The last part of the
Quick Tour of Controlling Applications lesson shows how an application can be run under a security manager by invoking the interpreter with the new -Djava.security.manager
command-line argument. But what if the application to be invoked resides inside a JAR file?
One of the interpreter options is the -cp
(for class path) option, that lets you specify a search path for application classes and resources. Therefore, to execute the Count
application inside the sCount.jar
JAR file, specifying the file C:\TestData\data
as its argument, you can type the following command while in the directory containing sCount.jar
:
java -cp sCount.jar Count C:\TestData\data
To execute the application with a security manager, add -Djava.security.manager
, as shown below:
java -Djava.security.manager -cp sCount.jar Count C:\TestData\data
Important: When you run this command, your Java interpreter will throw an exception shown below:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission C:\TestData\data read) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkRead(Compiled Code) at java.io.FileInputStream.<init>(Compiled Code) at Count.main(Compiled Code)
In this example, AccessControlException
reported that the count
application does not have permission to read the file C:\TestData\data
. Your interpreter raised this exception because it will not allow any application running under a security manager to read a file or to access other resources unless it has explicit permission to do so -- usually specified in a grant
statement contained in a policy
file.