• Post Reply Bookmark Topic Watch Topic
  • New Topic

Question about security policy  RSS feed

 
Leandro Melo
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
i got kinda confused about something i read, it's about jre.
Suppose i build a simple hello world app.
When i run it, i get my class loaded by the class loader, rigth?
After that, what are the next things called, i mean, the SecurityManager, the AccessController...?
So, is the SecurityManager always called (or i need to instanciate one if i want my app to have one)?
"who" actually reads my java.security file?
Thanks in advance,
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Leandro
hmmm
About class loader you are right. Classes are loaded by classloader and there could be multiple class loader objects to load various classes like the java api classes, classes in jre/lib/ext folder, classes in CLASSPATH etc...
I would recommend reading following links,
http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-specTOC.fm.html
http://java.sun.com/developer/TechTips/2000/tt0926.html
http://java.sun.com/developer/TechTips/2000/tt1128.html
To brief you about the picture,
- SecurityManager may be there or may not be there
- SecurityManager uses Policy file configuration to check permissions against,
- The code that wants to check permissions defined in the Policy file, uses some code like,
SecurityManager sm = System.getSecurityManager();
if ( sm != null ) {
check<<Permission>>(resourceName);
}
for e.g. if you look at the java.io.FileInputStream source you would see that in the constructor with File argument it has the similar code as above where it checks read access via checkRead() method call on the file object trying to be read. At this point, SecurityManager asks the Policy object if the requested permission is allowed for the object or not. If not then SecurityManager throws SecurityException saying "Access Denied"...
The java.security file is read by the PolicyFile object implemented in the JDK we have...look at java.security file's content and read comments to understand each entries...There you will see security.provider entries that are used to Provider these PolicyFile object and all..
So here I tried to explain relation between SecurityManager and Policy file but its really a broad topic to explain. So, please refer to the links I have given above and try to slowly grasp things...
If you get a chance read "Inside Java2 Platform Security" book by Li Gong..
Regards
Maulin
 
Leandro Melo
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much, you've already cleared out things for me!
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!