jQuery in Action, 3rd edition
The moose likes Java in General and the fly likes Permissions/Jars and Deployment Issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Permissions/Jars and Deployment Issues" Watch "Permissions/Jars and Deployment Issues" New topic

Permissions/Jars and Deployment Issues

Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
I want to make my classes dynamically loadable (i.e. not on classpath, loaded through my classloader). However I also want to have security settings for these classes (i.e. permissions that they are granted). My questions are:
1. Will granting permissions to a codebase add it to the classpath?
e.g. grant codebase "file:/D:/Config.jar" { ... }
2. How do I grant to a jar file in a manner that lends to good deployment? For example, in the above question the codebase is an absolute file location - that's bad for deployment. But I can't think of any other way to let the security policy file find my jar on the file-system.
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Hi Robert,
Well you can just add a policy file on the command line thus:

Your policy file would then grant whatever permissions were necessary for your app. For example:

to grant access to all system resources just for the life of the application.
Hope this helps,
Michael Morris

Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Ernst F. Schumacher
Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
Hmmm, I think I wasn't clear in what I meant - sorry.
When i deploy my apps, I do it in numerous jars. So I might have:
  • Config.jar
  • Client.jar
  • Service.jar

  • And I want each of those jars to have different permissions. So even if I pass a policy file as a system property, inside the policy can I just write:
    grant codebase "Config.jar" { ... }
    I'm guessing no. And even further, what if the app is started by someone double-clicking an executable jar (or on Unix "java - jar ...")? How do I do it then?
    For some reason, I think Sun left deployment issues as "worry about it later" stuff. For example, they made jars executable but never really thought about how you specify a security manager or policy that way. They do have class-path, but are missing a lot else.
    So my question:
    How to get my app to execute from a jar, take the policy/permissions I want for each jar and a security manager without needing it to be passed in at the command-line?
    Gregg Bolinger
    GenRocket Founder
    Ranch Hand

    Joined: Jul 11, 2001
    Posts: 15302

    The above link I think will help you out a lot. When dealing with Apps, I think you may be taking the wrong approach. Seems to me like you are taking an Applet security approach when you appearntly have an application security problem.
    Let me know if that helped a little.
    [ August 07, 2002: Message edited by: Gregg Bolinger ]

    GenRocket - Experts at Building Test Data
    Robert Paris
    Ranch Hand

    Joined: Jul 28, 2002
    Posts: 585
    Thanks for the reply, but I'm not quite sure why you posted it. I know about the Security Manager and use it all the time. I do have code that checks if one is installed and running and if not, calls it. But that does not solve my problem with the policy file. I want to use Java 2 security (and the default policy file implementation) because this is what 99.9% of all J2SE environments use. However, as far as I can tell, in order to give permissions to specific codebases (jar files in my case), you need to have the jar either available via a protocol like http, or on the file system. Since someone is downloading my code and then running it on their computer, I will not know where they will install it. So I don't want this hard-coded into my policy file, and I also would prefer not to force them to have to alter the policy file either - that's ugly and risky if they forget to do that.
    So i want to know, how to set the permissions for the jar codebases without hard-coding/knowing where they are? And secondly, how to set which policy file to use when they double-click the executable jar?
    I agree. Here's the link: http://aspose.com/file-tools
    subject: Permissions/Jars and Deployment Issues
    It's not a secret anymore!