Trail: Security Features in Java SE
Lesson: Signing Code and Granting It Permissions
Steps for the Code Receiver
« PreviousTOCNext »
Signing Code and Granting It Permissions
Steps for the Code Signer
Download and Try the Sample Application
Create a JAR File Containing the Class File
Generate Keys
Sign the JAR File
Export the Public Key Certificate
Steps for the Code Receiver
Observe the Restricted Application
Import the Certificate as a Trusted Certificate
Set Up a Policy File to Grant the Required Permission
Start Policy Tool
Specify the Keystore
Add a Policy Entry with a SignedBy Alias
Save the Policy File
See the Policy File Effects

In this lesson, you will act as the receiver of the signed jar file containing the count.class file. It was signed by Susan. It requests access to your system resources on your system that it normally would not have permission to access.

This procedure requires you to perform the following steps listed below. See the figure below for a flowchart.

  1. Observe the Restricted Application. This application will not be able to access your system resources until you import Susan's certificate and create a policy file.

  2. Import Susan's certificate as a trusted certificate using the keytool -import command, and give it the alias susan.

  3. Set up a policy file to grant permission for the count application signed by susan to read the specified file on your system.

  4. Test your reconfigured count application to verify that with a trusted certificate and access to your new policy file that grants it permission to read files on your system, count can now read your data file.

Steps for Receiving Code
This figure has been reduced to fit on the page.
Click the image to view it at its natural size.

Previous page: Export the Public Key Certificate
Next page: Observe the Restricted Application