0

I want to load SecurityManager policy from file client.policy. I read that I could do it specifying -Djava.security.policy=client.policy. But I don't want to specify this in command line. I try to specify it in properties file. Actually my code throw exception. How could I read policy without command line arguments?

Here are fragments of my code:

prop.load(ClassLoader.getSystemResourceAsStream("config.properties"));
        prop.putAll(System.getProperties());//add Properties from command line

        RMISecurityManager rmi = new RMISecurityManager();
        if (System.getSecurityManager() == null) {
            System.setSecurityManager(rmi);
        }

        //Connect to server by RMIRegistry
        rmiRegistryAddress = prop.getProperty("rmi.registryaddress");
        logger.info("Klient: serwer szukany pod adresem: "+rmiRegistryAddress);
        ISerwer serwer = (ISerwer) Naming.lookup(rmiRegistryAddress + "/" + SERWER_REMOTE_OBJECT_NAME);

config.properties: 

    rmi.registryaddress = rmi://192.168.2.3:1099
    #java.rmi.server.codebase=http://...
    java.security.policy=client.policy

client.policy:

grant codeBase "file:src/" {
    permission java.security.AllPermission;
};

And exception:

java.security.AccessControlException: access denied ("java.net.SocketPermission" "192.168.2.3:1099" "connect,resolve") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) at java.security.AccessController.checkPermission(AccessController.java:559) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051) at java.net.Socket.connect(Socket.java:574) at java.net.Socket.connect(Socket.java:528) at java.net.Socket.(Socket.java:425) at java.net.Socket.(Socket.java:208) at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40) at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147) at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202) at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341) at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at java.rmi.Naming.lookup(Naming.java:101) at sr.warcaby.klient.Klient.run(Klient.java:88) at sr.warcaby.klient.Klient.main(Klient.java:73)

It appears that client.policy file is somehow not readed.

Second question: How to grant all permissions to local code? This path ("file:src/") not works. I want to set relative path.

Edit:

I have done some changes. Now program works but not as I want. It gives all permission to code from remote codebase but I want give only some permission to remote code.

Changes:

System.setProperties(prop);

grant codeBase "file:/-" { permission java.security.AllPermission; };

java.security.policy=src/main/resources/client.policy java.rmi.server.codebase=http://...somehttpaddress.../warcabycodebase-jar-with-dependencies.jar

Wojciech Kałuski
  • 192
  • 3
  • 10
  • I have one more problem. The client policy is working when I launch classes from Eclipse. But when I create jar that contains client.policy and when I run this jar, client.policy is not working. – Wojciech Kałuski Apr 29 '15 at 12:00

1 Answers1

0

There's nothing here that actually sets the contents of your .properties file as the system properties.

NB You need to set java.security.policy before you install the security manager.

And you don't need to install a security manager at all unless you are using the RMI codebase feature, with classes supplied by the server.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Do you have the codebase classes also available locally? If so, they won't be loaded from the codebase and willl have the corresponding permissions. – user207421 Apr 24 '15 at 23:31