Running Secure Applications
In Chapter 1 we showed how
JavaRunner
and the Launcher
can be used to run a Java application. Now that we have the final
piece of the security policy story, we can put everything together
and show how the policy applies to these applications.
The Secure JavaRunner Program
Running a program securely under
the auspices of JavaRunner
requires that we
modify that program to accept a security manager:
public class JavaRunner implements Runnable {
.. other methods are unchanged ..
public static void main(String args[])
throws ClassNotFoundException {
Class self = Class.forName("JavaRunner");
System.setSecurityManager(new JavaRunnerManager());
JavaRunnerLoader jrl = new JavaRunnerLoader(
args[0], self.getClassLoader());
ThreadGroup tg = jrl.getThreadGroup();
Thread t = new Thread(tg,
new JavaRunner(jrl, args[1], getArgs(args)));
t.start();
try {
t.join();
} catch (InterruptedException ie) {
System.out.println("Thread was interrupted");
}
}
}
This single-line change installs a security manager for us; the
security manager provides the security policy for the target
application. Because our security manager defers most of its checks
to the access controller, we must have appropriate
java.policy
files somewhere (unless, of course,
we have installed a different default Policy
class). If these policy files are in the default locations
($JAVAHOME/lib/security/java.policy
and
$HOME/.java.policy
), no other steps are necessary. If that file is somewhere else, you must ...
Get Java Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.