This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes Too minimalistic policy files? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "Too minimalistic policy files?" Watch "Too minimalistic policy files?" New topic
Author

Too minimalistic policy files?

Pander Musubi
Greenhorn

Joined: May 15, 2003
Posts: 16
These are my policy files. I think these are as minimalistic as it can get. My question is, they aren't too restricting are they? Application works fine with it.
policy server side
grant {
permission java.io.FilePermission "*", "read,write";
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
};
policy client side
grant {
permission java.net.SocketPermission "*:1024-65535", "connect";
};
Terry Martinson
Ranch Hand

Joined: Oct 18, 2003
Posts: 293
I thought I read somewhere that if we start our registry programmatically, we don't need a policy file. Does anyone know if that's true or not?
TJ


SCJP, SCJD, SCWCD, SCBCD
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11404
    
  81

Hi Pander & Terry,
Pander: it looks like you have the necessary permissions for loading remote files and listening on unsecured ports. So these permissions should be all you need. However:
  • You do not really need a security manager (see below)
  • These are very open security policies - they allow reading of any file, and connection to/from any address. While this is necessary since you do not know where your files are going to end up, you might want to make a note in your user documentation stating that your security policies are fairly insecure


  • If you install a SecurityManager, then you will need the policy files, regardless of whether you start the RMI Registry programatically or not.
    If you start the RMI Registry programatically, then you can avoid installing a Security Manager altogether. This is because the files to be loaded will be local (therefore no need for FilePermissions), and standard user policies for a stand alone application allow you to open connections to any internet address, and listen on any unsecured port (therefore no need for the SocketPermissions).
    Regards, Andrew


    The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
    Terry Martinson
    Ranch Hand

    Joined: Oct 18, 2003
    Posts: 293
    Thanks for the great explanation Andrew!
    One other note: In some of the specs (i.e. mine which is 1.2.1 URLyBird) under RMI restrictions, it says "You must not require the installation of a security manager." So be sure to check your restrictions if you do decide to proceed with the security manager / policy file approach!
    TJ
    Pander Musubi
    Greenhorn

    Joined: May 15, 2003
    Posts: 16
    My assignment doesn't talk about it, it even states that is is allowed to used security manager policy file as command line argument. But of course it is important to tell why you choose for this or that. Thanks for your replies.
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Too minimalistic policy files?
     
    Similar Threads
    Rmi BAsic Problem
    RMI-Applet Communication
    access denied (SocketPermission 127.0.0.1:1099 connect,resolve)
    policy file
    Access denied(java.io.FilePermission db.db write)