0

I am testing Java Security Manager in a simple java application.

I write the properties "user.home", "user.info".

I read the properties "user.home", "user.info".

I set a policy file that ALLOWS read/write on "user.home", "user.info".

I start a Security Manager

I should still be able to read/write "user.home", "user.info" as policy files gives the permission.

But I get a security exception.

What is wrong?

My Java code is:

import java.security.AccessControlException;

public class TestSecurityManager {


final static String securityPolicyFile = "properties_permissions.policy"; 


public static void main(String[] args) {

    System.setProperty("user.info", "123456");
    System.out.println("user.info is : " + System.getProperty("user.info"));

    // Enable the security manager
    try {
        System.out.println("***");
        System.out.println("Setting policy file");
        System.out.println("***");
        System.setProperty(securityPolicyFile, securityPolicyFile);
        System.out.println("***");

        System.out
                .println("Security manager is STILL disabled, "
                        + "read/write access to \"user.info\" system property "
                        + "is allowed"
                        );
        System.out.println("***");
        System.setProperty("user.info", "123456");
        System.out.println("user.info is : " + System.getProperty("user.info"));
        //
        System.out.println("***");
        System.out.println("Setting Security manager");
        System.out.println("***");

        SecurityManager securityManager = new SecurityManager();
        System.setSecurityManager(securityManager);
    } catch (SecurityException se) {

    try {

        System.setProperty("user.info", "123456");
    } catch (AccessControlException acew) {

        System.out.println("!!!Write access to the user.info system property is not allowed!");
    }

    try {

        System.out.println("user.info is : " + System.getProperty("user.info"));
    } catch (AccessControlException acer) {

        System.out.println("Read access to the user.info system property is not allowed!");
    }

}
    }

My policy File:

grant {
  permission java.util.PropertyPermission "user.home", "read";
  permission java.util.PropertyPermission "user.info", "write";
};

xxx

Tamara Koliada
  • 1,200
  • 2
  • 14
  • 31
Tarek EZZAT
  • 333
  • 1
  • 5
  • 15

1 Answers1

0

You're not setting the security policy system property correctly. It should be:

System.setProperty("java.security.policy", securityPolicyFile);

If it still doesn't work after setting this, turn on debug with the -Djava.security.debug=policy flag and check that the file is being read correctly. You should see a line like this:

policy: reading file:/path/to/your/properties_permissions.policy

teppic
  • 7,051
  • 1
  • 29
  • 35