All I'm trying to do is.. well lets make this simple.
Ultimately what i am trying to do is send an http request to
a page on another site (my code resides on
www.sevensoft.net and
i want it to basically open some sort of connection or socket to
www.livejournal.com). I've tried to simplify it so that all the code is trying to do
it just read data from that site. I can't even do that. I have
had this working on my local installation of apache&
tomcat then my hard drive died
I don't remember changing any security
priveledges to allow this access, but maybe full access is default, who knows..
Here is the code, now i know this isn't probably all right because i haven't gotten past the point of creating the PrintWriter.. but something similar has worked in the past..
and the username and pass are of course fake
, they would be
passed in dynamically anyways.. but i was hard coding to
test..
<%@ page import="java.net.*,java.io.*" %>
<%
String modeString = new String("");
String usernameString = "testuser";
String passwordString = "testpass";
modeString = "mode=login&user=" + usernameString + "&password=" + passwordString;
URL url = new URL("http://www.livejournal.com/cgi-bin/log.cgi");
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Host", "www.livejournal.com");
connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
connection.setRequestProperty("Content-length", Integer.toString(modeString.length()));
connection.setDoOutput(true);
out.println(connection.getPermission());
// SocketPermission p1 = new SocketPermission("www.livejournal.com:80", "connect,resolve");
PrintWriter outserver = new PrintWriter(connection.getOutputStream());
outserver.print(modeString);
outserver.close();
out.println(connection.getResponseCode());
BufferedReader in = new BufferedReader(
new InputStreamReader(
connection.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
out.println(inputLine);
in.close();
%>
thanks
-ken
Originally posted by Peter den Haan:
Originally posted by ken brooks:
[b]is there any way to programmatically set permissions or
can they only be set thru a policy file?
Well, yes and no and yes again.
Yes, because you can set a new security policy using java.security.Policy.setPolicy() (if of course your security permissions allow this). But this is probably not what you had in mind, and there's also the following problem:
No, because once your code has been loaded and assigned to its ProtectionDomain, there is no way to modify that protection domain and, say, dynamically add a SocketPermission to it; its PermissionCollection will have been marked read-only (see java.security.PermissionCollection).
Yes again, because depending on the problem at hand you might actually be able use code from a different JAR that
does have the required permission, and execute this code using java.security.AccessController.doPrivileged(). This the usual way of granting different permissions to different bits of code. If the permission needs to be granted for certain users only, you could use JAAS and doAsPrivileged(). In either case, you are using the normal, static, security policy file.
For a more helpful answer, please tell what the problem is you're trying to solve.
- Peter
PS. Shameless plug: the forthcoming Wrox book
Beginning Java Networking has a chapter on Java security.
[This message has been edited by Peter den Haan (edited September 10, 2001).][/B]
