Question on java.security.manager

[Lil_Aziz1]

If Count.java has the following content:

Java Code:

import java.io.*;

public class Count {
    public static void countChars(InputStream in) throws IOException
    {
        int count = 0;

        while (in.read() != -1)
            count++;

        System.out.println("Counted " + count + " chars.");
    }

    public static void main(String[] args) throws Exception
    {
        if (args.length >= 1)
            countChars(new FileInputStream(args[0]));
        else
            System.err.println("Usage: Count filename");
    }
}

After compilation, shouldn't this command invoke some sort of Exception/Error associated with permission or security?


Although, when I put Count.class in a jar file and then run it using classpath, it gives me an Exception:


I did another test:
I made a manifest.txt with the following content:

Java Code:

Main-Class: Count

then did:

Java Code:

jar cfm mCount.jar manifest.txt Count.class

Compiled it with the security manager and without the security manager, and I got an exception same as the prior test when -Djava.security.manager extension was added.


So the question is, why did I not get an exception when I did

Java Code:

 java -Djava.security.manager Count writetest

? Thanks in advance.

EDIT: I have not tampered with any security files. I actually recently reinstalled the JDK.

Best Regards,

Aziz Javed

[Norm]

Do you have a .java.policy file that's used by the JVM?
What's in your .java.policy file?

Mine's in the C:\Documents and Settings\Owner folder

[Lil_Aziz1]

I found a java.policy file but not a .java.policy file. This is what it contains:

Java Code:

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
	permission java.security.AllPermission;
};

// default permissions granted to all domains

grant { 
	// Allows any thread to stop itself using the java.lang.Thread.stop()
	// method that takes no argument.
	// Note that this permission is granted by default only to remain
	// backwards compatible.
	// It is strongly recommended that you either remove this permission
	// from this policy file or further restrict it to code sources
	// that you specify, because Thread.stop() is potentially unsafe.
	// See "http://java.sun.com/notes" for more information.
	permission java.lang.RuntimePermission "stopThread";

	// allows anyone to listen on un-privileged ports
	permission java.net.SocketPermission "localhost:XXXX-", "listen";

	// "standard" properies that can be read by anyone

	permission java.util.PropertyPermission "java.version", "read";
	permission java.util.PropertyPermission "java.vendor", "read";
	permission java.util.PropertyPermission "java.vendor.url", "read";
	permission java.util.PropertyPermission "java.class.version", "read";
	permission java.util.PropertyPermission "os.name", "read";
	permission java.util.PropertyPermission "os.version", "read";
	permission java.util.PropertyPermission "os.arch", "read";
	permission java.util.PropertyPermission "file.separator", "read";
	permission java.util.PropertyPermission "path.separator", "read";
	permission java.util.PropertyPermission "line.separator", "read";

	permission java.util.PropertyPermission "java.specification.version", "read";
	permission java.util.PropertyPermission "java.specification.vendor", "read";
	permission java.util.PropertyPermission "java.specification.name", "read";

	permission java.util.PropertyPermission "java.vm.specification.version", "read";
	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
	permission java.util.PropertyPermission "java.vm.specification.name", "read";
	permission java.util.PropertyPermission "java.vm.version", "read";
	permission java.util.PropertyPermission "java.vm.vendor", "read";
	permission java.util.PropertyPermission "java.vm.name", "read";
};

I think the JVM is using java.policy because when I compiled GetProps.java with the following code:

Java Code:

class GetProps {

    public static void main(String[] args) {

        /* Test reading properties w & w/out security manager */
        
        String s;

        try {

            System.out.println("About to get os.name property value");

            s = System.getProperty("os.name", "not specified");
            System.out.println("  The name of your operating system is: " + s);

            System.out.println("About to get java.version property value");

            s = System.getProperty("java.version", "not specified");
            System.out.println("  The version of the JVM you are running is: " + s);

            System.out.println("About to get user.home property value");

            s = System.getProperty("user.home", "not specified");
            System.out.println("  Your user home directory is: " + s);

            System.out.println("About to get java.home property value");

            s = System.getProperty("java.home", "not specified");
            System.out.println("  Your JRE installation directory is: " + s);


        } catch (Exception e) {
            System.err.println("Caught exception " + e.toString());
        }

    }

}

and then ran the application through the security.manager and got an exception:


So I don't know why it's not working. Also, the Java tutorial ( http://java.sun.com/docs/books/tutor...gn/rstep1.html ) doesn't talk about running just the Count.class. Instead, it talks about running it through a jar file. Out of curiosity, shouldn't the same rules apply to Count.class without it being in a jar file?

[Norm]

Not sure how the java.policy (no leading .) is for or how used.
What file is displayed when you open the policytool program?

The .java.policy file is referred to from the {java.home}\lib\security\java.security file by this line:
policy.url.2=file:${user.home}/.java.policy


Re codebase. I found this with google, don't have URL for it. The title is:
Default Policy Implementation and Policy File Syntax

The exact meaning of a codeBase value depends on the characters at the end. A codeBase with a trailing "/" matches all class files (not JAR files) in the specified directory. A codeBase with a trailing "/*" matches all files (both class and JAR files) contained in that directory. A codeBase with a trailing "/-" matches all files (both class and JAR files) in the directory and recursively all files in subdirectories contained in that directory. The following table illustrates the different cases.

[Lil_Aziz1]

When I open up the policy too, no file is displayed, just the Policy Tool itself in its blank window.

So do you want me to rename java.policy to .java.policy?

[Webuser]

I did another test:
I made a manifest.txt with the following content:

for your information you should ext manifest as *.MF but not *.txt :(

show us your jar packages structure.

[Norm]

Find this java.security file and see if you have the line I show.

The .java.policy file is referred to from the {java.home}\lib\security\java.security file by this line:
policy.url.2=file:${user.home}/.java.policy

If you have that file with that line, look in the user.home folder for the .java.policy file.
I suspect you don't have one as policytool would read and load it when it starts.

Where did you find the java.policy file? Don't rename it. Looking in the above java.security file you'll see a reference to it above the line I posted.

[Lil_Aziz1]

So I looked over java.security and I did find the following:

Java Code:

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

I checked my user.home and could not find .java.policy (to make sure I was looking at the right place, I did the following:

Java Code:

            s = System.getProperty("user.home", "not specified");
            System.out.println("  Your user home directory is: " + s);

)
What should I do?

[Norm]

I was concerned that there was a .policy file that was granting permission that you didn't know about. It appears there is NOT.
Continue with your testing. Is the file being read in a different folder than the jar/class files? It should be. Move it up one and prefix your filename with ..\

[Lil_Aziz1]

Oooh. I think it worked. So I moved Count.class to directory C:\..\A\B and moved the file it was reading (writetest.txt) to C:\...\A
I ran Count without the security manager and it read writetest.txt. Then I ran it with the security manager and it gave me a PermissionException!
Then I moved Count.class to directory C:\..\A and writetest.txt to C:\..\A\B - it did not give me an exception when I ran it with security manager. :(

Conclusion: A JAVA application has permission to read (maybe even write?) any files in the same directory as it and in sub-directories. (Hope this is accurate)

I hope that's what you were talking about.
Anyhow, thanks man! +1