Signing Code and Granting It Permissions [Tools] |
In the previous steps, you created an entry in theraypolicy
policy file granting code signed by "susan" permission to read files from theC:\TestData\
directory (or thetestdata
directory in your home directory if you're working on Solaris). Now you should be able to successfully execute theCount
program to read and count the characters in a file from the specified directory, even when you run the application with a security manager.As described at the end of the Quick Tour of Controlling Applets lesson, there are two possible ways you can have the
raypolicy
file be considered as part of the overall policy, in addition to the policy files specified in the security properties file:
- Approach 1: Specify the additional policy file in a property passed to the runtime system, or
- Approach 2: Add a line in the security properties file specifying the additional policy file
Approach 1: Indicating a policy file in the interpreter call
You can use a"-Djava.security.policy"
command-line argument to specify a policy file that should be used in addition to or instead of the ones specified in the security properties file.To run the
Count
application and have theraypolicy
policy file included, type the following (while in the directory containing thesCount.jar
andraypolicy
files):java -Djava.security.manager -Djava.security.policy=raypolicy -cp sCount.jar Count C:\TestData\dataThe program should report the number of characters in the specified file.
If it still reports an error, there must be something wrong in the policy file. Use the Policy Tool to check the permission you just created in the previous step and change any typos or other errors.
Approach 2: Modifying the security properties file
You can specify a number of URLs (including ones of the form "http://") inpolicy.url.n
properties in the security properties file, and all the designated policy files will get loaded.So one way to have your
raypolicy
file's policy entries considered by the interpreter is to add an entry indicating that file in the security properties file.The security properties file is located at
Important: If you are running your own copy of the JDK, you can easily edit your security properties file, as described below. If you are running a version shared with others, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it's probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test; we suggest that you just read the following to see how it's done, or that you install your own private version of the JDK to use for the tutorial lessons.
java.home\lib/security\java.security(wherejava.home
indicates the directory into which the JDK was installed).To modify the security properties file, open it in an editor suitable for editing an ASCII text file. Then add the following line after the line starting with
"policy.url.2"
:policy.url.3=file:/C:/Test/raypolicyNext, in your command window:
- Go to the directory containing the
sCount.jar
file, that is, theC:\Test
directory.
- Type the following:
java -Djava.security.manager -cp sCount.jar Count C:\TestData\dataAs with Approach 1, if the program still reports an error, there must be something wrong with the policy file. Use the Policy Tool to check the permission you just created in the previous step and change any typos or other errors.
Important: Before continuing, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want theraypolicy
file included when you are not running the tutorial lessons.
Signing Code and Granting It Permissions [Tools]