hi, for java2 we have policy files which have grant entries, which gives access to the protected resources. where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.
Rufus BugleWeed
Ranch Hand
Joined: Feb 22, 2002
Posts: 1551
posted
0
The client is often a browser and IE and Mozilla have their own security mechanisms. If the client or server is a JVM, I believe the policy file has a couple of ways to be loaded. You can find the details in the Java Tutorial.
Nicky Moelholm
Ranch Hand
Joined: Jan 20, 2002
Posts: 43
posted
0
Hi,
hi, for java2 we have policy files which have grant entries, which gives access to the protected resources. where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.
Well to be accurate they can are on both the java server and the java client. I believe you refer to the use of java applets...there are two obivous solutions to the "trust" problem: 1) make the client use policy tool to grant your applet the priviledges you need. 2) Sign you applet and make the client trust it so it can gain application-level rights on the clients computer. The latter is the easier one - the client simply has to click the browser dialog.
Nicky Moelholm
MyCerts: SCJP 1.2, SCJP 1.5, SCJD, SCWCD 1.3, SCBCD 1.3, SCDJWS 1.4, SCEA, IBM 253
MyBooks: IBM WebSphere Application Server V7.0 Web Services Guide
k doshi
Ranch Hand
Joined: Mar 16, 2002
Posts: 41
posted
0
thnks nicky for the reply to make the client use policy tool to grant your applet the priviledges you need, we have to copy the policy file on the client computer, or he has to download it. so he has to trust the site first, which appears like a security hole. what do u feel kiran
Sanjay Raghavan
Ranch Hand
Joined: May 14, 2002
Posts: 148
posted
0
As far as I understood the issue, in the modified sandbox model (Java 2) both local and remote code can be subjected to a security mgr and policy files. i.e., there is no difference between the capabilities of local vs. remote code. Now for client Java apps, the use of a security mgr is optional. Where as for Browser based clients, a security mgr is used by default (rendering remote code to all restrictions in Java 1.1). This default behavior may be changed by changing the permissions in the policy file. The grant entries may either be for a remote host or for a specific alias (mapped in the keystore) or a combination of the two. So all signed applets would not be trusted by default. For example, if you're browsing through SUN's site, and there's an applet, obviously you do not want it to be able to read / write into your file system indiscriminately, just because it's signed. To answer the question of how the policy file would be changed on the client, that sort of thing happens in Intranet environments, where the intended clients are under your control. HTH.
Sanjay Raghavan<br />SCJP2, SCEA-J2EE<br />Moderator - <a href="http://groups.yahoo.com/group/scea_prep" target="_blank" rel="nofollow">SCEA PREP</a><br />Co-Author - <a href="http://www.whizlabs.com/scea/scea.html" target="_blank" rel="nofollow">SCEA@Whiz</a><br /><i>Where did you sip your Java Today?</i>
0
