Building a bigger sandbox

Security in JDK 1.2 gives developers more control. Find out how to take advantage of this flexible new model

1 2 Page 2
Page 2 of 2

The signedBy and codeBase fields are not required. Together, they form a protection domain, another major part of the security model. Code signed by a list of one or more signers from a particular code source (a URL representing the code location) can be granted the permissions that follow. A ProtectionDomain is an encapsulation of an array of signers from a particular codebase. If no signers or codebase are given, it is translated as all entities from any codebase. So, if we look at the grant entry in the .java.policy file, we find the following:

grant {
  permission java.io.FilePermission "/tmp/*", "read";
};

When we run the FileApp program, using the -new -usepolicy flags, the policies on the system are read and loaded into a Policy object, and this defines the permissions FileApp will have. This will include all the grant entries of the java.policy file plus the additional FilePermission entry. If we run the code and try to read the file secret.doc from the /tmp directory, it will be allowed; if we try to read the /etc/passwd file, it will be denied (indicated by an AccessControlException).

The policytool

The policy files are simple ASCII text files that can be edited as needed. Because most users are prone to typing errors, however, the nice developers of JDK 1.2 gave us a GUI utility, policytool, which greatly reduces the possibility of errors. Just type policytool on your command line and you will see a screen like the following:

Policy Tool Main Window

Now you can add, remove or edit a policy entry. If we wanted to add a permission to the .java.policy file, we would select Edit Policy Entry, and get the following screen:

Policy Tool Edit Entry Window

This screen has the single grant entry we specified, allowing reading of all files in the /tmp directory. If we wanted to add a permission to read and write files located in a directory called /export/home/work and all the subdirectories, we would select Add, get the following screen, and add the entries depicted here:

Policy Tool Add Grant Entry Window

The policytool will write the policy files for you in the correct syntax. Less errors are possible, but the possibility for them still exists. If you meant to give read/write access to all files in the /export/home/work directory but you accidentally entered /export/home/wrok, the policytool would generate an error. Your policy will simply give you unexpected and incorrect results.

Conclusion

Customization and management of security has always been possible in Java, but its implementation has definitely improved over earlier releases. The security manager concept remains essentially the same, but now new additions to the java.security package offer increased flexibility and control. If the SecurityManager is the Godfather of security, the AccessController is the Enforcer of security policies. Users now have the control in their hands to define their particular security needs. This can be accomplished by creating policy files using the policytool program provided with the JDK.

Wise developers will think security all the time. As Java gains more strength in enterprise systems, the need for security becomes increasingly crucial to your success. A flexible security architecture like the one introduced in JDK 1.2 gives you the tools you need to achieve the goal of Security Everywhere.

Todd M. Greanier has been programming in Java since its initial release. He works for Lake Systems Inc., where he has been teaching Java classes for the past two years all over the United States for Sun Educational Services. Todd is an instructor of general Java courses, as well as on more specific topics including Java distributed computing, JavaBeans, and Java security. Todd lives in upstate New York with his wife Stacey and their cat Shakespeare.

Learn more about this topic

  • Read "Secure Computing With JavaNow and the Future" http://java.sun.com/marketing/collateral/security.html
  • Read "Low Level Security in Java," by Frank Yellin http://java.sun.com/sfaq/verifier.html
  • See the JDK 1.2 security documentation http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
  • Visit the Java Security home page http://java.sun.com/security

This story, "Building a bigger sandbox" was originally published by JavaWorld.

Copyright © 1998 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2