O'Reilly logo

Java RMI by William Grosso

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Setting Up a Security Policy

So far we’ve talked about the basic idea of permissions and how they’re checked and enforced. The next logical step is to talk about how they’re set. How does the JVM find out which permissions have been granted to particular classes?

The Three Policy Files

In most situations, two or three of the following security policies are used when running an application:

The global policy file

This is a policy file that applies to all applications, run by any user. It’s usually either the default policy that ships with the Java runtime environment or a policy file that’s been defined by systems administrators (i.e., the people who configured a particular system). End users rarely alter this file. The global policy is installed, by default, in ${java.home}/jre/lib/security/java.policy. On my machine, this resolves to c:\program files\jdk1.3\jre\lib\security\java.policy.

The user-specific policy file

This is a policy file that applies to all applications started by a specific user. This usually either doesn’t exist (there is no user-specific policy file that ships with the JRE) or is a policy file that’s been defined by systems administrators. End users rarely alter this file either. The user-specific policy file has a default location of ${user.home}/.java.policy . On my machine, this resolves to c:\winnt\profiles\grosso\.java.policy.

The application-specific policy file

This is a policy file that ships with the application, defining the permissions that the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required