• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how do we grant a code certain permissions?

 
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello

Lets say i have 2 directories... one that is classified as a server directory, and another as client!



i want both to be able to make connections freely!

now if a file in the client directory is trying to access a file in the server directory, shouldn't it be prevented from doing so since I'm not explicitly letting it access the file system?

(baring in mind that files running in the client dir. will be on a different VM to those running from the server dir.)

When the server is started, a security manager is installed...

Thank you
HannaH
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

now if a file in the client directory is trying to access a file in the server directory, shouldn't it be prevented from doing so since I'm not explicitly letting it access the file system?


That depends on the security manager being used by the client. If this is a desktop application then by default no security manager is active, and the application can do what it wants.
 
H Melua
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, both the server and the client install the security manager in their main methods... and they have access to the same policy file!
(I know i can seperate them, but for simplicity i'm leaving it like that, especially that i'm not granting either more than the other!)

but why would it depend on the client? the client file will be running inside the server's compute engine (i.e. the server will download the file into its VM), which means the policy implemented by the server should control what the client can access?

I dont know if i'm making any sense?

Thanks a lot
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Now I'm confused. Didn't you earlier say that the client and the server run in different JVMs?
 
H Melua
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well they start on different machines!

I shouldnt have said that , because the main intereste is in what happens when the server runs the client code!
 
Bartender
Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

H Melua:
because the main intereste is in what happens when the server runs the client code!



Its strange that this sounds interesting to you.
I dont have any idea what are you trying to do, but, if your server is running client code then there is something hopelessly wrong in your design/terminology.

Regarding the permissions, are you specifying an "additional" policy file using the VM parameter:
java.security.policy

If this is the case, then have you provided some permissions in the default java policy file to all codebases?

What is it that you expect to fail and it is not failing? Can you provide us the code that you expect to fail?
 
H Melua
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I didn't say its interesting

I said my main interest, or what I'm interested in knowing... or i have to know!!

You see its an RMI program, the server is a compute engine that performs Task computation for clients, and so if we want to find two very large prime numbers, we often cant use the regular computers since they aren't powerful enough! So we make a powerful machine do the work for us and send the results back...

I'm using the default Java.policy in my user directory, just editing that one.. and no i didnt change the default one at all other than the few statements i quoted in my first post...

One of the tasks which originates from the client directory attempts to access the file system, and since I only gave the codebase in that directory to access the network, i thought it should have failed accessing anything else! (i.e. the file system!)

Here is the client code

<blockquote>code:
<pre name="code" class="core"> package client;

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import compute.Compute;
import java.io.*;

public class ComputeFile {
public static void main(String args[]) {
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
try {
String name = "Compute";
Registry registry = LocateRegistry.getRegistry(args[0]);
Compute comp = (Compute) registry.lookup(name);
File1 task = new File1();
File f = comp.executeTask(task);
System.out.println(f);
} catch (Exception e) {
System.err.println("ComputeFile exception:");
e.printStackTrace();
}
}
}
</pre>
</blockquote>

The class File1 is simply a normal class that attempts to read the file system system using FileInputStream class...

Thanks for your patience
HannaH
 
Would you turn that thing down? I'm controlling a mind here! Look ... look at the tiny ad ...
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic