The last part of the Quick Tour of Controlling Applications lesson shows how an application can be run under a security manager by invoking the interpreter with the new-Djava.security.manager
command-line argument. But what if the application to be invoked resides inside a JAR file?One of the interpreter options is the
-cp
(for class path) option, that lets you specify a search path for application classes and resources. Therefore, to execute theCount
application inside thesCount.jar
JAR file, specifying the fileC:\TestData\data
as its argument, you can type the following command while in the directory containingsCount.jar
:To execute the application with a security manager, addjava -cp sCount.jar Count C:\TestData\data-Djava.security.manager
, as shown below:java -Djava.security.manager -cp sCount.jar Count C:\TestData\data
Important: When you run this command, your Java interpreter will throw an exception shown below:Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission C:\TestData\data read) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkRead(Compiled Code) at java.io.FileInputStream.(Compiled Code) at Count.main(Compiled Code) In this example,
AccessControlException
reported that thecount
application does not have permission to read the fileC:\TestData\data
. Your interpreter raised this exception because it will not allow any application running under a security manager to read a file or to access other resources unless it has explicit permission to do so -- usually specified in agrant
statement contained in apolicy
file.