Previous | Next | Trail Map | Security in JDK 1.2  | Quick Tour of Controlling Applications

See the Policy File Effects

Now that you have created the mypolicy policy file, you should be able to successfully read the specified properties when you execute the GetProps application with a security manager.

How To Specify Which Policy Files Should Be Loaded

As noted in the Quick Tour of Controlling Applets(in the Java Security 1.2 trail) lesson, whenever you run an applet, or an application with a security manager, the policy files that are loaded and used by default are the ones specified in the "security properties file", which is located at

    java.home/lib/security/java.security  (Solaris)
    java.home\lib/security\java.security  (Windows)
(Note: java.home indicates the directory into which the JDK was installed.)

There are two possible ways you can have the mypolicy file be considered as part of the overall policy, in addition to the policy files specified in the security properties file:

  1. Approach 1: Specify the additional policy file in a property passed to the interpreter, or
  2. Approach 2: Add a line in the security properties file specifying the additional policy file

Approach 1: Indicating a policy file in the command

You can use a "-Djava.security.policy" interpreter command-line argument to specify a policy file that should be used in addition to or instead of the ones specified in the security properties file.

Make sure you are in the directory containing GetProps.class and mypolicy. Then you can run the GetProps application and pass the mypolicy policy file to the interpreter by typing:

    java -Djava.security.manager -Djava.security.policy=mypolicy GetProps
(Recall that "-Djava.security.manager" is required in order to run an application with a security manager, as shown in the See How to Restrict Applications step.)

The program should report the values of the "user.home" and "java.home" properties.

If the application still reports an error, there must be something wrong in the policy file. Use the Policy Tool to check the policy entries you just created in the Set up the Policy File to Grant the Required Permissions step and change any typos or other errors.

Approach 2: Modifying the security properties file

You can specify a number of URLs (including ones of the form "http://") in policy.url.n properties in the security properties file, and all the designated policy files will get loaded.

So one way to have our mypolicy file's policy entries considered by the java interpreter is to add an entry specifying that policy file in the security properties file.

You created such an entry in the last part of the Quick Tour of Controlling Applets(in the Java Security 1.2 trail) lesson. If your security properties file still has that entry, proceed to Running the Application. Otherwise, you need to add the entry. To do so, open the security properties file in an editor suitable for editing an ASCII text file. Then add the following line after the line containing "policy.url.2":

If you're on a Windows system, add:
    policy.url.3=file:/C:/Test/mypolicy

If you're on a Solaris system, add:

    policy.url.3=file:${user.home}/test/mypolicy

Running the Application

Now you should be able to successfully run the following:
    java -Djava.security.manager GetProps

As with Approach 1, if you still get a security exception, there must be something wrong in the policy file. Use the Policy Tool to check the policy entries you just created in the Set up the Policy File to Grant the Required Permissions step and change any typos or other errors.


Important: Before continuing, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want the mypolicy file included when you are not running the tutorial lessons.


Previous | Next | Trail Map | Security in JDK 1.2  | Quick Tour of Controlling Applications