...
| Code Block | ||
|---|---|---|
| ||
// grant the klib library AllPermission grant codebase ""file:${klib.home}/j2se/home/klib.jar"" { permission java.security.AllPermission; }; |
...
| Code Block | ||
|---|---|---|
| ||
grant codeBase ""file:${klib.home}/j2se/home/klib.jar"", signedBy "Admin""Admin" { permission java.io.FilePermission ""/tmp/*"", "read""read"; permission java.io.SocketPermission "*""*", "connect";"connect"; }; |
To check whether the caller has the requisite permissions, standard Java APIs use code such as:
| Code Block |
|---|
//security manager code perm = new java.io.FilePermission(""/tmp/JavaFile","read"","read"); AccessController.checkPermission(perm); //other code |
...
| Code Block |
|---|
// Standard extensions extend the core platform and get all permissions by default grant codeBase ""file:${{java.ext.dirs}}/*"" { permission java.security.AllPermission; }; |
...
ENV02-J. Create a secure sandbox using a Security Manager 01. Runtime Environment (ENV) ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks