It's well known that Java platform applications are safe due to its security features. The security policy prevents any Java application from writing to files, creating network connections or accessing printers without permission. There are tools such as keytool, jarsigner and policytool to manage security. The keytool creates public/ private keys and issues certificate requests; jarsigner generates and verifies JAR signatures and policytool manages policy files via a GUI-based tool. JSSE and JAAS form essential parts of the Java security API. JSSE (Java Secure Sockets Extension) communicates with an SSL server or SSL client and JAAS (Java Authentication and Authorization Service) provides user authentication.
Applets execute inside the Java sandbox security model and, by default, cannot directly write, read or delete a file. We will demonstrate how an applet can overcome this and access system resources through policytool. You will need jdk1.2 or higher installed for the purpose. We have given an applet example (AppPolicy.java) on the PCQEssential CD.
|
Our code writes to a file on the hard disk. Sample code is given below.
import java.applet.*;
import java.io.*;
.
public class AppPolicy extends Applet
{
String myFile = "write";
File f = new File(myFile);
.
public void paint(Graphics g)
{
try {
dos=new DataOutputStream (new BufferedOutputStream (new FileOut putStream(myFile),128));
}
catch (SecurityException e) {
.
}
}
The file is created using BufferedOutputStream class.
Create a folder appletpolicy in C:\. Copy AppPolicy.java in the appletpolicy folder. Compile the Java file.
Write an HTML file shown below and save it as app_policy.html in appletpolicy folder.
Go to the command prompt and then to the appletpolicy folder. When you run the below command to run the applet, a security exception will be thrown.
appletviewer app_policy.html
Now, let us how to use the policytool to create a policy that would let our Java applet write to files on the hard disk. The process involves locating the file, setting permissions on it, saving the policy file, and finally running the applet with the enabled policy as given in steps 1—5.
You can similarly create permissions to access network resources, create socket connections, perform SQL queries, use AWT and set up authorization permissions.
|
Sushil Oswal