Java Application Security

It's well known that Java platform applications are safe due to its security features. The security policy prevents any Java application from writing to files, creating network connections or accessing printers without permission. There are tools such as keytool, jarsigner and policytool to manage security. The keytool creates public/ private keys and issues certificate requests; jarsigner generates and verifies JAR signatures and policytool manages policy files via a GUI-based tool. JSSE and JAAS form essential parts of the Java security API. JSSE (Java Secure Sockets Extension) communicates with an SSL server or SSL client and JAAS (Java Authentication and Authorization Service) provides user authentication. 

Applets execute inside the Java sandbox security model and, by default, cannot directly write, read or delete a file. We will demonstrate how an applet can overcome this and access system resources through policytool. You will need jdk1.2 or higher installed for the purpose. We have given an applet example (AppPolicy.java) on the PCQEssential CD. 

Our code writes to a file on the hard disk. Sample code is given below. 

import java.applet.*; 



import java.io.*; 


.


public class AppPolicy extends Applet 


{ 


String myFile = "write"; 


File f = new File(myFile); 


.


public void paint(Graphics g) 


{ 


try { 


dos=new DataOutputStream (new BufferedOutputStream (new FileOut putStream(myFile),128)); 


}


catch (SecurityException e) { 


.


}


}

The file is created using BufferedOutputStream class. 

Create a folder appletpolicy in C:\. Copy AppPolicy.java in the appletpolicy folder. Compile the Java file. 

Write an HTML file shown below and save it as app_policy.html in appletpolicy folder. 

Go to the command prompt and then to the appletpolicy folder. When you run the below command to run the applet, a security exception will be thrown.

appletviewer app_policy.html

Now, let us how to use the policytool to create a policy that would let our Java applet write to files on the hard disk. The process involves locating the file, setting permissions on it, saving the policy file, and finally running the applet with the enabled policy as given in steps 1—5.

You can similarly create permissions to access network resources, create socket connections, perform SQL queries, use AWT and set up authorization permissions.

1. The java.io.FilePermission exception because of our previous command. Close this applet window and type in 'policytool' at the command prompt to open the GUI-based policy tool 2. The default policy file is named 'java.policy'. Click on OK to ignore error. Click on 'Add Policy Entry' to create a new policy. In the CodeBase text field, type in file:/c:/appletpolicy. Click on 'Add Permission' button 3. From the permission drop down, select 'File Permission', select 'All Files' under Target Name and 'Write' under Actions. Click on OK and then Done. On the Policy Tool window, select the 'Codebase file:/c:/appletpolicy' item, save it in appletpolicy folder and exit 4. Run the command 'appletviewer -J-Djava.security.policy=policy app_pol.html' from the appletpolicy folder. An applet window will open, displaying 'The file write has been created'. The file 'Write' will be created in the appletpolicy folder

Sushil Oswal