aspose file tools*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes Specifying Security Policy Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "Specifying Security Policy" Watch "Specifying Security Policy" New topic
Author

Specifying Security Policy

Ronnie Phelps
Ranch Hand

Joined: Mar 12, 2001
Posts: 329
Is there a way of specifying the location of a security policy from within an application without using a policy file?
Ronnie Phelps
Ranch Hand

Joined: Mar 12, 2001
Posts: 329
I'm sure there must be a way of doing this. Does anyone have an Idea how this can be done. If this can't be done can anyone explain why.
Ronnie Phelps
Ranch Hand

Joined: Mar 12, 2001
Posts: 329
Actually what I need is to be able to specify the location of the policy file from within the program and not via the -Djava.security.policy option because the beta exam states that client and server must not require use of command line arguements.
Sai Prasad
Ranch Hand

Joined: Feb 25, 2002
Posts: 560
Have you thought about not using the security file at all? I am not taking the beta exam but in my submission, I didn't use the RMI Security Manager or java.policy file.
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Hi Ronnie,
I don't think you can set a policy file programattically. You could try installing a custom SecurityManager instead, but that's a pretty sizeable task.
Michael Morris


Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Ernst F. Schumacher
Ronnie Phelps
Ranch Hand

Joined: Mar 12, 2001
Posts: 329
Thanks Michael. I will research creating a custom security manager. If anyone has a link to site that explains this, can you please post it?
Have you thought about not using the security file at all? I am not taking the beta exam but in my submission, I didn't use the RMI Security Manager or java.policy file.

Sai did you create a custom security manager or did you use some other implementation? What options do I have?
Sai Prasad
Ranch Hand

Joined: Feb 25, 2002
Posts: 560
Since you are bundling the _Stub files with the client jar and no dynamic downloading of _Stub(s) is happening, there is no need to have a RMI Security Manager in the server side. No need to install a custom security manager programmaticaly.
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Hi Ronnie,
I ran a test and it appears that you can just set the policy file with the following:

I got the same results by setting the policy on the command line and by using the above from:

To verify it's effectiveness you would need to setup a test by first running an application with a restrictive system policy in place and see if you can ease those restrictions with the above code.
Sai is right in that you really don't need a policy file so long as there is no dynamic class loading involved. But I would like to know if this works and if you don't test it I'm sure that I will.
Michael Morris
Ronnie Phelps
Ranch Hand

Joined: Mar 12, 2001
Posts: 329
Thanks Guys,
I got rid of the security manager and everything works like a charm. I guess I didn't fully understand the purpose of a security manager and why it was needed. And the setProperty and getProperty worked also. I don't know why I didn't think of that initially but hopefully i'll remember next time I have to set a property within an application. Thanks again guys and I appreciate your help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Specifying Security Policy
 
Similar Threads
RMI: net.ConnectException
Urgent: Is signed applet really necessary to read local files ?
protected constructor
AccessControlException hocuspocus
RMI in Java 2 SDK, v1.3