
*
* <pre>
* Object context = null;
* SecurityManager sm = System.getSecurityManager();
* if (sm != null) context = sm.getSecurityContext();
* </pre>
*
* <p>
* The <code>checkPermission</code> method
* that takes a context object in addition to a permission
* makes access decisions based on that context,
* rather than on that of the current execution thread.
* Code within a different context can thus call that method,
* passing the permission and the
* previously-saved context object. A sample call, using the
* SecurityManager <code>sm</code> obtained as in the previous example,
* is the following:
*
* <pre>
* if (sm != null) sm.checkPermission(permission, context);
* </pre>
*
* <p>Permissions fall into these categories: File, Socket, Net,
* Security, Runtime, Property, AWT, Reflect, and Serializable.
* The classes managing these various
* permission categories are <code>java.io.FilePermission</code>,
* <code>java.net.SocketPermission</code>,
* <code>java.net.NetPermission</code>,
* <code>java.security.SecurityPermission</code>,
* <code>java.lang.RuntimePermission</code>,
* <code>java.util.PropertyPermission</code>,
* <code>java.awt.AWTPermission</code>,
* <code>java.lang.reflect.ReflectPermission</code>, and
* <code>java.io.SerializablePermission</code>.
*
* <p>All but the first two (FilePermission and SocketPermission) are
* subclasses of <code>java.security.BasicPermission</code>, which itself
* is an abstract subclass of the
* top-level class for permissions, which is
* <code>java.security.Permission</code>. BasicPermission defines the
* functionality needed for all permissions that contain a name
* that follows the hierarchical property naming convention
* (for example, "exitVM", "setFactory", "queuePrintJob", etc).
* An asterisk
* may appear at the end of the name, following a ".", or by itself, to
* signify a wildcard match. For example: "a.*" or "*" is valid,
* "*a" or "a*b" is not valid.
*
* <p>FilePermission and SocketPermission are subclasses of the
* top-level class for permissions
* (<code>java.security.Permission</code>). Classes like these
* that have a more complicated name syntax than that used by
* BasicPermission subclass directly from Permission rather than from
* BasicPermission. For example,
* for a <code>java.io.FilePermission</code> object, the permission name is
* the path name of a file (or directory).
*
* <p>Some of the permission classes have an "actions" list that tells
* the actions that are permitted for the object. For example,
* for a <code>java.io.FilePermission</code> object, the actions list
* (such as "read, write") specifies which actions are granted for the
* specified file (or for files in the specified directory).
*
* <p>Other permission classes are for "named" permissions -
* ones that contain a name but no actions list; you either have the
* named permission or you don't.
*
* <p>Note: There is also a <code>java.security.AllPermission</code>
* permission that implies all permissions. It exists to simplify the work
* of system administrators who might need to perform multiple
* tasks that require all (or numerous) permissions.
* <p>
* See <a href ="../../../technotes/guides/security/permissions.html">
* Permissions in the JDK</a> for permission-related information.
* This document includes, for example, a table listing the various SecurityManager
* <code>check</code> methods and the permission(s) the default
* implementation of each such method requires.
* It also contains a table of all the version 1.2 methods
* that require permissions, and for each such method tells
* which permission it requires.
* <p>
* For more information about <code>SecurityManager</code> changes made in
* the JDK and advice regarding porting of 1.1-style security managers,
* see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
*
* @author Arthur van Hoff
* @author Roland Schemers
*
* @version %I%, %G%
* @see java.lang.ClassLoader
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
* checkTopLevelWindow
* @see java.lang.System#getSecurityManager() getSecurityManager
* @see java.lang.System#setSecurityManager(java.lang.SecurityManager)
* setSecurityManager
* @see java.security.AccessController AccessController
* @see java.security.AccessControlContext AccessControlContext
* @see java.security.AccessControlException AccessControlException
* @see java.security.Permission
* @see java.security.BasicPermission
* @see java.io.FilePermission
* @see java.net.SocketPermission
* @see java.util.PropertyPermission
* @see java.lang.RuntimePermission
* @see java.awt.AWTPermission
* @see java.security.Policy Policy
* @see java.security.SecurityPermission SecurityPermission
* @see java.security.ProtectionDomain
*
* @since JDK1.0
*/
Grant the Required Permissions
Here is a sample of java policy file:
/** Java 2 Access Control Policy for the JAAS Sample Application **/
/* grant the sample LoginModule permissions */
grant codebase "file:./SampleLM.jar" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant codebase "file:./SampleAcn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
};
Default Policy Implementation and Policy File Syntax
Please refer to java doc: Default Policy Implementation and Policy File Syntax.
Permissions in the Java
Please refer to java doc: Permissions in the JavaTM 2 SDK.