Security confusion

stixwix · Dec 21, 2005

Hi,

Using Java as it comes 'out the box', the following runs ok:
System.getProperty("user.home");

But if I sub-class SecurityManager thus:
class MySecurityManager extends SecurityManager {}

and then set this up in main:
System.setSecurityManager(new MySecurityManager());

Then the getProperty call throws an access exception.

If i edit the java.policy file to specifically allow this call then it
is ok (this property isn't in the default 'allowed' list).

This implies that the default SecurityManager doesn't use the
java.policy file but I know it does because if you leave a syntax error
in the file you get an exception.

What am I missing here?

Regards,
Andy

Chris Smith · Dec 21, 2005

stixwix said:
If i edit the java.policy file to specifically allow this call then it
is ok (this property isn't in the default 'allowed' list).

This implies that the default SecurityManager doesn't use the
java.policy file

Huh? If editing the java.policy file works, then obviously
SecurityManager does use the file. (Yes, it does, by the way).

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

stixwix · Dec 21, 2005

The point is that if I don't declare my own SecurityManager, I don't
need to edit the java.policy file - the call does not throw an
exception (even though this property is not in the policy file's
default list of permissions).

Once I have declared MySecurityManager to be 'the daddy', then the only
way to get the call to work is to explicitly add this call to the
policy file.

cheers

Paulus de Boska · Dec 21, 2005

In standalone applications there is no default securitymanager . You
can appoint one, as in : System.setSecurityManager.... , that will
enforce the policy files. More on this here :
http://javalessons.com/cgi-bin/fun/java-tutorials-main.cgi?ses=ao789

category 'Advanced', lesson 'Policy files'

Chris Smith · Dec 21, 2005

stixwix said:
The point is that if I don't declare my own SecurityManager, I don't
need to edit the java.policy file - the call does not throw an
exception (even though this property is not in the policy file's
default list of permissions).

I was under the impression that you didn't have a security manager at
all for the first test (as you said, "Java as it comes 'out the box'").
If you set a security manager for the first test, then that's very odd
indeed, and I don't have an explanation for you.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

stixwix · Dec 21, 2005

Ahhh, the penny drops....
Thanks.

Resource confusion	11	Jan 28, 2012
Extending SecurityManager	2	Dec 7, 2005
RMI & connection refused	10	Aug 2, 2009
Help me : Why do I get an unsatisfiedLinkError - jni;rmi environment	0	Dec 30, 2003
School Project	1	Dec 8, 2022
java rmi error	1	Jul 6, 2008
I got some problems when using use activation mechanism of RMI	6	May 31, 2006
How to set broadcast receiver attributes programmatically in android studio?	1	Mar 19, 2022

Security confusion

stixwix

Chris Smith

stixwix

Paulus de Boska

Chris Smith

stixwix

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads