Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

System.setSecurityManager()  RSS feed

 
Hari babu
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do we need to set the System.setSecurityManager() in the client which is calling the remote object ?
Thanks in advance
Hari
 
Michael Ernest
High Plains Drifter
Sheriff
Posts: 7292
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In short, because you have to.
Seriously, though, Java 2 requires the client role to 'acknowledge' that it is receiving untrusted code (in the form of a remote object) by installing a class that can manage the permissions
granted to the remote site.
Installing the security manager is just that; the mangement aspect. To make this do real work, you also need a policy file by which the manager knows what to do.
Permissions can be granted for a variety of aspects (file permissions, socket permissions, etc.) and can be set differently for each remote host. This is more complex than starting with all-access to all people, which Java 2 disallows as a default. At the same time, it guarantees that you won't unwittingly download code you aren't sure of -- unless of course you're using a client you've chosen to trust but is actually part of an attack scheme.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!