Writing Advanced Applications, Chapter 10: Writing a Security Manager

Training Index

Writing Advanced Applications
Chapter 10 Continued: Writing a Security Manager

[<<BACK] [CONTENTS] [NEXT>>]

A security manager is a Java^TM virtual machine (VM) object that implements a security policy. By default, the Java 2® platform software provides a security manager that disallows all access to local system resources apart from read access to the directory and its subcirectories where the program is invoked.

You can extend the default security manager to implement customized verifications and approvals for applets and applications, but the implementation must include the appropriate access verification code for every checkXXX method you override. If you do not include this code, no access verfication check happens, and your code breaches the system security policy.

This section uses an example application to explain how to write a custom security manager that prompts the end user for password identification before reading from and writing to specific files. The implementation includes access verification code so once the end user makes it through the password check, he or she still needs the file read and write permissions in their policy file.

The example consists of the FileIO application, and the PasswordSecurityManager program that provides the custom security manager implementation.

The FileIO Program
The PasswordSecurityManager Program
Run The FileIO Program
Reference Information

The FileIO Program

The FileIO program displays a simple user interface and asks the end user to enter some text. When the end user clicks the Click Me button, the text is saved to a file in the end user's home directory, and a second file is opened and read. The text read from the second file is displayed to the end user.

Before Button Click

After Button Click

The custom security manager for this program prompts the end user to enter a password before it allows FileIO to write text to or read text from a file. The main method of FileIO creates a custom security manager called PasswordSecurityManager.

public static void main(String[] args){
  BufferedReader buffy = new BufferedReader(
      new InputStreamReader(System.in));
  try {
    System.setSecurityManager(
      new PasswordSecurityManager("pwd", buffy));
  } catch (SecurityException se) {
    System.err.println("SecurityManager already set!");
  }

The PasswordSecurityManager Class

The PasswordSecurityManager class declares two private instance variables, which are initialized by the constructor when the custom security manager is installed. The password instance variable contains the actual password, and the buffy instance variable is an input buffer that stores the end user's password input.

public class PasswordSecurityManager 
               extends SecurityManager{

 private String password;
 private BufferedReader buffy;

 public PasswordSecurityManager(String p, 
          BufferedReader b){
   super();
   this.password = p;
   this.buffy = b;
 }

The accessOK method prompts the end user for a password, verifies the password, and returns true if the password is correct and false if it is not.

private boolean accessOK() {
  int c;
  String response;

  System.out.println("Password, please:");
  try {
    response = buffy.readLine();
    if (response.equals(password))
      return true;
    else
      return false;
  } catch (IOException e) {
    return false;
  }
}

Verify Access

The SecurityManager parent class provides methods to verify file system read and write access. The checkRead and checkWrite methods each have a version that accepts a String and another verion that accepts a file descriptor.

This example overrides only the String versions to keep the example simple, and because the FileIO program accesses directories and files as Strings.

public void checkRead(String filename) {
  if((filename.equals(File.separatorChar + "home" + 
	File.separatorChar + "monicap" + 
	File.separatorChar + "text2.txt"))){
  if(!accessOK()){
    super.checkRead(filename);
    throw new SecurityException("No Way!");
  } else {
    FilePermission perm = new FilePermission(
      File.separatorChar + "home" +
      File.separatorChar + "monicap" + 
      File.separatorChar + "text2.txt", "read");
      checkPermission(perm);
      }
   }
}

public void checkWrite(String filename) {
  if((filename.equals(File.separatorChar + "home" + 
		 File.separatorChar + "monicap" + 
		 File.separatorChar + "text.txt"))){
    if(!accessOK()){
      super.checkWrite(filename);
      throw new SecurityException("No Way!");
    } else {
      FilePermission perm = new FilePermission(
		File.separatorChar + "home" + 
		File.separatorChar + "monicap" + 
		File.separatorChar + "text.txt" , 
		"write");
            checkPermission(perm);
      }
    }
  }
}

The checkWrite method is called before the end user input is written to the output file. This is because the FileOutputStream class calls SecurityManager.checkWrite first.

The custom implementation for SecurityManager.checkWrite tests for the pathname /home/monicap/text.txt, if true prompts the end user for the password. If the password is correct, the checkWrite method performs the access check by creating an instance of the required permission and passing it to the SecurityManager.checkPermission method. This check will succeed if the security manager finds a system, user, or program policy file with the specified permission. Once the write operation completes, the end user is prompted for the password two more times. The first time to read the /home/monicap directory, and the second time to read the text2.txt file. An access check is performed before the read operation takes place.

Policy File

Here is the policy file the FileIO program needs for its read and write operations. It also grants permission to the custom security manager to access the event queue on behalf of the application and show the application window without the warning banner.

grant {
  permission java.io.FilePermission 
        "${user.home}/text.txt", "write";
  permission java.util.PropertyPermission 
	"user.home", "read";
  permission java.io.FilePermission 
	"${user.home}/text2.txt", "read";
  permission java.awt.AWTPermission 
	"accessEventQueue";
  permission java.awt.AWTPermission 
	"showWindowWithoutWarningBanner";
};

Run the FileIO Program

Here is how to run the FileIO program with the policy file:

 java -Djava.security.policy=polfile FileIO

Reference Information

Appendix A: Security and Permissions describes the available permissions and explains the consequences of granting permissions. One way to use this information is to help you limit what permissions a given applet or application might need to successfully execute. Another way to use this information is to educate yourself on the ways in which a particular permission can be exploited by malicious code.

Appendix B: Classes, Methods, and Permissions provides lists of Java 2 platform software methods that are implemented to perform security access checks, the permission each requires, and the java.security.SecurityManager method called to perform the access check.

You can use this reference to write your own security manager implementations or when you implement abstract methods that perform security-related tasks.

Appendix C: SecurityManager Methods lists the permissions checked for by the SecurityManager methods.

[TOP]

[ This page was updated: 13-Oct-99 ]

Glossary - Applets - Tutorial - Employment - Business & Licensing - Java Store - Java in the Real World

FAQ | Feedback | Map | A-Z Index

For more information on Java technology
and other software from Sun Microsystems, call:
(800) 786-7638
Outside the U.S. and Canada, dial your country's AT&T Direct Access Number first.