Originally posted by Rohit Garg:
Just wanted to ask that is there a way by which i can protect the System.setProperty() method itself instead of putting it in an authenticated wrapper?
Does JAAS provide something of this sort?
I guess your question has already been answered by Nitesh.The actual check is done in the method itself.
The method getProperty of System is already protected.Without granting appropriate permission to the code , you can not invoke this method.
Try running the following,
with security manager enabled.It would throw AccessControlException.(Note: No JAAS is involved here).The reason for this is that by default the policy file doesn't grant the following permission.
permission java.util.PropertyPermission "file.encoding", "read"
Now, if you grant your code the above mentioned permission then it would run just fine.