Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Installing an RMI Security Manager

By default, an RMI program does not have a security manager installed, and no restrictions are placed on remotely loaded objects. The java.rmi package provides a default security manager implementation that you can install or you can write your own.


advertisement
hen you write distributed programs with RMI, you want to restrict the actions performed by remotely loaded classes. Otherwise, you may inadvertently allow unsecure code to access private system resources. You can secure your program by installing a security manager. By default, an RMI program does not have a security manager installed, and no restrictions are placed on remotely loaded objects.

The java.rmi package provides a default security manager implementation that you can install with the following code:

if(System.getSecurityManager() == null) { System.setSecurityManager(new RMISecurityManager()); }

You can also create your own security manager implementations to enforce custom security policies. In Java 2, the RMISecurityManager class requires that you specify a security policy file at runtime by defining a value for the java.security.policy property:


java -Djava.security.policy=policyfilename

Java looks for a system-wide policy file in java.home/lib/security/java.policy, where java.home is the directory where the JDK or JRE is installed. If you do not specify a security policy file, the JVM also looks for a user-defined policy file in user.home/.java.policy, where user.home is a user's home directory.

The policy file syntax is described in the docs/guide/security/PolicyFiles.html file that is included with the JDK 1.2 documentation. A sample policy file that grants full access permissions to everyone looks like:

grant { permission java.security.AllPermission; };

Policy files are used to grant permissions, represented by the Permission classes in the java.security package, to sets of classes or access grants to specific resources. To specify a policy file without learning its syntax, you can use the policytool program that is included with the JDK.



   
Daniel F. Savarese holds a B.S. in astronomy and an M.S. in computer science, both from the University of Maryland, College Park. He is the author of the OROMatcher regular expression library for Java. Reach him here.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap