This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Class Loaders & Permissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Class Loaders & Permissions" Watch "Class Loaders & Permissions" New topic
Author

Class Loaders & Permissions

Jared Krull
Ranch Hand

Joined: Sep 28, 2001
Posts: 32
I'm playing around with a custom class loader and granting permissions to the classes loaded (without a policy file)

I have the following class that sets up a custom permission and loads another class with that permission (The "getPermissions" override in my classloader adds this permission to the class being loaded).

Inside the loaded class I check for this permission but it always fails. I have overrided the "implies" method and it looks like the permissions are being checked and the function is returning true (meaning that the permission loaded does "imply" the one I am checking. Nevertheless, the call to AccessController.checkPermission throws an AccessControlException with "access denied".

Can someone kindly look through my code and tell me where I'm going wrong?

First my permission class


Now my loader class (and main entry point)


Here's the class that is loaded and checks the permission


And here's the console output - as you can see the permissions look ok and implies returns true, but an exception is still caught.
Permission granted: (testprotected.MyPermission fooby.runCode)
Permission to check: (testprotected.MyPermission fooby.runCode)
Inside the implies method
This - Name:fooby.runCode - Hash:-1934868025
That - Name:fooby.runCode - Hash:-1934868025
Return from implies - true
Sorry, you dont have permission access denied (testprotected.MyPermission fooby.runCode)
Details (testprotected.MyPermission fooby.runCode)


Any help would be great.>


C programmer gone astray
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41177
    
  45
The output I get (Java 5 on OS X) is

Permission to check: (testprotected.MyPermission fooby.runCode)
Sorry, you dont have permission access denied (testprotected.MyPermission fooby.runCode)
Details (testprotected.MyPermission fooby.runCode)


Ping & DNS - my free Android networking tools app
Jared Krull
Ranch Hand

Joined: Sep 28, 2001
Posts: 32
I just figured the problem - didnt load the security manager on the command line!

I needed to add this in and set a policy class giving the loading class the createClassLoader and other file based permissions.

All seems ok now.

Strange that the exception given didnt hint that the security manager wasnt loaded. It just denied access as if it were already loaded. Ah well.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

There was a security manager loaded, just not the one you thought was loaded.
Jared Krull
Ranch Hand

Joined: Sep 28, 2001
Posts: 32
Paul Clapham wrote:There was a security manager loaded, just not the one you thought was loaded.


Could you elaborate?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

There's always a security manager loaded. So there aren't any situations in which an error message can be issued because no security manager is loaded. And you can't reasonably expect the error message to point out that there might not be an error if some other security manager were loaded; this is always the case.
Jared Krull
Ranch Hand

Joined: Sep 28, 2001
Posts: 32
That's interesting because from my reading I'd thought that a security manager would not be installed on a standard application without that command line addidion. I tested my app without the command line options and wrote a custom Policy class, installing it before invoking the method in the loaded library and sure enough the security then worked fine. So I guess there must have been a seucrity manager present as you said.

satish kumar kandukuri
Greenhorn

Joined: Aug 10, 2005
Posts: 6
Hi Jared Krull

Can you please paste the code samples you used to demonstrate how you solved your issue.Your help is greatly appreciated.
Your inputs might help me solve my issue.

Below was your reply.
------------------------

I just figured the problem - didnt load the security manager on the command line!

I needed to add this in and set a policy class giving the loading class the createClassLoader and other file based permissions


Satish Kandukuri.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Class Loaders & Permissions
 
Similar Threads
status of internet connection
How do I go about making my own Yahoo Messenger?
killing main process and allowing spawned process to continue
class loader
Problem integrating hibernate & EJB 3