The JavaTM Tutorial
Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search

Trail: Security in Java 2 SDK 1.2
Lesson: Signing Code and Granting It Permissions

Observe the Restricted Application

The last part of the Quick Tour of Controlling Applications(in the Security in Java 2 SDK 1.2 trail) lesson shows how an application can be run under a security manager by invoking the interpreter with the new -Djava.security.manager command-line argument. But what if the application to be invoked resides inside a JAR file?

One of the interpreter options is the -cp (for class path) option, whereby you specify a search path for application classes and resources. Thus, for example, to execute the Count application inside the sCount.jar JAR file, specifying the file C:\TestData\data as its argument, you could type the following while in the directory containing sCount.jar:

java -cp sCount.jar Count C:\TestData\data
To execute the application with a security manager, simply add -Djava.security.manager, as in
java -Djava.security.manager -cp sCount.jar Count C:\TestData\data
When you run this command, you should get an exception.
Exception in thread "main" java.security.AccessControlException:
access denied (java.io.FilePermission C:\TestData\data read)
    at java.security.AccessControlContext.checkPermission(Compiled Code)
    at java.security.AccessController.checkPermission(Compiled Code)
    at java.lang.SecurityManager.checkPermission(Compiled Code)
    at java.lang.SecurityManager.checkRead(Compiled Code)
    at java.io.FileInputStream.(Compiled Code)
    at Count.main(Compiled Code)

This AccessControlException is reporting that the application does not have permission to read the file C:\TestData\data. This exception is raised because an application running under a security manager cannot read a file or access other resources unless it has explicit permission to do so.


Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search