devxlogo

Installing an RMI Security Manager

Installing an RMI Security Manager

hen you write distributed programs with RMI, you want to restrict theactions performed by remotely loaded classes. Otherwise, you mayinadvertently allow unsecure code to access private systemresources. You can secure your program by installing a securitymanager. By default, an RMI program does not have a security managerinstalled, and no restrictions are placed on remotely loaded objects.

The java.rmi package provides a default security managerimplementation that you can install with the following code:

if(System.getSecurityManager() == null) {     System.setSecurityManager(new RMISecurityManager());  }

You can also create your own security manager implementations toenforce custom security policies. In Java 2, the RMISecurityManagerclass requires that you specify a security policy file at runtimeby defining a value for the java.security.policy property:

java -Djava.security.policy=policyfilename

Java looks for a system-wide policy file injava.home/lib/security/java.policy, where java.home is the directorywhere the JDK or JRE is installed. If you do not specify a securitypolicy file, the JVM also looks for a user-defined policy file inuser.home/.java.policy, where user.home is a user’s homedirectory.

The policy file syntax is described in thedocs/guide/security/PolicyFiles.html file that is included with theJDK 1.2 documentation. A sample policy file that grants full accesspermissions to everyone looks like:

grant {  permission java.security.AllPermission;};

Policy files are used to grant permissions, represented by thePermission classes in the java.security package, to sets of classes oraccess grants to specific resources. To specify a policy file withoutlearning its syntax, you can use the policytool program that isincluded with the JDK.

devx-admin

Share the Post: