File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes Too minimalistic policy files? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Reply Bookmark "Too minimalistic policy files?" Watch "Too minimalistic policy files?" New topic
Author

Too minimalistic policy files?

Pander Musubi
Greenhorn

Joined: May 15, 2003
Posts: 16
posted
0
Quote
These are my policy files. I think these are as minimalistic as it can get. My question is, they aren't too restricting are they? Application works fine with it.
policy server side
grant {
permission java.io.FilePermission "*", "read,write";
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
};
policy client side
grant {
permission java.net.SocketPermission "*:1024-65535", "connect";
};
Terry Martinson
Ranch Hand

Joined: Oct 18, 2003
Posts: 293
posted private message
0
Quote
I thought I read somewhere that if we start our registry programmatically, we don't need a policy file. Does anyone know if that's true or not?
TJ

SCJP, SCJD, SCWCD, SCBCD
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 10816
    
  25

I like...
Firefox Browser IntelliJ IDE Mac
posted private message
0
Quote
Hi Pander & Terry,
Pander: it looks like you have the necessary permissions for loading remote files and listening on unsecured ports. So these permissions should be all you need. However:
  • You do not really need a security manager (see below)
  • These are very open security policies - they allow reading of any file, and connection to/from any address. While this is necessary since you do not know where your files are going to end up, you might want to make a note in your user documentation stating that your security policies are fairly insecure


    • If you install a SecurityManager, then you will need the policy files, regardless of whether you start the RMI Registry programatically or not.
    If you start the RMI Registry programatically, then you can avoid installing a Security Manager altogether. This is because the files to be loaded will be local (therefore no need for FilePermissions), and standard user policies for a stand alone application allow you to open connections to any internet address, and listen on any unsecured port (therefore no need for the SocketPermissions).
    Regards, Andrew

    The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
    Terry Martinson
    Ranch Hand

    Joined: Oct 18, 2003
    Posts: 293
    posted private message
    0
    Quote
    Thanks for the great explanation Andrew!
    One other note: In some of the specs (i.e. mine which is 1.2.1 URLyBird) under RMI restrictions, it says "You must not require the installation of a security manager." So be sure to check your restrictions if you do decide to proceed with the security manager / policy file approach!
    TJ
    Pander Musubi
    Greenhorn

    Joined: May 15, 2003
    Posts: 16
    posted
    0
    Quote
    My assignment doesn't talk about it, it even states that is is allowed to used security manager policy file as command line argument. But of course it is important to tell why you choose for this or that. Thanks for your replies.
     
    I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
     
    subject: Too minimalistic policy files?
     
    Similar Threads
    Access denied(java.io.FilePermission db.db write)
    Rmi BAsic Problem
    RMI-Applet Communication
    access denied (SocketPermission 127.0.0.1:1099 connect,resolve)
    policy file