Running Secure Applications

In Chapter 1 we showed how JavaRunner and the Launcher can be used to run a Java application. Now that we have the final piece of the security policy story, we can put everything together and show how the policy applies to these applications.

The Secure JavaRunner Program

Running a program securely under the auspices of JavaRunner requires that we modify that program to accept a security manager:

public class JavaRunner implements Runnable {
	.. other methods are unchanged ..

	public static void main(String args[])
									throws ClassNotFoundException {
		Class self = Class.forName("JavaRunner");
		System.setSecurityManager(new JavaRunnerManager());
		JavaRunnerLoader jrl = new JavaRunnerLoader(
									args[0], self.getClassLoader());
		ThreadGroup tg = jrl.getThreadGroup();
		Thread t = new Thread(tg,
				new JavaRunner(jrl, args[1], getArgs(args)));
		t.start();
		try {
			t.join();
		} catch (InterruptedException ie) {
			System.out.println("Thread was interrupted");
		}
	}
}

This single-line change installs a security manager for us; the security manager provides the security policy for the target application. Because our security manager defers most of its checks to the access controller, we must have appropriate java.policy files somewhere (unless, of course, we have installed a different default Policy class). If these policy files are in the default locations ($JAVAHOME/lib/security/java.policy and $HOME/.java.policy), no other steps are necessary. If that file is somewhere else, you must ...

Get Java Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Java Security by

Running Secure Applications

The Secure JavaRunner Program

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly