Previous | Next | Trail Map | Security in JDK 1.2  | Signing Code and Granting It Permissions

Observe the Restricted Application

The last part of the Quick Tour of Controlling Applications(in the Java Security 1.2 trail) lesson shows how an application can be run under a security manager by invoking the interpreter with the new -Djava.security.manager command-line argument. But what if the application to be invoked resides inside a JAR file?

One of the interpreter options is the -cp (for class path) option, whereby you specify a search path for application classes and resources. Thus, for example, to execute the Count application inside the sCount.jar JAR file, specifying the file C:\TestData\data as its argument, you could type the following while in the directory containing sCount.jar:

java -cp sCount.jar Count C:\TestData\data
To execute the application with a security manager, simply add -Djava.security.manager, as in
java -Djava.security.manager -cp sCount.jar Count C:\TestData\data
When you run this command, you should get an exception.
Exception in thread "main" java.security.AccessControlException: access denied (
java.io.FilePermission C:\TestData\data read)
    at java.security.AccessControlContext.checkPermission(Compiled Code)
    at java.security.AccessController.checkPermission(Compiled Code)
    at java.lang.SecurityManager.checkPermission(Compiled Code)
    at java.lang.SecurityManager.checkRead(Compiled Code)
    at java.io.FileInputStream.(Compiled Code)
    at Count.main(Compiled Code)

This AccessControlException is reporting that the application does not have permission to read the file C:\TestData\data. This exception is raised because an application running under a security manager cannot read a file or access other resources unless it has explicit permission to do so.


Previous | Next | Trail Map | Security in JDK 1.2  | Signing Code and Granting It Permissions