I want to load SecurityManager policy from file client.policy. I read that I could do it specifying -Djava.security.policy=client.policy. But I don't want to specify this in command line. I try to specify it in properties file. Actually my code throw exception. How could I read policy without command line arguments?
Here are fragments of my code:
prop.load(ClassLoader.getSystemResourceAsStream("config.properties"));
prop.putAll(System.getProperties());//add Properties from command line
RMISecurityManager rmi = new RMISecurityManager();
if (System.getSecurityManager() == null) {
System.setSecurityManager(rmi);
}
//Connect to server by RMIRegistry
rmiRegistryAddress = prop.getProperty("rmi.registryaddress");
logger.info("Klient: serwer szukany pod adresem: "+rmiRegistryAddress);
ISerwer serwer = (ISerwer) Naming.lookup(rmiRegistryAddress + "/" + SERWER_REMOTE_OBJECT_NAME);
config.properties:
rmi.registryaddress = rmi://192.168.2.3:1099
#java.rmi.server.codebase=http://...
java.security.policy=client.policy
client.policy:
grant codeBase "file:src/" {
permission java.security.AllPermission;
};
And exception:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "192.168.2.3:1099" "connect,resolve") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) at java.security.AccessController.checkPermission(AccessController.java:559) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051) at java.net.Socket.connect(Socket.java:574) at java.net.Socket.connect(Socket.java:528) at java.net.Socket.(Socket.java:425) at java.net.Socket.(Socket.java:208) at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40) at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147) at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202) at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341) at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at java.rmi.Naming.lookup(Naming.java:101) at sr.warcaby.klient.Klient.run(Klient.java:88) at sr.warcaby.klient.Klient.main(Klient.java:73)
It appears that client.policy file is somehow not readed.
Second question: How to grant all permissions to local code? This path ("file:src/") not works. I want to set relative path.
Edit:
I have done some changes. Now program works but not as I want. It gives all permission to code from remote codebase but I want give only some permission to remote code.
Changes:
System.setProperties(prop);
grant codeBase "file:/-" {
permission java.security.AllPermission;
};
java.security.policy=src/main/resources/client.policy
java.rmi.server.codebase=http://...somehttpaddress.../warcabycodebase-jar-with-dependencies.jar