Lennart Jorelid A: The Security
Manager is the class maintaining the restrictions of the java virtual machine
sandbox. Simply put, it is a subclass of java.lang.SecurityManager that performs
runtime permission checking of sensitive operations. Such operations include
opening a network socket, reading or writing to the local hard drive, creating a
new SecurityManager, performing network multicast etc. The SecurityManager class
has a multitude of boolean checking methods, which have the form public boolean
checkXYZ([args...]);
All such security checking methods throws a SecurityException if the
respective permissions could not be granted. Thus, all code that relies on
sensitive method calls must be placed inside a try block. A code sample of a
class that shows the SecurityManager and usage of the checkXYZ methods is:
package security;
import java.awt.*;
import java.awt.event.*;
import java.applet.*;
import java.rmi.RMISecurityManager;
/**
* The SecurityTester class shows the name of the System
* SecurityManager class, and demonstrates the use of the
* checkXXX methods.
*
* @author Lennart Jörelid, jguru.com
*/
public class SecurityTester extends Applet
{
boolean isStandalone = false;
private TextArea txta;
// Constructor, in case we need to run as an application
public SecurityTester()
{
this.init();
}
// Init method, in case we need to run as an applet
public void init()
{
// Create all GUI objects
this.txta = new TextArea();
this.txta.setEditable(false);
// Set Layout of this applet
this.setLayout(new BorderLayout());
// Add GUI objects
this.add(BorderLayout.CENTER, this.txta);
this.runTest();
}
// Test the SecurityManager
public void runTest()
{
// Clear the textarea
txta.setText("");
// Get the SecurityManager of this application.
SecurityManager sm = System.getSecurityManager();
// Printout status information on this SecurityManager
if(sm == null)
{
this.log("System SecurityManager not set. [null]");
this.log("");
this.log("You are most likely running this class as an application.");
this.log("Thus, no SecurityManager tests can be done.");
return;
}
// This application has a set SecurityManager
this.log("System SecurityManager == " + sm.getClass().getName());
this.log("");
// Run a few tests, just to see some effect of the SecurityManager
this.log("Calling a few checkXXX methods:");
// CONNECT permission
try
{
sm.checkConnect("www.jguru.com", 80);
this.log("checkConnect("www.jguru.com", 80) := [OK]");
}
catch(SecurityException ex)
{
this.log("checkConnect("www.jguru.com", 80) := [Failed]");
this.log("" + ex);
}
// LISTEN permission
try
{
sm.checkListen(8901);
this.log("sm.checkListen(8901) := [OK]");
}
catch(SecurityException ex)
{
this.log("sm.checkListen(8901) := [Failed]");
this.log("" + ex);
}
// TOPLEVELWINDOW permission
try
{
Frame aFrame = new Frame(
"This is a Frame produced by the SecurityTester class.");
boolean result = sm.checkTopLevelWindow(aFrame);
aFrame.addWindowListener(new WindowAdapter()
{
public void windowClosing(WindowEvent ev)
{
Frame theFrame = (Frame) ev.getSource();
theFrame.setVisible(false);
theFrame.dispose();
}
});
aFrame.setSize(500, 200);
aFrame.setVisible(true);
if(result) this.log("sm.checkTopLevelWindow(<aFrame>) := [OK]");
else this.log("sm.checkTopLevelWindow(<aFrame>) := [OK; with warning]");
}
catch(SecurityException ex)
{
this.log("sm.checkTopLevelWindow(<aFrame>) := [Failed completely]");
this.log("" + ex);
}
}
public void log(String msg)
{
txta.append(msg + "
");
}
// Main method, to be used in the case we decide
// to run as an application
public static void main(String[] args)
{
// Create a new SecurityManager
System.setSecurityManager(new RMISecurityManager());
// Create the SecurityApplet
SecurityTester applet = new SecurityTester();
applet.isStandalone = true;
// Create a frame, and add the applet inside
Frame frame = new Frame();
frame.setTitle("Security Applet Frame");
frame.add(applet, BorderLayout.CENTER);
frame.setSize(400,320);
// Launch the applet.
applet.init();
// Register a "Kill" listener
frame.addWindowListener(new WindowAdapter()
{
public void windowClosing(WindowEvent ev)
{
System.exit(0);
}
});
// Center the frame on the screen, and show it.
Dimension d = Toolkit.getDefaultToolkit().getScreenSize();
frame.setLocation((d.width - frame.getSize().width) / 2,
(d.height - frame.getSize().height) / 2);
frame.setVisible(true);
}
}
|
The results of running the compiled applet through a few browsers are:
// Appletviewer
System SecurityManager == sun.applet.AppletSecurity
Calling a few checkXXX methods:
checkConnect("www.jguru.com", 80) := [Failed]
sun.applet.AppletSecurityException: checkconnect.networkhost1
sm.checkListen(8901) := [OK]
sm.checkTopLevelWindow(<aFrame>) := [OK; with warning] |
// Internet Explorer 5
System SecurityManager == com.ms.security.StandardSecurityManager
Calling a few checkXXX methods:
checkConnect("www.jguru.com", 80) := [Failed]
com.ms.security.SecurityExceptionEx[security/SecurityTester.runTest]:
cannot connect to "www.jguru.com"
sm.checkListen(8901) := [Failed]
com.ms.security.SecurityExceptionEx[security/SecurityTester.runTest]:
cannot access 8901
sm.checkTopLevelWindow(<aFrame>) := [OK; with warning] |
// Netscape 4.7
System SecurityManager == netscape.security.AppletSecurity
Calling a few checkXXX methods:
checkConnect("www.jguru.com", 80) := [Failed]
netscape.security.AppletSecurityException: security.Couldn't connect
to 'www.jguru.com' with origin from 'egghead.jguru.se'.
sm.checkListen(8901) := [OK]
sm.checkTopLevelWindow(<aFrame>) := [OK; with warning] |
Comment and Contribute
