|
|
Signing Code and Granting It Permissions |
The last part of the Quick Tour of Controlling Applicationslesson shows how an application can be run under a security manager by invoking the interpreter with the new
"-Djava.security.manager"command-line argument.But what if the application to be invoked resides inside a JAR file?
How To Execute an Application Inside a Signed JAR File
One of the interpreter options is the
"-cp"(for "classpath") option, where you specify a search path for application classes and resources.Thus, for example, to execute the
Countapplication inside thesCount.jarJAR file, specifying the fileC:\TestData\dataas its argument, you could type the following (while in the directory containingsCount.jar):java -cp sCount.jar Count C:\TestData\dataHow To Execute an Application Inside a Signed JAR File With a Security Manager
To execute the application with a security manager, simply add"-Djava.security.manager", as inWhen you run this command, you should get an exception:java -Djava.security.manager -cp sCount.jar Count C:\TestData\dataException in thread "main" java.security.AccessControlException: access denied ( java.io.FilePermission C:\TestData\data read) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkRead(Compiled Code) at java.io.FileInputStream.(Compiled Code) at Count.main(Compiled Code) This
AccessControlExceptionis reporting that the application does not have permission to read the fileC:\TestData\data. This exception is raised because an application running under a security manager cannot read a file or access other resources unless it has explicit permission to do so.
|
|
Signing Code and Granting It Permissions |