This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

access denied java.net.SocketPermission  RSS feed

 
ken brooks
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is there any way to programmatically set permissions or
can they only be set thru a policy file?
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by ken brooks:
is there any way to programmatically set permissions or
can they only be set thru a policy file?
Well, yes and no and yes again.
Yes, because you can set a new security policy using java.security.Policy.setPolicy() (if of course your security permissions allow this). But this is probably not what you had in mind, and there's also the following problem:
No, because once your code has been loaded and assigned to its ProtectionDomain, there is no way to modify that protection domain and, say, dynamically add a SocketPermission to it; its PermissionCollection will have been marked read-only (see java.security.PermissionCollection).
Yes again, because depending on the problem at hand you might actually be able use code from a different JAR that does have the required permission, and execute this code using java.security.AccessController.doPrivileged(). This the usual way of granting different permissions to different bits of code. If the permission needs to be granted for certain users only, you could use JAAS and doAsPrivileged(). In either case, you are using the normal, static, security policy file.
For a more helpful answer, please tell what the problem is you're trying to solve.
- Peter
PS. Shameless plug: the forthcoming Wrox book Beginning Java Networking has a chapter on Java security.
[This message has been edited by Peter den Haan (edited September 10, 2001).]
 
ken brooks
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All I'm trying to do is.. well lets make this simple.
Ultimately what i am trying to do is send an http request to
a page on another site (my code resides on www.sevensoft.net and
i want it to basically open some sort of connection or socket to www.livejournal.com).
I've tried to simplify it so that all the code is trying to do
it just read data from that site. I can't even do that. I have
had this working on my local installation of apache&tomcat then my hard drive died I don't remember changing any security
priveledges to allow this access, but maybe full access is default, who knows..
Here is the code, now i know this isn't probably all right because i haven't gotten past the point of creating the PrintWriter.. but something similar has worked in the past..
and the username and pass are of course fake , they would be
passed in dynamically anyways.. but i was hard coding to test..
<%@ page import="java.net.*,java.io.*" %>
<%
String modeString = new String("");
String usernameString = "testuser";
String passwordString = "testpass";
modeString = "mode=login&user=" + usernameString + "&password=" + passwordString;

URL url = new URL("http://www.livejournal.com/cgi-bin/log.cgi");
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Host", "www.livejournal.com");
connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
connection.setRequestProperty("Content-length", Integer.toString(modeString.length()));
connection.setDoOutput(true);
out.println(connection.getPermission());
// SocketPermission p1 = new SocketPermission("www.livejournal.com:80", "connect,resolve");
PrintWriter outserver = new PrintWriter(connection.getOutputStream());
outserver.print(modeString);
outserver.close();
out.println(connection.getResponseCode());
BufferedReader in = new BufferedReader(
new InputStreamReader(
connection.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
out.println(inputLine);
in.close();
%>
thanks
-ken

Originally posted by Peter den Haan:
Originally posted by ken brooks:
[b]is there any way to programmatically set permissions or
can they only be set thru a policy file?
Well, yes and no and yes again.
Yes, because you can set a new security policy using java.security.Policy.setPolicy() (if of course your security permissions allow this). But this is probably not what you had in mind, and there's also the following problem:
No, because once your code has been loaded and assigned to its ProtectionDomain, there is no way to modify that protection domain and, say, dynamically add a SocketPermission to it; its PermissionCollection will have been marked read-only (see java.security.PermissionCollection).
Yes again, because depending on the problem at hand you might actually be able use code from a different JAR that does have the required permission, and execute this code using java.security.AccessController.doPrivileged(). This the usual way of granting different permissions to different bits of code. If the permission needs to be granted for certain users only, you could use JAAS and doAsPrivileged(). In either case, you are using the normal, static, security policy file.
For a more helpful answer, please tell what the problem is you're trying to solve.
- Peter
PS. Shameless plug: the forthcoming Wrox book Beginning Java Networking has a chapter on Java security.
[This message has been edited by Peter den Haan (edited September 10, 2001).][/B]

 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!